Newsletter

February 2018 Container Newsletter

Hello from all of us here at Sysdig! We just came back from FOSDEM and cfgmgmtcamp with some new friends, experiences and, of course, a great deal of exciting tech news to share with you. So here it is again: a monthly newsletter to share the latest happenings in the container ecosystem across vendors and open source projects like Docker, Kubernetes, DC/OS Mesos, Openshift, etc. We hope you enjoy this! Ping us at @sysdig or on our open source Sysdig Slack group to share anything you feel we should include here, we are looking forward your contributions!

SECURITY

Everything you need to know about containers security

Pretty ambitious title, right? Well, the content is not going to disappoint you. Let’s dive into the state of the art container security practices and tools.

Kubernetes security best practices

In this talk you will learn how to integrate classic Linux security tools like SELinux or seccomp to harden your Kubernetes pods and services.

Making Linux Security Modules available to containers

Several Linux Security Modules (LSM) are working towards better integration with kernel namespaces and the container ecosystem, this talk outlines current efforts and remaining problems.

Docker security issues and best practices as we enter 2018

As we move into 2018, security is no longer a weakness for containers. This updated cheat sheet will get you up to speed with the Docker security landscape.

SYSDIG

Troubleshooting containers, system calls and performance

Join us for another in-depth session of container debugging and troubleshooting! This time we follow the trail of a Linux kernel library version “mismatch”.

How to deploy Openshift on AWS

Want to deploy an small OpenShift test environment with multiple nodes? Hopefully we can make your life easier with these CloudFormation templates and ansible recipes.

New integrated troubleshooting in Sysdig Monitor

Sysdig Monitor is now tightly integrated with Sysdig Inspect, here you have a colorful example of integrated troubleshooting for a crashloop-ing Kubernetes deployment.

Sysdig’s top viral blogs of 2017

2017 was a big year for Sysdig, let’s revisit the sysdig blogs that became viral. Seem that what really brings you to our blog is the content that dives deep into system internals (so don’t miss the first link of this section).

JOIN THE UPCOMING “CONTAINER TROUBLESHOOTING WITH SYSDIG” WEBINAR.   US TIME  EMEA TIME

KUBERNETES

Scaling Kubernetes to 2,500 nodes

The OpenAI project is pushing their largest Kubernetes cluster yet, learn about the performance tweaks and bottlenecks that you will need to address to join the major leagues.

Kubernetes service mesh

The “service mesh” is all the rage now on Kubernetes discussion forums. Learn the basic concepts and most promising mesh projects.

Reporting errors using Kubernetes events

Retrofeed Kubernetes events and error messages to the pod that is causing them, so the developers can provide sensible Kubernetes-specific error handling without further human intervention.

The twelve-factors Kubernetes

The twelve Kubernetes app design commandments. A useful mix of basic concepts and deployment tips that you should definitely read if you’re a novice.

Kubernetes custom controller example

You are using Kubernetes Controllers (ReplicaSets, Deployments) on a daily basis. Want to code your own? Full code example here.

K8s-utils repo

A collection of handy bash scripts oriented primarily to assist with Kubernetes production support.

Automating distributed logging on production Kubernetes

Meaningful log collection for a highly dynamic container environment is no trivial task, here you have a set of design tips to collect and categorize Kubernetes logs.

Pulling images from a private repository into Kubernetes

Simple and straightforward, how to use a Kubernetes secret to grab images from a private Docker registry.

2018 Kubernetes predictions

New year, new batch of technology predictions by our friends at @mesosphere. Edge computing, security, service mesh and other hot topic for this year.

DOCKER

Running Docker Enterprise Edition at scale

Plan a Docker EE deployment with scaling in mind from the bottom up: cluster size, storage performance and HTTP mesh routing.

Truly immutable deployments with Docker or Kubernetes

For security and traceability reasons, you may consider using immutable file systems to support your Docker containers and Kubernetes pods.

To DinD or not do DinD ?

I heard you like Docker, so… DinD is a very interesting and useful experiment, but we highly recommend to read about its current limitations before committing to it.

Top 10 Docker logging gotchas

You can log Docker containers the same way you were logging separate processes right? Wrong. Avoid the container specific pitfalls by reading this article.

Using Linuxkit to build an AWS image (AMI)

We have covered the LinuxKit tool in several articles before, let’s get more specific building an AWS cloud image following this tutorial.

How to setup a Docker ELK (Elastic Logstash Kibana) stack in a jiffy

Eager to start playing around with a Dockerized ELK stack in a cloud account or your laptop? You are just 5 minutes away to have it up and running.

A Perfect Personal Cloud with Docker Swarm

Build your modern personal cloud using Docker containers. Featuring backups, ingress controller, monitoring and more.

Building healthier containers

A piece of advice on what to include in your container image and how to attach debugging tools to your container’s namespace on the fly, some surprising tricks inside!

A Docker Guide for Java

In this extensive tutorial you can learn how to interact with the Docker daemon and related entities in a programmatic way using docker-java libraries.

OTHER ORCHESTRATORS

OpenShift Online 3 questions and answers

The OpenShift Online team has been paying attention to the most frequent questions and difficulties that their users experience to compile this comprehensive Q&A manual.

DevOps with OpenShift – free ebook

Three OpenShift experts at Red Hat explain how to configure Docker application containers and the Kubernetes cluster manager with OpenShift’s developer- and operational-centric tools.

Data science on DC/OS

DC/OS has always been an attractive platform for big data, data science and artificial intelligence. Learn why this is so building a scalable data analytics platform.

DC/OS performance advisory on Meltdown/Spectre

The Meltdown/Spectre mishap is still generating a lot of headlines. Learn why these two bugs do not have a noticeable impact on performance for workloads running on DC/OS.