June 2017 Container Newsletter.

Hello from all of us here at Sysdig! We’re excited to announce 2017 Sysdig Camp-Con-World-Fest-Summit, the hands-on container conference is back for its second year.  Registration now open! In this monthly newsletter, as we like to do, we’ll share the latest happenings in the container ecosystem across vendors and open source projects like Docker, Kubernetes, DC/OS Mesos, Openshift, etc. We hope you enjoy this! Ping us at @sysdig or on our open source slack group #sysdig to share anything you feel we should include here, we are looking forward your contributions!


Container isolation gone wrong

Containers can have separate quotas for CPU, memory, storage… what could possibly go wrong? Don’t miss this eye-opening kernel troubleshooting story.

Is Docker insecure?

Docker is a relatively new, game-changing technology. Is it secure enough for mission-critical deployments? Spoiler alert: Yes!

Docker for Continuous Delivery

A nice “getting started” Docker tutorial that starts from the essentials and follows the migration and CI/CD deployment at

Container security and immutability

This post focuses on the concept of container immutability and its close relation with security.

Modernize traditional apps in government IT

This post and video describes the challenges of migrating a wealth of production government apps to Docker.

A quick look at LinuxKit packaging system

A step by step comprehensive tutorial on creating your own base image using the LinuxKit tools.

Deploying functions to Docker Swarm

This experimental CLI let’s you easily deploy code functions to Docker Swarm. How cool is that?

Top 6 changes in Docker CE 17.05

High level changelog for v17.05.0-ce. The features that stand out for us are ‘Multi-stage builds’ and ‘Task logs’.

What is Docker Enterprise Edition?

Rationale for a Docker EE with certified platforms, cloud providers and also its associated partner certification program.

Guide to using Docker as a local development platform

Series of blog posts that will help you setup your local programming environment achieving full Docker-independence from your baremetal OS. Part1Part2.


High Availability logging using the ELK stack

Learn from the experiences of running a strictly HA logging deployment required to support low latency PC gaming all over the world.

Self-provisioning storage volumes in Kubernetes

Deploy self-provisioned storage quotas using the Trident orchestrator, granting more independence to your platform users without the worry.

Which container orchestrator do you really need?

Thorough comparison of Kubernetes vs. Mesos vs. Docker Swarm, offering all the right questions to help you make an informed decision.

PAM-based webhook authentication

Authenticating your users and groups against Kubernetes ala ‘Windows Domain’? Yes! And seamless migration of your existing authentication mechanisms.

Making Kubernetes production ready

What does it take to run 7500 containers supporting 300 micro-service based applications? Fasten your seat belts.

Kubernetes by example

Hands-on introduction to Kubernetes. Very well organized and providing example use cases for each Kubernetes operational entity.

k8sh, shell wrapper for Kubernetes

shell wrapper that automatically imports your kubectl configuration providing handy shortcuts and Kubernetes context, neat!

The inner workings of Kubernetes

Go beyond the operative use of Kubernetes and delve deeper into its core components and loosely coupled distributed system.

Streamlining Kubernetes development with Draft

Want an accessible and automated way to introduce your developers to containerized applications and Kubernetes? Draft is the tool.


Helm on OpenShift with Monocular

\ Monocular is a nice web UI to deploy your Helm charts, this tutorial will show you how to install it on OpenShift and current compatibility limitations.

DevOps with OpenShift

Three OpenShift experts at Red Hat illustrate infrastructure-as-code an application automation in this free ebook.

Multiple OpenShift deployment methods

OpenShift is so adaptable and flexible there are many different ways to deploy an application. Find the one that best fits your criteria following the advice in this blogpost.


SMACK stack is the new LAMP stack

Spark, Mesos, Akka, Cassandra, Kafka. Cloud provider agnostic, optimized for machine learning and data-driven.

And Fast Data is the new big data

Are you familiar already with the concept of ‘Fast Data’? It’s not only collecting huge amounts of data but being able to process it in real time.

How Uber manages a million writes per second

Uber built their own system that runs Cassandra on top of Mesos. Read about some interesting findings from the experience and their scalability design.


Sysdig Camp-Con-World-Fest-Summit: The hands-on container conference. REGISTER NOW!

Sept 26-27 in San Francisco. The theme is: Containers in Operation. Bringing together some of the best information possible on Managing, Monitoring, Troubleshooting, and Securing containers in the wild. See amazing speakers, like Kelsey Hightower from Google, Loris Degioanni CEO/Founder Sysdig, and Gianluca Borello Sysdig guru and others… Early bird registration is now live!

Everyone has a story to tell… What’s your container story? OPEN CALL FOR PAPERS.

Help contribute to this exploding new world and share your story. We’re looking for developers, ops, architects, etc to tell their container tips and tricks at our hands-on container conference, Sysdig Camp-Con-World-Fest-Summit: Submit your story.

Nginx monitoring on Kubernetes: Metrics alerts

Second part of the Nginx monitoring series, covering the required alerts and warnings.