Hello from all of us here at Sysdig! Quite a few things happened in the last weeks, first KubeCon/CloudNative EU in Berlin and just last week DockerCon in Austin. That’s why we have aggregated our March and April into a slightly longer newsletter than usual, covering also these 2 events.
We hope you enjoy this! Ping us at
@sysdig or on our open source slack group
#sysdig to share anything you feel we should include here, we are looking forward your contributions!
DOCKERCON
Impressions
Just last week, Docker run its annual conference in Austin (Texas) with around 5500 attendees. A few interesting announcements from DockerCon:
– Docker as the upstream open source project has been renamed to Moby, and from now on Docker will refer exclusively to the commercial versions (well, binary versions because Docker community edition will still be called Docker. Confusing, but we saw it before with the RHEL/Fedora/CentOS split, similarly now we got Docker EE/Docker CE/Moby). Further discussion here.
–
LinuxKit, a project by Docker providing a framework to build Linux based operating system as a host for running containers. Quite cool although there is some overlapping with CoreOS and RancherOS.
– Videos of the talks are not yet online, will keep you posted when available but Docker has already published their highlights of the event:
Day 1 and
Day 2.
KUBECON EU
Impressions
Back in the end of March, with 1200+ attendees and over 100 sessions, this was the first massive Kubernetes event in Europe. A few interesting announces took place in Berlin:
– Both containerd from Docker and rkt from CoreOS are now CloudNative Foundation projects, that makes 9 projects under the CloudNative umbrella.
– Kubernetes 1.6 highlights: increased scalability (thanks to etcd3), RBAC (Role Based Access Control), mostly contributed by Openshift; Controlled Scheduling (affinity/anti-affinity and taints) and Dynamic Storage Provisioning, between multiple bugfixes and smaller features.
– All the talks are available in the
CloudNative KubeCon EU YouTube playlist, and some speakers have uploaded slides to
the schedule too. But if you want to get into the shoes of someone who was there, we liked
Massimo’s personal notes on the event.
DOCKER
2017 Docker Usage Report
How are people using Docker in their application environments right now? As the premier container monitoring solution, Sysdig has some answers to this question.
Find out here!
Multi-stage builds
Experimental feature that allows you to create different images (stages) defined in a single Dockerfile. Specially useful to automate the
build process, producing a smaller image containing just the binaries.
Container performance analysis
Exhaustive set of slides
analyzing performance and tracing processes over the massive ‘Titus’ Netflix’s container platform.
We liked the U.S.E. (Utilization, Saturation, Errors) methodology that can be both applied to hardware and software resources.
From macro to micro
One of the main misconceptions about Docker is that it is an all-or-nothing IT solution,
this post describes how to gradually migrate your components, starting with the front facing proxy.
Docker Cloud and Swarm mode
Docker Cloud and Swarm mode
elegantly integrated, deploying a scalable WordPress installation with just a few clicks and a straightforward YAML file.
Docker daemon socket
Some deployments require you to bind-mount the /var/run/docker.sock file.
Explore what is happening behind the scenes.
OpenVPN with docker-compose
Nice and simple
tutorial on how to get your OpenVPN server up and running just in a few minutes using docker-compose.
Microservices architecture retail
You have heard about microservices a thousand times already.
This article has a well-though-out set of checklists covering: why this is exciting, advantages, challenges and migration strategies.
KUBERNETES
Kubernetes 1.6 What’s new?
Kubernetes 1.6 is here. This
series of 5 articles showcases highlighted features using practical examples. We especially liked the beta release of
RBAC and the
Advanced Scheduling. A must-read to start planning ahead.
Microsoft acquires Deis
Microsoft has acquired Deis, a company focused on open source management tools for Kubernetes, the birthplace of popular k8s projects like Helm, Workflow or Steward.
Monitoring Kubernetes series
In-depth series covering Kubernetes monitoring using Sysdig Monitor, delivered in 4 chapters. From the basics and
rationale of cloud monitoring,
alerting configuration best practices, troubleshooting and
service discovery to a
real-world use case scenario at WayBlazer.
Kubernetes pod autohealing
A clever take on k8s liveness/readiness probes, demonstrated on real
use case scenario. We liked the thorough description of how the probes exactly behave and attention to caveats.
KuberBrain
GPU offloading, deep learning and k8s scaling. Quite an impressive combo of all the really exciting technologies happening now.
This project models a TensorFlow deployment using scalable Helm Charts.
Linkerd ingress controller
Series of articles about Linkerd, Kubernetes and services meshes.
This installment will show you how to use Linkerd as a full-fledged ingress controller, including TLS terminations and dynamic routing.
Kube apply: declarative, automatic
CPU intensive tasks like
multimedia encoding may greatly benefit from a custom CPU per container allocation and concurrency model design.
CPU pinning
Just modifying your YAML files by hand and running “kubectl apply” is good enough for most teams, but wouldn’t be great to have more traceability, code review and diff history? Meet
kube-applier, a git-backed tool that tracks and implicitly applies cluster configuration changes.
OPENSHIFT
OpenShift 3.5
OpenShift 3.5 was just released! Don’t miss
this series of articles covering improvements in
usability and GUI capabilities, security updates like rolling upgrade of certs or fine-grained pod
network policies,
cluster management and storage capabilities like dynamic provisioning for Azure block storage.
MESOS
Hitting the wall
Article discussing the eventualities of running several thousand application instances over the Mesosphere Marathon platform. Very methodical, the guys have been battling against every caveat and performance limitation of the system and
it shows.
Mesosphere DC/OS 1.9
Highlighted
new features include a click-and-deploy catalog for data services like Elastic or CouchBase, troubleshooting and GPU-offload improvements.
SYSDIG
How to monitor Docker Swarm
Sysdig Monitor can now leverage Docker Swarm metadata that together with its container visibility provides best int class
Swarm monitoring.
Four essential Docker security aspects
Checklist addressing four container features that can help you
secure your Docker environment and understanding the security challenges of your new software ecosystem.
An user’s view of Sysdig
Kris reviewed Sysdig and Sysdig Monitor writing
an article about its internals, pros and cons.
Sysdig @ KubeCon EU
Sysdig team gave 3 talks at KubeCon / CloudNativeCon EU, check out them here:
–
Kubernetes-Defined Monitoring
–
50 Shades of System Calls
–
Lightning Talk: The Top 5 Kubernetes Metrics to Monitor