July 2018 Container Newsletter.

Hello from all of us here at Sysdig! Are you enjoying your summer holidays already? The container ecosystem is not going to take a break, but don’t worry, you can keep up to date in just a few minutes :).

So here it is again: a monthly newsletter to share the latest happenings in the container ecosystem across vendors and open source projects like Docker, Kubernetes, DC/OS Mesos, Openshift, etc.

We hope you enjoy this! Ping us at @sysdig or on our open source Sysdig Slack group to share anything you feel should be included in future newsletters, we are looking forward your contributions! You can also find previous newsletter editions in the Container Newsletter archive.


Container Network Security

When we discuss container security, topics like isolation, runtime security or image scanning come to mind. This article talks about the pod network security aspect and how to reuse previous security concepts.

Kubernetes Run-time Security: Automate Sysdig Falco Deployment Using Helm Charts

If you are looking for an open-source Kubernetes runtime security tool, Sysdig Falco can now be deployed in a blink of an eye using the new Helm chart.

Docker Container Security Best Practices

Docker containers are quite usually deployed at the DevOps speed as a part of CI/CD framework. This article gives you an overview of the security-related best practices that we already covered in our 7 Docker security vulnerabilities and threats post.

Backup and Restore Kubernetes Resources

Never forget that security is not only about “attackers”, protecting from self-inflicted damage is a fundamental part of it. Do you have a good backup strategy for your Kubernetes cluster?

Latest Kubernetes Security Features

Straight from GitHub: external client-go credential providers, the TokenRequest API and the limited Node object access to the Kubernetes API.


Sysdig Monitor Summer 2018 Release

A nice summary of all the good stuff we’ve made available over the past few months: look-and-feel enhancements, new dashboards & metrics, enhanced Kubernetes and Prometheus support.

3 Phases of Prometheus Adoption

Prometheus is the leading software choice for open source cloud-native monitoring. Let’s reflect on the three phases enterprises usually go through on their way to a production-ready monitoring strategy.

Container Security at DevOpsDays Minneapolis

Join us and go hands-on with container visibility, troubleshooting and run-time security monitoring using the Sysdig open source tools (Sysdig, Sysdig Inspect, and Falco). Minneapolis DevOpsDays 12 July.



Scaling Kubernetes for 25M Users

When we hear about cloud-native scale, the following question is “Where is the next bottleneck?”. Learn from the guys that went from 0 to 25M users in about 18 months.

Kubernetes StatefulSet in Action

Do you really understand how StatefulSets work? Follow this thoroughly documented practical example to experiment with your own live deployment.

Nvidia Opens GPUs for AI Work with Kubernetes

With GPUs becoming more important than ever thanks to the rise of AI, Nvidia is releasing a curated and well-maintained Docker registry of deep learning images that can run directly on the GPU hardware.

Manage Kubernetes Authentication and Authorization Using Heptio Authenticator

Kubernetes doesn’t offer any user management framework out of the box. The Heptio Authenticator lets you use AWS IAM credentials for you Kubernetes cluster.

Developing Apps that Rely on Databases in a Kubernetes Workflow

Stateless code is great, but it’s likely you’ll end up needing to store state somewhere. Project Spawn aims to accelerate development delivering production-like databases on demand.

Keep your Kubernetes Cluster Balanced

High Availability is much more than pod redundancy. Keeping your cluster balanced will not guarantee High Availability, but it will certainly help you towards that goal.

4 Years of K8s

Happy birthday Kubernetes! On June 6, 2014 Joe Beda checked in the first commit of what would become the public repository for Kubernetes. The history of how everything started.

Kubernetes and Offline Etcd Upgrades

Narrated as a sitcom chapter, Kevin Nisbet digs into the horrors of in-place etcd upgrades and rollbacks within autonomous and inaccessible air-gapped clusters.

A First Look at the Helm 3 Plan

Helm has already become a familiar companion for our Kubernetes designs. What can you expect from the third major release of this popular tool?


Local Docker Development for AWS Fargate Application

AWS Fargate is a relatively new technology, learn how to optimize your coding process to adapt to this specific Docker build and run workflow.

Revisiting Docker and Jenkins

No less than eight chapters of curated and updated content on deploying Docker CI/CD with Jenkins, by the backend team at Riot Software.

What Really Happens When You Run docker-compose up

Knowing your tools will help you a great deal when you run into trouble. Learn the specific steps that the docker-compose tool performs to build your stack.

Fixing Docker to Run Smooth on Windows

Windows doesn’t have to be a second-class citizen for Docker local development anymore. Consider using Docker Toolbox as a viable alternative to Native Windows Docker.

Gloo Function Gateway

Gloo is a high-performance, plugin-extendable, platform-agnostic function Gateway built on top of Envoy. You can see a live demo of how to use Gloo to modernize an example application here.

Running a Docker Private Registry on EC2

Private Docker registry doesn’t necessarily mean that it has to run on your own metal. You can deploy and configure a secured repository on Amazon EC2 and Amazon S3.


Mesos and Kubernetes: It’s Not a Competition

People often think in terms of x versus y, but it’s not always a question of one technology versus another. These two technologies actually can work in complementary ways with one another.

Overcoming Hurdles to Running Production Workloads in Containers

This post details the 3 major hurdles when adapting your monolith application to container workloads, proposing different solutions using Mesosphere, HPE, And Hedvig.

An Open Source Load Balancer for OpenShift

A highly-available deployment of OpenShift needs at least two load balancers: One to load balance the control plane (the master API endpoints) and one for the data plane (the application routers).

The Path to Cloud-Native Trading Platforms

The Red Hat Performance Team, along with their partners at Solarflare and Supermicro want to demonstrate that it is possible to containerize extreme low-latency applications without any degradation in performance.