August 2017 Container Newsletter.

Hello from all of us here at Sysdig! This year’s Sysdig Camp-Con-World-Fest-Summit, the Hands-On Container Conference is just under a month away! If you work with containers, orchestrators, or are tasked with figuring out how your organization is going to move to containers then this is a must attend event for you. Hear from Sysdig, Google, Docker, Red Hat, Yahoo, Mesosphere, CloudHealth, StackPointCloud and many more. Register now, early bird ticket sales end this Thursday, August 31st!

And no matter how busy we are preparing CCWFS, here it is again: a monthly newsletter to share the latest happenings in the container ecosystem across vendors and open source projects like Docker, Kubernetes, DC/OS Mesos, Openshift, and more.

We hope you enjoy this! Ping us at @sysdig or on our open source slack group #sysdig to share anything you feel we should include here, we are looking forward your contributions!

Docker security: vulnerabilities and tools

A two article overview of the Docker security landscape. 20 Docker security tools with descriptions and use cases and 7 Docker security vulnerabilities, including proof of concept examples.

Handling container death and resurrection

Behind this almost mystical title there is a thorough list of container life-cycle parameters with practical examples: restart policy, health checks, upgrades, and rollbacks, etc.

5 Docker logging practices

Logging in the world of containerized apps is different than with traditional applications, in this article you can learn about 5 patterns and best practices for Docker-centric deployments.

Docker operations slowing down on AWS

And this time it’s not DNS, for a change. An amusing debugging tale with some interesting lessons to take home regarding I/O bursts and cloud subscription qualities.

Using Docker to scrub 320 million passwords

Have you ever used ‘HaveIBeenPwned?’ Maybe you should take a look. You can download a huge database of stolen passwords and check if yours is between them. Safely, using Docker.

Docker 101 – Video tutorial

A nice introduction to Docker’s basic concepts, it’s also a video tutorial and it will only take you one hour. You are running out of excuses to get on-board.

Enabling IPv6 functionality for Docker

Docker assigns IPv4 addresses to containers by default. Have you ever wondered how to add IPv6 support? You can tweak the Docker daemon following these examples.

Serverless cluster with Raspberry Pi

Serverless functions go one step of abstraction beyond the microservices paradigm. Let’s build a serverless powerhouse using the OpenFaaS framework, Docker and a bunch of Raspberry Pi.

Kubernetes at Github

Github is migrating part of its huge infrastructure to Kubernetes. Here they explain how (in baremetal!).

Kaptaind backup & sync tool

Ever wanted to create restore points for you entire Kubernetes cluster (ala VM snapshots) or sync resources between different cloud providers? Kaptaind is the tool you need.

Kubernetes with Traefik and Let’s Encrypt

Using Traefik as the Kubernetes Ingress controller and Let’s Encrypt to get valid certificates on demand, you can nicely automate service publishing.

Introducing Kpod

CRI-O is an effort to create a new, easier to debug, container runtime for Kubernetes and kpod a new command line tool for image and storage management.

Kubernetes tips and tricks

Every sysadmin eventually compiles a personal cheat sheet to optimize the daily mundane tasks. Some are so kind as to share it.

Kubernetes Initializers

Did you know that you can modify Kubernetes resources before they are even created? Learn how to write and deploy your own Initializers.

Kubernetes ConfigMaps and Secrets

Gentle introduction in two installments on using ConfigMaps and Secrets to parametrize your Kubernetes pods.

Cluster management with Cabin

Wouldn’t it be nice to check the status and health of your Kubernetes cluster from an agile mobile UI, or even perform some basic actions when you are on the road? Meet Cabin.

Debug locally with Telepresence

Using Telepresence you can re-route the traffic from one of your Kubernetes services to your own local version. This way you can debug locally while you communicate with the other cluster entities.


10 layers of container security

This talk discusses the 10 most common layers in a typical container deployment and talks about ways to build security into each layer. Full-stack, from the container host to the CI/CD pipe and API management.

Enterprise-level OpenShift deployment

What do you need to know to make an enterprise-level OpenShift deployment? From the “big picture” concept to 11 different areas to consider.

Monitoring OpenShift: three tools

Radically new software orchestration architectures also require new monitoring approaches, container centric and easy to integrate in the DevOps CI/CD workflows.


Docker vs Kubernetes vs Mesos

“Why What You Think You Know is Probably Wrong”, despite its provocative title, this thorough article is not really a ‘vs’, but really a calm explanation of what is the right tool for you and why.

Automated canary releasing

Canary releasing exposes new versions of the software to a reduced number of users. Learn how to build a canary release pipe using Jenkins + DC/OS + Vamp. Part 1Part 2.

Cluster management at Chartbeat

Series of posts covering the ongoing migration of ~1000 server instances to Apache Mesos, Apache Aurora and Python Pants, rationale of the technology pick, proofs of concept and current results.


Sysdig Camp-Con-World-Fest-Summit

Sept 26-27 in San Francisco

Last chance for Early Bird pricing. Join us if you work with containers, orchestration tools, or you want to know more about the quickly, evolving world of containers. Check out the full 2 day agendaMeet Jorge who is leading a 4 hour Container Troubleshooting Workshop on the second day.

Katacoda course: Sysdig container visibility

Hands-on introduction to Sysdig opensource, features and potential. Katacoda will provide the lab environment for you! You just need a web browser, 10 minutes and the desire to learn.


Container Metadata – Understanding Metrics, Labels, & Tags

Deep dive into the Sysdig metric categorization and metadata aggregation. Precise definitions with illustrative examples and diagrams that will help you realize the potential of the Sysdig approach.

Katacoda course: Falco container security monitoring

And another Katacoda practical course, this time focused on Sysdig Falco, a container-centric security monitor. Create your own security rules and test them live! No container instrumentation nor monitoring agents required.