November 2017 Container Newsletter.

Hello from all of us here at Sysdig! Last fall has been full of good news and exciting announcements for you, Sysdig followers. You need to be pretty fast to keep up with the hectic container world!

So here it is again: a monthly newsletter to share the latest happenings in the container ecosystem across vendors and open source projects like Docker, Kubernetes, DC/OS Mesos, Openshift, etc.

We hope you enjoy this! Ping us at @sysdig or on our open source slack group #sysdig to share anything you feel we should include here, we are looking forward your contributions!


Introducing BuildKit

BuildKit is the new Moby project codebase meant to replace the internals of the current build process in the Moby Engine. BuildKit aims to improve performance, storage management and extensibility.

Improving the security of privileged Docker containers

Privileged containers don’t need to have full root capabilities. Learn how to get a granular level of permissions minimizing security risks.

Building a minimalistic LinuxKit OS on Raspberry Pi

Want to get started with LinuxKit but don’t have much time nor hardware budget? This tutorial will teach you the basics while you have good fun tinkering with your Rpi.

Containerd namespaces for Docker

Container namespaces allow various features, most notably, the ability for one client to create, edit, and delete resources without affecting another client, mandatory for true multi-tenancy.

Docker on Windows Server 1709

Microsoft has released Windows Server 1709 in Azure, and it comes with Docker 17.06.1 EE preinstalled!! You can even run Powershell as a Docker image.

Slim modular Java 9 Docker runtime

Who said that Java runtimes are heavy? This stripped down JRE over Alpine Linux offers you a slick ~80MB base image for your Dockerized Java 9 projects.

Lift and shift with Docker

“Lift and shift” slang means taking the monolithic applications you built with blood, sweat and tears and now move them to the cloud. Learn from the experience at Nerd Dinner.

Local HTTPS during development with Docker

HTTPS and globally-valid certificates have always been a headache when developing on your local environment. This blog post offers you a Docker-native fast and clean solution.

Getting started with Docker and Kubernetes

Learning about the two hottest technologies on the planet has never been easier! Take a look at this compilation of self learning resources and tools.


Building declarative pipeline with OpenShift DSL plugin

Learn how to use Jenkinsfile and the new OpenShift Client (DSL) Plugin to create a declarative pipeline capable to interact with multiple projects and even multiple OpenShift clusters.

What’s new in OpenShift 3.7

Service Catalog and Brokers graduates out of Technology Preview in this new release: a place for service consumers to find services removing manual error-prone processes.


Sysdig Secure, Docker native run-time security

This article is a hands-on walk through over the multiple features and security policies available in Sysdig Secure. Run-time Docker security coupled with Sysdig Inspect forensics.

DevOps GDPR compliance

European General Data Protection Regulation means that your organization needs to review how it handles personal data. DevOps GDPR compliance with Sysdig Secure will help you with the ‘Breach Prevention’ and ‘Breach Response & Forensics’ sections.


How to harden internal kube-system services

Implement run-time Kubernetes security checks for your core kube-system components using whitelisting and automated rule generation for Sysdig Secure.

Quality of Service (QoS) classes in Kubernetes

Really helpful article on the different QoS and resource consumption mechanisms that you can implement for your Kubernetes pods.

Kube-Node: let your Kubernetes cluster auto-manage its nodes

One major downside for developers is that Kubernetes is not able to auto-manage and auto-scale its own machines. The kube-node project aims to fix this limitation offering native node management.

Kubernetes on Azure: CD with Jenkins and Helm

This tutorial will show you how to build you own continuous deployment pipeline from scratch using Jenkins and Helm packages.

Network bandwith and load Kubernetes stress tests

Check out this test tool consisting of two Helm charts that will check network performance and compute quality of service stats for your Kubernetes services.

An illustrated guide to Kubernetes networking

You’ve been running a bunch of services on a Kubernetes cluster and reaping the benefits. Do you know how it all works under the hood? This article will shed a lot of light. Also, nice animations!

Securing Helm

The Helm Kubernetes package manager is already maturing, make sure you follow these security best practices for production environments.

Microsoft doubles down on Kubernetes for Azure

Besides offering Kubernetes support on Azure Container Service (ACS), Microsoft it’s also offering Kubernetes on Azure as Azure Container Service (AKS). The writing is on the wall.

Deploy a Go application to Kubernetes in 30 seconds

Ready Steady Go. Automatically run the code tests, generate the image with all the dependencies and artifacts and deploy your application in record time.


Resource booster for faster application startup

Many containerized applications have a resource-intensive startup phase before they can serve real loads. Using DC/OS Pods you can allocate extra resources that will be freed after boot.

Expose DC/OS apps to the outside world

New DC/OS edge load-balancer adds unique, customizable and high-performance inbound traffic management. DC/OS tight integration makes application-aware scheduling a reality.


Kubernetes management with Sysdig table panels

When you have to do Kubernetes management over a cluster containing hundreds of nodes, you need to properly visualize and organize inventory data in a flexible, automated way.

Come meet us at KubeCon North America 2017!

Don’t miss our Container Troubleshooting with Sysdig Open Source. Use-case driven training on container visibility, troubleshooting and run-time Docker security.