Hello from all of us here at Sysdig! Are you enjoying your summer holidays already? The container ecosystem is not going to take a break, but don’t worry, you can keep up to date in just a few minutes :).
So here it is again: a monthly newsletter to share the latest happenings in the container ecosystem across vendors and open source projects like Docker, Kubernetes, DC/OS Mesos, Openshift, etc.
We hope you enjoy this! Ping us at @sysdig or on our open source Sysdig Slack group to share anything you feel should be included in future newsletters, we are looking forward your contributions! You can also find previous newsletter editions in the Container Newsletter archive.
SECURITY
Container Network Security
When we discuss container security, topics like isolation, runtime security or image scanning come to mind. This article talks about the pod network security aspect and how to reuse previous security concepts.
Kubernetes Run-time Security: Automate Sysdig Falco Deployment Using Helm Charts
If you are looking for an open-source Kubernetes runtime security tool, Sysdig Falco can now be deployed in a blink of an eye using the new Helm chart.
Docker Container Security Best Practices
Docker containers are quite usually deployed at the DevOps speed as a part of CI/CD framework. This article gives you an overview of the security-related best practices that we already covered in our 7 Docker security vulnerabilities and threats post.
Backup and Restore Kubernetes Resources
Never forget that security is not only about “attackers”, protecting from self-inflicted damage is a fundamental part of it. Do you have a good backup strategy for your Kubernetes cluster?
Latest Kubernetes Security Features
Straight from GitHub: external client-go credential providers, the TokenRequest API and the limited Node object access to the Kubernetes API.
SYSDIG
Sysdig Monitor Summer 2018 Release
A nice summary of all the good stuff we’ve made available over the past few months: look-and-feel enhancements, new dashboards & metrics, enhanced Kubernetes and Prometheus support.
3 Phases of Prometheus Adoption
Prometheus is the leading software choice for open source cloud-native monitoring. Let’s reflect on the three phases enterprises usually go through on their way to a production-ready monitoring strategy.
Container Security at DevOpsDays Minneapolis
Join us and go hands-on with container visibility, troubleshooting and run-time security monitoring using the Sysdig open source tools (Sysdig, Sysdig Inspect, and Falco). Minneapolis DevOpsDays 12 July.
GET A LIVE DEMO OF MULTIPLE FORENSICS INVESTIGATIONS USING SYSDIG INSPECT: “BEST PRACTICES FOR FORENSICS AND INCIDENT RESPONSE IN CONTAINERS”.
YOU CAN SEE OTHER UPCOMING SYSDIG SESSIONS HERE.
KUBERNETES
Scaling Kubernetes for 25M Users
When we hear about cloud-native scale, the following question is “Where is the next bottleneck?”. Learn from the guys that went from 0 to 25M users in about 18 months.
Kubernetes StatefulSet in Action
Do you really understand how StatefulSets work? Follow this thoroughly documented practical example to experiment with your own live deployment.
Nvidia Opens GPUs for AI Work with Kubernetes
With GPUs becoming more important than ever thanks to the rise of AI, Nvidia is releasing a curated and well-maintained Docker registry of deep learning images that can run directly on the GPU hardware.
Manage Kubernetes Authentication and Authorization Using Heptio Authenticator
Kubernetes doesn’t offer any user management framework out of the box. The Heptio Authenticator lets you use AWS IAM credentials for you Kubernetes cluster.
Developing Apps that Rely on Databases in a Kubernetes Workflow
Stateless code is great, but it’s likely you’ll end up needing to store state somewhere. Project Spawn aims to accelerate development delivering production-like databases on demand.
Keep your Kubernetes Cluster Balanced
High Availability is much more than pod redundancy. Keeping your cluster balanced will not guarantee High Availability, but it will certainly help you towards that goal.
4 Years of K8s
Happy birthday Kubernetes! On June 6, 2014 Joe Beda checked in the first commit of what would become the public repository for Kubernetes. The history of how everything started.
Kubernetes and Offline Etcd Upgrades
Narrated as a sitcom chapter, Kevin Nisbet digs into the horrors of in-place etcd upgrades and rollbacks within autonomous and inaccessible air-gapped clusters.
A First Look at the Helm 3 Plan
Helm has already become a familiar companion for our Kubernetes designs. What can you expect from the third major release of this popular tool?
DOCKER
Local Docker Development for AWS Fargate Application
AWS Fargate is a relatively new technology, learn how to optimize your coding process to adapt to this specific Docker build and run workflow.
Revisiting Docker and Jenkins
No less than eight chapters of curated and updated content on deploying Docker CI/CD with Jenkins, by the backend team at Riot Software.
What Really Happens When You Run docker-compose up
Knowing your tools will help you a great deal when you run into trouble. Learn the specific steps that the docker-compose tool performs to build your stack.
Fixing Docker to Run Smooth on Windows
Windows doesn’t have to be a second-class citizen for Docker local development anymore. Consider using Docker Toolbox as a viable alternative to Native Windows Docker.
Gloo Function Gateway
Gloo is a high-performance, plugin-extendable, platform-agnostic function Gateway built on top of Envoy. You can see a live demo of how to use Gloo to modernize an example application here.
Running a Docker Private Registry on EC2
Private Docker registry doesn’t necessarily mean that it has to run on your own metal. You can deploy and configure a secured repository on Amazon EC2 and Amazon S3.
OTHER
Mesos and Kubernetes: It’s Not a Competition
People often think in terms of x versus y, but it’s not always a question of one technology versus another. These two technologies actually can work in complementary ways with one another.
Overcoming Hurdles to Running Production Workloads in Containers
This post details the 3 major hurdles when adapting your monolith application to container workloads, proposing different solutions using Mesosphere, HPE, And Hedvig.
An Open Source Load Balancer for OpenShift
A highly-available deployment of OpenShift needs at least two load balancers: One to load balance the control plane (the master API endpoints) and one for the data plane (the application routers).
The Path to Cloud-Native Trading Platforms
The Red Hat Performance Team, along with their partners at Solarflare and Supermicro want to demonstrate that it is possible to containerize extreme low-latency applications without any degradation in performance.