April 2017 Container Newsletter.

Hello from all of us here at Sysdig! Quite a few things happened in the last weeks, first KubeCon/CloudNative EU in Berlin and just last week DockerCon in Austin. That’s why we have aggregated our March and April into a slightly longer newsletter than usual, covering also these 2 events. We hope you enjoy this! Ping us at @sysdig or on our open source slack group #sysdig to share anything you feel we should include here, we are looking forward your contributions!



Just last week, Docker run its annual conference in Austin (Texas) with around 5500 attendees. A few interesting announcements from DockerCon:

– Docker as the upstream open source project has been renamed to Moby, and from now on Docker will refer exclusively to the commercial versions (well, binary versions because Docker community edition will still be called Docker. Confusing, but we saw it before with the RHEL/Fedora/CentOS split, similarly now we got Docker EE/Docker CE/Moby). Further discussion here.

LinuxKit, a project by Docker providing a framework to build Linux based operating system as a host for running containers. Quite cool although there is some overlapping with CoreOS and RancherOS. – Videos of the talks are not yet online, will keep you posted when available but Docker has already published their highlights of the event: Day 1 and Day 2.



Back in the end of March, with 1200+ attendees and over 100 sessions, this was the first massive Kubernetes event in Europe. A few interesting announces took place in Berlin:

– Both containerd from Docker and rkt from CoreOS are now CloudNative Foundation projects, that makes 9 projects under the CloudNative umbrella.

– Kubernetes 1.6 highlights: increased scalability (thanks to etcd3), RBAC (Role Based Access Control), mostly contributed by Openshift; Controlled Scheduling (affinity/anti-affinity and taints) and Dynamic Storage Provisioning, between multiple bugfixes and smaller features.

– All the talks are available in the CloudNative KubeCon EU YouTube playlist, and some speakers have uploaded slides to the schedule too. But if you want to get into the shoes of someone who was there, we liked Massimo’s personal notes on the event.


2017 Docker Usage Report

How are people using Docker in their application environments right now? As the premier container monitoring solution, Sysdig has some answers to this question. Find out here!

Multi-stage builds

Experimental feature that allows you to create different images (stages) defined in a single Dockerfile. Specially useful to automate the build process, producing a smaller image containing just the binaries.

Container performance analysis

Exhaustive set of slides analyzing performance and tracing processes over the massive ‘Titus’ Netflix’s container platform. We liked the U.S.E. (Utilization, Saturation, Errors) methodology that can be both applied to hardware and software resources.

From macro to micro

One of the main misconceptions about Docker is that it is an all-or-nothing IT solution, this post describes how to gradually migrate your components, starting with the front facing proxy.

Docker Cloud and Swarm mode

Docker Cloud and Swarm mode elegantly integrated, deploying a scalable WordPress installation with just a few clicks and a straightforward YAML file.

Docker daemon socket

Some deployments require you to bind-mount the /var/run/docker.sock file. Explore what is happening behind the scenes.

OpenVPN with docker-compose

Nice and simple tutorial on how to get your OpenVPN server up and running just in a few minutes using docker-compose.

Microservices architecture retail

You have heard about microservices a thousand times already. This article has a well-though-out set of checklists covering: why this is exciting, advantages, challenges and migration strategies.   KUBERNETES

Kubernetes 1.6 What’s new?

Kubernetes 1.6 is here. This series of 5 articles showcases highlighted features using practical examples. We especially liked the beta release of RBAC and the Advanced Scheduling. A must-read to start planning ahead.

Microsoft acquires Deis

Microsoft has acquired Deis, a company focused on open source management tools for Kubernetes, the birthplace of popular k8s projects like Helm, Workflow or Steward.

Monitoring Kubernetes series

In-depth series covering Kubernetes monitoring using Sysdig Monitor, delivered in 4 chapters. From the basics and rationale of cloud monitoring, alerting configuration best practices, troubleshooting and service discovery to a real-world use case scenario at WayBlazer.

Kubernetes pod autohealing

A clever take on k8s liveness/readiness probes, demonstrated on real use case scenario. We liked the thorough description of how the probes exactly behave and attention to caveats.


GPU offloading, deep learning and k8s scaling. Quite an impressive combo of all the really exciting technologies happening now. This project models a TensorFlow deployment using scalable Helm Charts.

Linkerd ingress controller

Series of articles about Linkerd, Kubernetes and services meshes. This installment will show you how to use Linkerd as a full-fledged ingress controller, including TLS terminations and dynamic routing.

Kube apply: declarative, automatic

CPU intensive tasks like multimedia encoding may greatly benefit from a custom CPU per container allocation and concurrency model design.

CPU pinning

Just modifying your YAML files by hand and running “kubectl apply” is good enough for most teams, but wouldn’t be great to have more traceability, code review and diff history? Meet kube-applier, a git-backed tool that tracks and implicitly applies cluster configuration changes.  


OpenShift 3.5

OpenShift 3.5 was just released! Don’t miss this series of articles covering improvements in usability and GUI capabilities, security updates like rolling upgrade of certs or fine-grained pod network policiescluster management and storage capabilities like dynamic provisioning for Azure block storage.


Hitting the wall

Article discussing the eventualities of running several thousand application instances over the Mesosphere Marathon platform. Very methodical, the guys have been battling against every caveat and performance limitation of the system and it shows.

Mesosphere DC/OS 1.9

Highlighted new features include a click-and-deploy catalog for data services like Elastic or CouchBase, troubleshooting and GPU-offload improvements.


How to monitor Docker Swarm

Sysdig Monitor can now leverage Docker Swarm metadata that together with its container visibility provides best int class Swarm monitoring.

Four essential Docker security aspects

Checklist addressing four container features that can help you secure your Docker environment and understanding the security challenges of your new software ecosystem.

An user’s view of Sysdig

Kris reviewed Sysdig and Sysdig Monitor writing an article about its internals, pros and cons.

Sysdig @ KubeCon EU

Sysdig team gave 3 talks at KubeCon / CloudNativeCon EU, check out them here: – Kubernetes-Defined Monitoring – 50 Shades of System Calls – Lightning Talk: The Top 5 Kubernetes Metrics to Monitor