Hello from all of us here at Sysdig! This month we bring plenty of exciting news for our users, like kube-state-metrics support and tighter integration with the Prometheus ecosystem, but enough spoilers already.
So here it is again: a monthly newsletter to share the latest happenings in the container ecosystem across vendors and open source projects like Docker, Kubernetes, DC/OS Mesos, Openshift, etc.
We hope you enjoy this! Ping us at @sysdig or on our open source Sysdig Slack group to share anything you feel we should include here, we are looking forward your contributions!
SECURITY
Securing the Kubernetes dashboard
Tesla (yes, that company) was recently attacked using a vulnerable dashboard. Learn how to use RBAC and network policies to secure this often overlooked Kubernetes component.
TUF, Notary, and the importance of software security
CNCF added two open-source security projects to its roster, Notary and The Update Framework (TUF). Read about their rationale and basic concepts from Docker’s Head of Security.
Policy-based image validation for Kubernetes
Kubernetes 1.9 added beta support for ValidatingAdmissionWebhooks. Learn how to use this mechanism together with Anchore Engine to validate image execution.
Serverless security: what’s left to protect?
Don’t just think that “serverless” means that you don’t need to care about infrastructure security ever again. This article thoroughly discusses the security implications of the new paradigm.
SYSDIG
Introducing kube-state-metrics support
We’re thrilled to announce the expansion of Sysdig Monitor integration with Kubernetes with the release of kube-state-metrics support. Thanks to kube-state-metrics, we add a new dimension to Kubernetes monitoring.
Sysdig Secure February release
There are three main themes in this February Sysdig Secure release: Kubernetes-oriented policies and dashboards, improved policy management and new enterprise integrations.
Sysdig Monitor winter 2017-18 release
And not just kube-state-metrics, a lot of useful features have been rolled out in the most recent update of Sysdig Monitor.
Introducing Sysdig Spotlight: your new toolkit to discovery and maintenance
The era of telling your monitoring software what to look for is over. That’s what our new Sysdig Monitor capability, Spotlight, is all about. Analytics, health checks, information surfacing and more.
JOIN THE UPCOMING WEBINAR “PRINCIPLES OF MONITORING MICROSERVICES“.
YOU CAN SEE OTHER UPCOMING SYSDIG WEBINARS AND OUR LIBRARY OF ON-DEMAND WEBINARS HERE.
KUBERNETES
A look into the Kubernetes master components
In-depth look at the most important control plane components of a single Kubernetes master node: etcd, the API server, the scheduler and the controller manager.
Dissecting Kubernetes deployments
The ‘deployment’ is a fundamental building block of your Kubernetes infrastructure. Let’s dissect its moving parts and associated event triggers.
How to build a Kubernetes horizontal pod autoscaler using custom metrics
Learn how to configure your Kubernetes Horizontal Pod Autoscaler to dynamically scale using any monitoring metric by implementing a service that extends the custom metrics API.
Production ready ingress on Kubernetes
There is no “default out-of-the-box” Kubernetes ingress controller, leaving us with plenty of options to choose from. Which one to use considering your business requirements?
Validate your Kubernetes configuration files with kubeval
Kubernetes provides formal schema definitions for their pods, deployments, etc. This tool uses those schemas to validate your YAML or JSON files against different Kubernetes versions.
Winter was not delayed
How HBO uses Kubernetes to bring us Game of Thrones (we just had to include this one). How did they handle the swell of traffic during Season 7? Using containers and Kubernetes, of course.
How to monitor Istio, the Kubernetes service mesh
In this article we are going to deploy and monitor Istio over a Kubernetes cluster. Istio is a microservice mesh platform that offers advanced routing, security and much more.
Kubernetes is not a DevOps cure-all
There is always room for healthy criticism. Kubernetes, being a really exciting and hugely successful platform, will not single-handedly solve all your IT limitations and outages.
Helm, the first project to exit Kubernetes Incubator
We have discussed the Helm project several times and are happy to see it leaving the nest. Helm project has met the high quality standards required to graduate from the incubator program.
DOCKER
A practical introduction to container terminology
Containers 101. A very systematic and complete introduction to the already-rich container terminology. If you are just starting, this read will probably clarify a lot of blurry concepts.
Clean out your Docker images, containers and volumes with single commands
You have probably experienced Docker environments that keep hoarding unused images, data volumes, container instances, etc. Learn how to perform that much needed garbage collection.
Prometheus experiments with docker-compose
Get Prometheus, Grafana and friends up and running in a jiffy using these docker-compose files. Also, tips on how to properly combine multiple docker-compose files.
MySQL databases that don’t retain data
Why would you need such thing? Think testing, for example. MySQL default base image already includes a volume, but there are several option to create pure stateless instances.
Top 10 benefits you will get by using Docker
Still not a Docker believer? this article should do the trick. If you need more tangible evidence, you will also find success stories and case studies from several world-class companies.
Troubleshooting container networking
Container to container networking issues typically manifest themselves as intermittent connection timeouts. Follow this network troubleshooting script using regular Linux commands.
How Docker can help you become a more effective data scientist
Reproducibility, Portability of your compute environment and making your work accessible to others. Docker is not just for IT / DevOps / SRE people.
Docker image building – lessons learned
Here are some hard-won lessons. Like having a good directory structure, some software tools that will help you and iterative optimization.
How to write dockerfiles for Python web apps
This post is filled with examples ranging from a simple Dockerfile to multistage production builds for Python apps. Together with a github repo with all the code examples readily available.
OTHER
Installing OpenShift 3.7.1 in under 30 minutes
If you find yourself a bit overwhelmed by the extensive OpenShift deployment documentation, stop worrying. This tutorial will get you up and running in 30 minutes.
The oc command for newbies
Did you know that the ‘oc’ command has a lot of tricks up its sleeve? you will probably find something neat and useful for your everyday OpenShift workflow in this article.
Cassandra on DC/OS tutorial
Cassandra is a popular data store for big data pipelines, specifically the SMACK stack. This post would help you quickly install a Cassandra cluster, or two, in a development environment.
Building a confluent Kafka data pipeline on DC/OS
Deploying data services has always been a strong point of DC/OS, but why stop there? Let’s take the next step and connect data services to create a complete data pipeline.