Hello from all of us here at
Sysdig! Even after the hectic last weeks at DockerCon and KubeCon EU the container tech world is not slowing down, so here it is again: a monthly newsletter to share the latest happenings in the container ecosystem across vendors and open source projects like Docker, Kubernetes, DC/OS Mesos, Openshift, etc.
We hope you enjoy this! Ping us at
@sysdig or on our open source slack group
#sysdig to share anything you feel we should include here, we are looking forward your contributions!
DOCKER
What is the Moby Project?
Admittedly, the Docker and Moby redefinitions have been somewhat confusing, but maybe it’s all for the better! The former Docker monolith has been broken into smaller, more modular pieces. Learn how everything
fits together now.
Docker’s LinuxKit
Along with Moby, we have another newcomer: LinuxKit, a tool to build minimal Linux distributions. Following
this tutorial you can build your own lean base container image.
Multi-stage Dockerfile for Go
We already mentioned the new multi-stage Docker feature that helps you avoid the cumbersome 2-container Builder Pattern. This is a working Go compilation
example demonstrating this technique.
Docker overlay networks
Blog post delivered in two installments that goes into deep detail on how the Docker network overlay works: network namespaces, VXLAN, Netlink and the internal distributed key-value store.
Part 1,
Part 2.
Best practices Docker template for NodeJS
A seasoned NodeJS developer shares his
best practices, sane defaults and general advice as a GitHub repository, Docker template and documentation included.
Monster list of Docker tips
From general advice, Consul, security, managing secrets, Docker Swarm… it’s certainly a
huge compilation of tips. Feel free to cherry pick the bits most relevant for your use case.
How the Docker CLI talks to the host
Docker is a client/server architecture and the Docker CLI does not need to be in the same host as the daemon.
This article decomposes the different parts of this interaction: Docker daemon, REST API, CLI.
Moving your app to Docker, 5 steps to plan ahead
So, you have finally decided you need to get on board and containerize your application.
This article will help you write down your requirements and initial migration plan.
Showcase your Docker apps in a single click
Using Play-with-Docker you can embed a button in your Docker Hub or Github sites to setup a
PWD environment and deploy a stack right away.
KUBERNETES
Four useful Kubernetes tools
kube-applier for automated deployment, kubetop to check resource utilization, kubectx for quick context switch, kubeadm-dind-cluster for development and testing clusters. How they could miss Sysdig opensource troubleshooting
tool in this
toolkit? ;)
Upgrade your Kubernetes cluster with kubeadm
Upgrading a distributed system is a complex task, specially if you don’t want to miss a beat in your production environment. The fully automated
kubeadm upgrade is not here yet, but you can do it with a little bit of
tinkering.
Fighting service latency
Moving from monolithic to microservices, now you realize you have to consider all the latencies introduced by internal container communication.
Keep them in check using features like node affinity.
Run once DaemonSet
What if you need to execute a task exactly once in every container of a deployment? There is a planned feature called CronJob DaemonSet that will address this case, but until then,
here is a clever workaround to achieve this behavior.
Write you own Kubernetes scheduler in Python
One of the core components of the Kubernetes head node is the Pod scheduler. You can specify a custom scheduler in your Pod definition.
This article illustrates how you can create a basic Python scheduler.
Testing Helm Chart reliability
You probably know Helm already, aka the Kubernetes package manager. It’s time to do a little bit of stress testing to detect possible limitations and caveats.
Part 1 and
Part 2.
Linkerd 1.0
Buoyant has released version
1.0 of Linkerd, the scalable service mesh for cloud-native applications. Apart for the usual bug fixing and optimization, it features finer grained per-service and per-client configurations.
Kubernetes, the smart person’s guide
An executive summary of Kubernetes, listing all the entities, fundamental questions and links to additional resources. A concise
cheat sheet for anyone starting with this topic.
OPENSHIFT
Image Streams
Image streams feature allows you to keep a consistent pointer to your images, tracking a known-good version and avoiding breaking your application when an incorrectly tagged image is updated.
Storing Openshift secrets in Vault
This article starts by describing default
secret items and their current limitations, then it offers HashiCorp’s Vault as a security enhancement, deploying a running example.
Is my Openshift overbooked?
If you are new to Openshift administration, this is not a trivial question. With
this article you will learn about the basic resource management entities and how to monitor them.MESOS
Free O’Reilly DC/OS book
The development model of new applications is rapidly shifting from VMs to microservices and containers.
This ebook outlines how DC/OS can be used to effectively build and run these applications.
Deep learning with DC/OS GPU-based scheduling
GPU offloading, machine learning and Google’s Tensorflow libraries are all the rage. Now is the turn of DC/OS to demonstrate these technologies in its distributed environment.
Part 1 and
Part 2.
Marathon and DC/OS by example
Feeling a bit overwhelmed by all the options and configurations required for Service Discovery and Load Balancing on DC/OS?
This detailed and thorough blog post will get you started.
SYSDIG
Sysdig Monitor spring 2017 release
Our last Sysdig Monitor release new features and improvements: Docker Swarm integration, Kubernetes 1.6, usability improvements and UI redesign, new types of alerts, security enhancements… Don’t miss
this overview.
How to monitor Nginx
Take advantage of the many possibilities of monitoring Nginx
with container platform metadata: HTTP application metrics, top or slowest URIs. No code instrumentation or log parsing required.
Linkerd, the microservices proxy
Learn how to monitor its backend balancer, aggregated service metrics and circuit breaking capabilities, along with alarms that benefit from all this
Linkerd specific metadata.
A user’s view of Sysdig
Kris reviewed Sysdig and Sysdig Monitor writing
an article about its internals, pros and cons.
Monitoring Azure containers with Sysdig
Sysdig loves Azure, and we can
prove it. This is how Sysdig automatically aggregates your monitoring metrics and generate the relevant views.