Hello from all of us here at Sysdig! We just came back from
FOSDEM and
cfgmgmtcamp with some new friends, experiences and, of course, a great deal of exciting tech news to share with you.
So here it is again: a monthly newsletter to share the latest happenings in the container ecosystem across vendors and open source projects like Docker, Kubernetes, DC/OS Mesos, Openshift, etc.
We hope you enjoy this! Ping us at
@sysdig or on our
open source Sysdig Slack group to share anything you feel we should include here, we are looking forward your contributions!
SECURITY
Pretty ambitious title, right? Well, the content is not going to disappoint you. Let’s dive into the state of the art
container security practices and tools.
Kubernetes security best practices
In this talk you will learn how to integrate classic Linux security tools like
SELinux or seccomp to harden your Kubernetes pods and services.
Making Linux Security Modules available to containers
Several
Linux Security Modules (LSM) are working towards better integration with kernel namespaces and the container ecosystem, this talk outlines current efforts and remaining problems.
Docker security issues and best practices as we enter 2018
As we move into 2018, security is no longer a weakness for containers. This
updated cheat sheet will get you up to speed with the Docker security landscape.
SYSDIG
Join us for another in-depth session of
container debugging and troubleshooting! This time we follow the trail of a Linux kernel library version “mismatch”.
How to deploy Openshift on AWS
Want to deploy an small
OpenShift test environment with multiple nodes? Hopefully we can make your life easier with these CloudFormation templates and ansible recipes.
New integrated troubleshooting in Sysdig Monitor
Sysdig Monitor is now tightly integrated with
Sysdig Inspect, here you have a colorful example of
integrated troubleshooting for a crashloop-ing Kubernetes deployment.
Sysdig’s top viral blogs of 2017
2017 was a big year for Sysdig, let’s revisit the
sysdig blogs that became viral. Seem that what really brings you to our blog is the content that dives deep into system internals (so don’t miss the first link of this section).
JOIN THE UPCOMING “CONTAINER TROUBLESHOOTING WITH SYSDIG” WEBINAR. US TIME EMEA TIME
KUBERNETES
Scaling Kubernetes to 2,500 nodes
The OpenAI project is pushing their
largest Kubernetes cluster yet, learn about the performance tweaks and bottlenecks that you will need to address to join the major leagues.
Kubernetes service mesh
The “service mesh” is all the rage now on Kubernetes discussion forums. Learn the basic concepts and
most promising mesh projects.
Reporting errors using Kubernetes events
Retrofeed Kubernetes events and error messages to the pod that is causing them, so the developers can provide sensible Kubernetes-specific error handling without further human intervention.
The twelve-factors Kubernetes
The
twelve Kubernetes app design commandments. A useful mix of basic concepts and deployment tips that you should definitely read if you’re a novice.
Kubernetes custom controller example
You are using
Kubernetes Controllers (ReplicaSets, Deployments) on a daily basis. Want to code your own? Full code example here.
K8s-utils repo
A collection of handy bash scripts oriented primarily to assist with
Kubernetes production support.
Automating distributed logging on production Kubernetes
Meaningful log collection for a highly dynamic container environment is no trivial task, here you have a set of design tips to
collect and categorize Kubernetes logs.
Pulling images from a private repository into Kubernetes
Simple and straightforward, how to use a Kubernetes secret to
grab images from a private Docker registry.
2018 Kubernetes predictions
New year, new batch of technology predictions by our friends at @mesosphere.
Edge computing, security, service mesh and other hot topic for this year.
DOCKER
Running Docker Enterprise Edition at scale
Plan a Docker EE deployment with scaling in mind from the bottom up:
cluster size, storage performance and HTTP mesh routing.
Truly immutable deployments with Docker or Kubernetes
For security and traceability reasons, you may consider
using immutable file systems to support your Docker containers and Kubernetes pods.
To DinD or not do DinD ?
I heard you like Docker, so…
DinD is a very interesting and useful experiment, but we highly recommend to read about its current limitations before committing to it.
Top 10 Docker logging gotchas
You can log Docker containers the same way you were logging separate processes right? Wrong. Avoid the
container specific pitfalls by reading this article.
Using Linuxkit to build an AWS image (AMI)
We have covered the LinuxKit tool in several articles before, let’s get more specific building
an AWS cloud image following this tutorial.
How to setup a Docker ELK (Elastic Logstash Kibana) stack in a jiffy
Eager to start playing around with a
Dockerized ELK stack in a cloud account or your laptop? You are just 5 minutes away to have it up and running.
A Perfect Personal Cloud with Docker Swarm
Build your modern personal cloud using Docker containers.
Featuring backups, ingress controller, monitoring and more.
Building healthier containers
A piece of advice on what to include in your container image and
how to attach debugging tools to your container’s namespace on the fly, some surprising tricks inside!
A Docker Guide for Java
In this extensive tutorial you can learn how to interact with the Docker daemon and related entities in a programmatic way using
docker-java libraries.
OTHER ORCHESTRATORS
OpenShift Online 3 questions and answers
The OpenShift Online team has been paying attention to the most frequent questions and difficulties that their users experience to compile
this comprehensive Q&A manual.
DevOps with OpenShift – free ebook
Three OpenShift experts at Red Hat explain how to
configure Docker application containers and the Kubernetes cluster manager with OpenShift’s developer- and operational-centric tools.
Data science on DC/OS
DC/OS has always been an attractive platform for big data, data science and artificial intelligence. Learn why this is so
building a scalable data analytics platform.
The Meltdown/Spectre mishap is still generating a lot of headlines. Learn why these two bugs do not have a noticeable
impact on performance for workloads running on DC/OS.