June 2019 Container Newsletter.

Hello from all of us here at Sysdig! Summer is just around the corner, but we know that’s not going to stop your craving for news, so hope you enjoy this issue!

Ping us at @sysdig or on our open source Sysdig Slack group to share your feedback or anything you feel should be included in future newsletters! You can also find previous newsletter editions in the Container Newsletter archive.

Sign up for our monthly Cloud-native News.


The new (containerized) open source security stack

Isolation in the container world is not as strong as in the virtual machine world. Learn how containers change the security landscape, forcing you to revisit your defense strategy and tools.

Cloud Native security overview

This Kubernetes security overview (Updated for v1.14) will help you think about cloud-native security in layers, following the 4C’s approach: Cloud, Cluster, Container, Code.

Minimizing privilege escalation in Docker

Docker grants many capabilities by default to any container, let’s adhere to the principle of least privilege and learn how to drop unwanted capabilities in practice following these code examples.

Kubernetes admission controllers for secure deployments

Integrate the Kubernetes admission controllers functionality with Sysdig Secure to enforce image scanning and custom security policies for every image that gets deployed on your cluster.

A policy based approach to container security and compliance

Integrating your CI/CD pipeline with Anchore user-defined policies, security compliance can simply become part of application testing and overall quality.


Custom compliance filters with Sysdig Secure

Using Sysdig Secure, you can now enforce custom compliance filters across the container lifecycle, automating regulatory compliance controls for PCI, NIST and CIS in Kubernetes.

Using K8s audit logs to secure your cluster [KubeCon Video]

This talk demonstrates how to use Kubernetes audit logs to enforce security best practices, detect API misuse, containers holding sensitive data or overly loose permissions on pods.

Falco in KubeCon Barcelona 2019

Two talks about Falco, a CNCF project focused on container runtime security. Introduction to Falco core concepts and a Falco deep dive covering additional event sources and extensibility.

Looking to learn the latest industry trends in deploying containers? Check out upcoming and past Sysdig tech talks and webinars.


How to monitor Golden signals in Kubernetes

What are the Golden signals metrics? How do you monitor these metrics in a Kubernetes application? Learn why Golden signals are one of the best ways to pinpoint application issues.

CI/CD with Argo on Kubernetes

Argo is a CI/CD tool specifically developed for Kubernetes, so it natively integrates with it through CRD’s. Each step runs in its own Docker container on your own Kubernetes cluster.

How to set up a serious Kubernetes terminal

Equip your terminal with a complete Kubernetes swiss army knife with: k9s, kubectx, kubens, kube-ps1, popeye and stern. All the CLI tools a growing k8s nerd needs!

Kubernetes failure stories

Compilation of public failure/horror stories related to Kubernetes. Learn from other’s mistakes and reduce the unknown unknowns of running Kubernetes in production.

Introducing Velero – Backup and DR for Kubernetes

Velero (previously known as Heptio ARK) provides a suite of tools to backup Kubernetes resources and applications for two main purposes: disaster recovery and cluster migration.

10 most important differences between OpenShift and Kubernetes

OpenShift has been often labelled the “Enterprise Kubernetes” by its vendor, but this is just part of the story, let’s dive in and check what are the specific differences between these platforms.

Red Hat OpenShift 4 is now available

Red Hat OpenShift 4 is now GA, this major release brings with it the power of Kubernetes Operators, Red Hat Enterprise Linux CoreOS, and the Istio-based OpenShift Service Mesh.


Continuous delivery with GitLab and Pulumi on Amazon EKS

Practical example with code documentation on how to use Pulumi to enable GitLab-based continuous delivery with your Kubernetes workloads on Amazon EKS.

Debugging a Kubernetes Node.js App on IBM Cloud

This article explains how to do debugging in Kubernetes using VS Code on the desktop and Node running in IBM Cloud, this workflow can be easily adapted to other languages.

Running EC2 Spot Instances as Kubernetes worker nodes

It may sound scary at first, but it’s absolutely possible to run your Kubernetes worker nodes on EC2 Spot Instances. You just need to adapt your design and add the required redundancy.

Continuous integration and delivery to AWS Kubernetes

Combine the Semaphore CI platform with AWS Elastic Container Registry (ECR) and Kubernetes Service (EKS) to get a fully managed cluster in a few minutes.

AWS Lambda Deployments with Ballerina

Learn about Ballerina, a language for developers seeking to create and integrate containerized microservices, and how to use it to deploy functions in an AWS Lambda.