April 2017 Container Newsletter
Hello from all of us here at Sysdig! Quite a few things happened in the last weeks, first KubeCon/CloudNative EU in Berlin and just last week DockerCon in Austin. That’s why we have aggregated our March and April into a slightly longer newsletter than usual, covering also these 2 events.
Just last week, Docker run its annual conference in Austin (Texas) with around 5500 attendees. A few interesting announcements from DockerCon:
– Docker as the upstream open source project has been renamed to Moby, and from now on Docker will refer exclusively to the commercial versions (well, binary versions because Docker community edition will still be called Docker. Confusing, but we saw it before with the RHEL/Fedora/CentOS split, similarly now we got Docker EE/Docker CE/Moby). Further discussion here.
– LinuxKit, a project by Docker providing a framework to build Linux based operating system as a host for running containers. Quite cool although there is some overlapping with CoreOS and RancherOS.
Back in the end of March, with 1200+ attendees and over 100 sessions, this was the first massive Kubernetes event in Europe. A few interesting announces took place in Berlin:
– Both containerd from Docker and rkt from CoreOS are now CloudNative Foundation projects, that makes 9 projects under the CloudNative umbrella.
– Kubernetes 1.6 highlights: increased scalability (thanks to etcd3), RBAC (Role Based Access Control), mostly contributed by Openshift; Controlled Scheduling (affinity/anti-affinity and taints) and Dynamic Storage Provisioning, between multiple bugfixes and smaller features.
– All the talks are available in the CloudNative KubeCon EU YouTube playlist, and some speakers have uploaded slides to the schedule too. But if you want to get into the shoes of someone who was there, we liked Massimo’s personal notes on the event.
2017 Docker Usage Report
How are people using Docker in their application environments right now? As the premier container monitoring solution, Sysdig has some answers to this question. Find out here!
Experimental feature that allows you to create different images (stages) defined in a single Dockerfile. Specially useful to automate the build process, producing a smaller image containing just the binaries.
Container performance analysis
Exhaustive set of slides analyzing performance and tracing processes over the massive ‘Titus’ Netflix’s container platform.
We liked the U.S.E. (Utilization, Saturation, Errors) methodology that can be both applied to hardware and software resources.
From macro to micro
One of the main misconceptions about Docker is that it is an all-or-nothing IT solution, this post describes how to gradually migrate your components, starting with the front facing proxy.
Docker Cloud and Swarm mode
Docker Cloud and Swarm mode elegantly integrated, deploying a scalable WordPress installation with just a few clicks and a straightforward YAML file.
Docker daemon socket
Some deployments require you to bind-mount the /var/run/docker.sock file. Explore what is happening behind the scenes.
OpenVPN with docker-compose
Nice and simple tutorial on how to get your OpenVPN server up and running just in a few minutes using docker-compose.
Microservices architecture retail
You have heard about microservices a thousand times already. This article has a well-though-out set of checklists covering: why this is exciting, advantages, challenges and migration strategies.
Kubernetes 1.6 What’s new?
Microsoft acquires Deis
Microsoft has acquired Deis, a company focused on open source management tools for Kubernetes, the birthplace of popular k8s projects like Helm, Workflow or Steward.
Monitoring Kubernetes series
Kubernetes pod autohealing
A clever take on k8s liveness/readiness probes, demonstrated on real use case scenario. We liked the thorough description of how the probes exactly behave and attention to caveats.
GPU offloading, deep learning and k8s scaling. Quite an impressive combo of all the really exciting technologies happening now. This project models a TensorFlow deployment using scalable Helm Charts.
Linkerd ingress controller
Series of articles about Linkerd, Kubernetes and services meshes. This installment will show you how to use Linkerd as a full-fledged ingress controller, including TLS terminations and dynamic routing.
Kube apply: declarative, automatic
CPU intensive tasks like multimedia encoding may greatly benefit from a custom CPU per container allocation and concurrency model design.
Just modifying your YAML files by hand and running “kubectl apply” is good enough for most teams, but wouldn’t be great to have more traceability, code review and diff history? Meet kube-applier, a git-backed tool that tracks and implicitly applies cluster configuration changes.
OpenShift 3.5 was just released! Don’t miss this series of articles covering improvements in usability and GUI capabilities, security updates like rolling upgrade of certs or fine-grained pod network policies, cluster management and storage capabilities like dynamic provisioning for Azure block storage.
Hitting the wall
Article discussing the eventualities of running several thousand application instances over the Mesosphere Marathon platform. Very methodical, the guys have been battling against every caveat and performance limitation of the system and it shows.
Mesosphere DC/OS 1.9
Highlighted new features include a click-and-deploy catalog for data services like Elastic or CouchBase, troubleshooting and GPU-offload improvements.
How to monitor Docker Swarm
Sysdig Monitor can now leverage Docker Swarm metadata that together with its container visibility provides best int class Swarm monitoring.
Four essential Docker security aspects
Checklist addressing four container features that can help you secure your Docker environment and understanding the security challenges of your new software ecosystem.
An user’s view of Sysdig
Kris reviewed Sysdig and Sysdig Monitor writing an article about its internals, pros and cons.
Sysdig @ KubeCon EU
Sysdig team gave 3 talks at KubeCon / CloudNativeCon EU, check out them here:
– Kubernetes-Defined Monitoring
– 50 Shades of System Calls
– Lightning Talk: The Top 5 Kubernetes Metrics to Monitor