Hello from all of us here at Sysdig! Last fall has been full of good news and exciting announcements for you, Sysdig followers. You need to be pretty fast to keep up with the hectic container world!
So here it is again: a monthly newsletter to share the latest happenings in the container ecosystem across vendors and open source projects like Docker, Kubernetes, DC/OS Mesos, Openshift, etc.
We hope you enjoy this! Ping us at @sysdig or on our open source slack group #sysdig to share anything you feel we should include here, we are looking forward your contributions!
DOCKER
Introducing BuildKitBuildKit is the new Moby project codebase meant to replace the internals of the current build process in the Moby Engine. BuildKit aims to improve performance, storage management and extensibility.
Improving the security of privileged Docker containersPrivileged containers don’t need to have full root capabilities. Learn how to get a granular level of permissions minimizing security risks.
Building a minimalistic LinuxKit OS on Raspberry PiWant to get started with LinuxKit but don’t have much time nor hardware budget? This tutorial will teach you the basics while you have good fun tinkering with your Rpi.
Containerd namespaces for DockerContainer namespaces allow various features, most notably, the ability for one client to create, edit, and delete resources without affecting another client, mandatory for true multi-tenancy.
Docker on Windows Server 1709Microsoft has released Windows Server 1709 in Azure, and it comes with Docker 17.06.1 EE preinstalled!! You can even run Powershell as a Docker image.
Slim modular Java 9 Docker runtimeWho said that Java runtimes are heavy? This stripped down JRE over Alpine Linux offers you a slick ~80MB base image for your Dockerized Java 9 projects.
Lift and shift with Docker“Lift and shift” slang means taking the monolithic applications you built with blood, sweat and tears and now move them to the cloud. Learn from the experience at Nerd Dinner.
Local HTTPS during development with DockerHTTPS and globally-valid certificates have always been a headache when developing on your local environment. This blog post offers you a Docker-native fast and clean solution.
Getting started with Docker and KubernetesLearning about the two hottest technologies on the planet has never been easier! Take a look at this compilation of self learning resources and tools.
OPENSHIFT
Building declarative pipeline with OpenShift DSL pluginLearn how to use Jenkinsfile and the new OpenShift Client (DSL) Plugin to create a declarative pipeline capable to interact with multiple projects and even multiple OpenShift clusters.
What’s new in OpenShift 3.7Service Catalog and Brokers graduates out of Technology Preview in this new release: a place for service consumers to find services removing manual error-prone processes.
SYSDIG
Sysdig Secure, Docker native run-time securityThis article is a hands-on walk through over the multiple features and security policies available in Sysdig Secure. Run-time Docker security coupled with Sysdig Inspect forensics.
DevOps GDPR complianceEuropean General Data Protection Regulation means that your organization needs to review how it handles personal data. DevOps GDPR compliance with Sysdig Secure will help you with the ‘Breach Prevention’ and ‘Breach Response & Forensics’ sections.
KUBERNETES
How to harden internal kube-system servicesImplement run-time Kubernetes security checks for your core kube-system components using whitelisting and automated rule generation for Sysdig Secure.
Quality of Service (QoS) classes in KubernetesReally helpful article on the different QoS and resource consumption mechanisms that you can implement for your Kubernetes pods.
Kube-Node: let your Kubernetes cluster auto-manage its nodesOne major downside for developers is that Kubernetes is not able to auto-manage and auto-scale its own machines. The kube-node project aims to fix this limitation offering native node management.
Kubernetes on Azure: CD with Jenkins and HelmThis tutorial will show you how to build you own continuous deployment pipeline from scratch using Jenkins and Helm packages.
Network bandwith and load Kubernetes stress testsCheck out this test tool consisting of two Helm charts that will check network performance and compute quality of service stats for your Kubernetes services.
An illustrated guide to Kubernetes networkingYou’ve been running a bunch of services on a Kubernetes cluster and reaping the benefits. Do you know how it all works under the hood? This article will shed a lot of light. Also, nice animations!
Securing HelmThe Helm Kubernetes package manager is already maturing, make sure you follow these security best practices for production environments.
Microsoft doubles down on Kubernetes for AzureBesides offering Kubernetes support on Azure Container Service (ACS), Microsoft it’s also offering Kubernetes on Azure as Azure Container Service (AKS). The writing is on the wall.
Deploy a Go application to Kubernetes in 30 secondsReady Steady Go. Automatically run the code tests, generate the image with all the dependencies and artifacts and deploy your application in record time.
MESOS
Resource booster for faster application startupMany containerized applications have a resource-intensive startup phase before they can serve real loads. Using DC/OS Pods you can allocate extra resources that will be freed after boot.
Expose DC/OS apps to the outside worldNew DC/OS edge load-balancer adds unique, customizable and high-performance inbound traffic management. DC/OS tight integration makes application-aware scheduling a reality.
SYSDIG
Kubernetes management with Sysdig table panelsWhen you have to do Kubernetes management over a cluster containing hundreds of nodes, you need to properly visualize and organize inventory data in a flexible, automated way.
Come meet us at KubeCon North America 2017!Don’t miss our Container Troubleshooting with Sysdig Open Source. Use-case driven training on container visibility, troubleshooting and run-time Docker security.