March 2018 Container Newsletter.

Hello from all of us here at Sysdig! This month we bring plenty of exciting news for our users, like kube-state-metrics support and tighter integration with the Prometheus ecosystem, but enough spoilers already.

So here it is again: a monthly newsletter to share the latest happenings in the container ecosystem across vendors and open source projects like Docker, Kubernetes, DC/OS Mesos, Openshift, etc.

We hope you enjoy this! Ping us at @sysdig or on our open source Sysdig Slack group to share anything you feel we should include here, we are looking forward your contributions!


Securing the Kubernetes dashboard

Tesla (yes, that company) was recently attacked using a vulnerable dashboard. Learn how to use RBAC and network policies to secure this often overlooked Kubernetes component.

TUF, Notary, and the importance of software security

CNCF added two open-source security projects to its roster, Notary and The Update Framework (TUF). Read about their rationale and basic concepts from Docker’s Head of Security.

Policy-based image validation for Kubernetes

Kubernetes 1.9 added beta support for ValidatingAdmissionWebhooks. Learn how to use this mechanism together with Anchore Engine to validate image execution.

Serverless security: what’s left to protect?

Don’t just think that “serverless” means that you don’t need to care about infrastructure security ever again. This article thoroughly discusses the security implications of the new paradigm.


Introducing kube-state-metrics support

We’re thrilled to announce the expansion of Sysdig Monitor integration with Kubernetes with the release of kube-state-metrics support. Thanks to kube-state-metrics, we add a new dimension to Kubernetes monitoring.

Sysdig Secure February release

There are three main themes in this February Sysdig Secure release: Kubernetes-oriented policies and dashboards, improved policy management and new enterprise integrations.

Sysdig Monitor winter 2017-18 release

And not just kube-state-metrics, a lot of useful features have been rolled out in the most recent update of Sysdig Monitor.

Introducing Sysdig Spotlight: your new toolkit to discovery and maintenance

The era of telling your monitoring software what to look for is over. That’s what our new Sysdig Monitor capability, Spotlight, is all about. Analytics, health checks, information surfacing and more.




A look into the Kubernetes master components

In-depth look at the most important control plane components of a single Kubernetes master node: etcd, the API server, the scheduler and the controller manager.

Dissecting Kubernetes deployments

The ‘deployment’ is a fundamental building block of your Kubernetes infrastructure. Let’s dissect its moving parts and associated event triggers.

How to build a Kubernetes horizontal pod autoscaler using custom metrics

Learn how to configure your Kubernetes Horizontal Pod Autoscaler to dynamically scale using any monitoring metric by implementing a service that extends the custom metrics API.

Production ready ingress on Kubernetes

There is no “default out-of-the-box” Kubernetes ingress controller, leaving us with plenty of options to choose from. Which one to use considering your business requirements?

Validate your Kubernetes configuration files with kubeval

Kubernetes provides formal schema definitions for their pods, deployments, etc. This tool uses those schemas to validate your YAML or JSON files against different Kubernetes versions.

Winter was not delayed

How HBO uses Kubernetes to bring us Game of Thrones (we just had to include this one). How did they handle the swell of traffic during Season 7? Using containers and Kubernetes, of course.

How to monitor Istio, the Kubernetes service mesh

In this article we are going to deploy and monitor Istio over a Kubernetes cluster. Istio is a microservice mesh platform that offers advanced routing, security and much more.

Kubernetes is not a DevOps cure-all

There is always room for healthy criticism. Kubernetes, being a really exciting and hugely successful platform, will not single-handedly solve all your IT limitations and outages.

Helm, the first project to exit Kubernetes Incubator

We have discussed the Helm project several times and are happy to see it leaving the nest. Helm project has met the high quality standards required to graduate from the incubator program.


A practical introduction to container terminology

Containers 101. A very systematic and complete introduction to the already-rich container terminology. If you are just starting, this read will probably clarify a lot of blurry concepts.

Clean out your Docker images, containers and volumes with single commands

You have probably experienced Docker environments that keep hoarding unused images, data volumes, container instances, etc. Learn how to perform that much needed garbage collection.

Prometheus experiments with docker-compose

Get Prometheus, Grafana and friends up and running in a jiffy using these docker-compose files. Also, tips on how to properly combine multiple docker-compose files.

MySQL databases that don’t retain data

Why would you need such thing? Think testing, for example. MySQL default base image already includes a volume, but there are several option to create pure stateless instances.

Top 10 benefits you will get by using Docker

Still not a Docker believer? this article should do the trick. If you need more tangible evidence, you will also find success stories and case studies from several world-class companies.

Troubleshooting container networking

Container to container networking issues typically manifest themselves as intermittent connection timeouts. Follow this network troubleshooting script using regular Linux commands.

How Docker can help you become a more effective data scientist

Reproducibility, Portability of your compute environment and making your work accessible to others. Docker is not just for IT / DevOps / SRE people.

Docker image building – lessons learned

Here are some hard-won lessons. Like having a good directory structure, some software tools that will help you and iterative optimization.

How to write dockerfiles for Python web apps

This post is filled with examples ranging from a simple Dockerfile to multistage production builds for Python apps. Together with a github repo with all the code examples readily available.


Installing OpenShift 3.7.1 in under 30 minutes

If you find yourself a bit overwhelmed by the extensive OpenShift deployment documentation, stop worrying. This tutorial will get you up and running in 30 minutes.

The oc command for newbies

Did you know that the ‘oc’ command has a lot of tricks up its sleeve? you will probably find something neat and useful for your everyday OpenShift workflow in this article.

Cassandra on DC/OS tutorial

Cassandra is a popular data store for big data pipelines, specifically the SMACK stack. This post would help you quickly install a Cassandra cluster, or two, in a development environment.

Building a confluent Kafka data pipeline on DC/OS

Deploying data services has always been a strong point of DC/OS, but why stop there? Let’s take the next step and connect data services to create a complete data pipeline.