Hello from all of us here at Sysdig! We just came back from FOSDEM
with some new friends, experiences and, of course, a great deal of exciting tech news to share with you.
So here it is again: a monthly newsletter to share the latest happenings in the container ecosystem across vendors and open source projects like Docker, Kubernetes, DC/OS Mesos, Openshift, etc.
We hope you enjoy this! Ping us at @sysdig
or on our open source Sysdig Slack group
to share anything you feel we should include here, we are looking forward your contributions!
Pretty ambitious title, right? Well, the content is not going to disappoint you. Let’s dive into the state of the art container security practices and tools
Kubernetes security best practices
In this talk you will learn how to integrate classic Linux security tools like SELinux or seccomp to harden your Kubernetes
pods and services.
Making Linux Security Modules available to containers
Several Linux Security Modules (LSM)
are working towards better integration with kernel namespaces and the container ecosystem, this talk outlines current efforts and remaining problems.
Docker security issues and best practices as we enter 2018
As we move into 2018, security is no longer a weakness for containers. This updated cheat sheet
will get you up to speed with the Docker security landscape.
Troubleshooting containers, system calls and performance
Join us for another in-depth session of container debugging and troubleshooting
! This time we follow the trail of a Linux kernel library version “mismatch”.
How to deploy Openshift on AWS
Want to deploy an small OpenShift test environment
with multiple nodes? Hopefully we can make your life easier with these CloudFormation templates and ansible recipes.
New integrated troubleshooting in Sysdig Monitor
Sysdig Monitor is now tightly integrated with Sysdig Inspect
, here you have a colorful example of integrated troubleshooting
for a crashloop-ing Kubernetes deployment.
Sysdig’s top viral blogs of 2017
2017 was a big year for Sysdig, let’s revisit the sysdig blogs
that became viral. Seem that what really brings you to our blog is the content that dives deep into system internals (so don’t miss the first link of this section).
JOIN THE UPCOMING “CONTAINER TROUBLESHOOTING WITH SYSDIG” WEBINAR. US TIME EMEA TIME
Scaling Kubernetes to 2,500 nodes
The OpenAI project is pushing their largest Kubernetes cluster
yet, learn about the performance tweaks and bottlenecks that you will need to address to join the major leagues.
Kubernetes service mesh
The “service mesh” is all the rage now on Kubernetes discussion forums. Learn the basic concepts and most promising mesh projects
Reporting errors using Kubernetes events
Retrofeed Kubernetes events and error messages
to the pod that is causing them, so the developers can provide sensible Kubernetes-specific error handling without further human intervention.
The twelve-factors Kubernetes
The twelve Kubernetes app design commandments
. A useful mix of basic concepts and deployment tips that you should definitely read if you’re a novice.
Kubernetes custom controller example
You are using Kubernetes Controllers (ReplicaSets, Deployments)
on a daily basis. Want to code your own? Full code example here.
A collection of handy bash scripts oriented primarily to assist with Kubernetes production support
Automating distributed logging on production Kubernetes
Meaningful log collection for a highly dynamic container environment is no trivial task, here you have a set of design tips to collect and categorize Kubernetes logs
Pulling images from a private repository into Kubernetes
Simple and straightforward, how to use a Kubernetes secret to grab images from a private Docker registry
2018 Kubernetes predictions
New year, new batch of technology predictions by our friends at @mesosphere. Edge computing, security, service mesh
and other hot topic for this year.
Running Docker Enterprise Edition at scale
Plan a Docker EE deployment with scaling in mind from the bottom up: cluster size, storage performance and HTTP mesh routing
Truly immutable deployments with Docker or Kubernetes
For security and traceability reasons, you may consider using immutable file systems
to support your Docker containers and Kubernetes pods.
To DinD or not do DinD ?
I heard you like Docker, so… DinD is a very interesting and useful experiment
, but we highly recommend to read about its current limitations before committing to it.
Top 10 Docker logging gotchas
You can log Docker containers the same way you were logging separate processes right? Wrong. Avoid the container specific pitfalls
by reading this article.
Using Linuxkit to build an AWS image (AMI)
We have covered the LinuxKit tool in several articles before, let’s get more specific building an AWS cloud image
following this tutorial.
How to setup a Docker ELK (Elastic Logstash Kibana) stack in a jiffy
Eager to start playing around with a Dockerized ELK stack
in a cloud account or your laptop? You are just 5 minutes away to have it up and running.
A Perfect Personal Cloud with Docker Swarm
Build your modern personal cloud using Docker containers. Featuring backups, ingress controller, monitoring and more
Building healthier containers
A piece of advice on what to include in your container image and how to attach debugging tools to your container’s namespace on the fly
, some surprising tricks inside!
A Docker Guide for Java
In this extensive tutorial you can learn how to interact with the Docker daemon and related entities in a programmatic way using docker-java libraries
OpenShift Online 3 questions and answers
The OpenShift Online team has been paying attention to the most frequent questions and difficulties that their users experience to compile this comprehensive Q&A manual
DevOps with OpenShift – free ebook
Three OpenShift experts at Red Hat explain how to configure Docker application containers and the Kubernetes cluster manager with OpenShift’s
developer- and operational-centric tools.
Data science on DC/OS
DC/OS has always been an attractive platform for big data, data science and artificial intelligence. Learn why this is so building a scalable data analytics platform
DC/OS performance advisory on Meltdown/Spectre
The Meltdown/Spectre mishap is still generating a lot of headlines. Learn why these two bugs do not have a noticeable impact on performance for workloads running on DC/OS