September 2017 Container Newsletter.

Hello from all of us here at Sysdig! CCWFS has surpassed all our expectations: top notch speakers, a committed, tech-savvy audience and live unveiling of the brand new Sysdig Secure and Sysdig Inspect products.

Time to unwind and go back to the never ending stream of container innovation, here it is again: a monthly newsletter to share the latest happenings in the container ecosystem across vendors and open source projects like Docker, Kubernetes, DC/OS Mesos, Openshift, and more.

We hope you enjoy this! Ping us at @sysdig or on our open source slack group #sysdig to share anything you feel we should include here, we are looking forward your contributions!


Microsoft SQL on Docker

Yes, you can run databases in containers! The new MS SQL containers will be available for download at the Docker Store in October.

Auto-scaling Docker Swarm using instrumented metrics

You need your Swarm to adapt to dynamic workloads, adjust your scaler with application-specific metrics.

Serverless sorcery with ImageMagick

Deploying the venerable ImageMagick as a scalable serverless function with OpenFaaS, using Docker, Docker Swarm or Kubernetes.

Tagging Docker images the right way

Stop using ad-hoc serial numbers to tag your images, consider automate label generation with a little bit of git magic.

Pumba, test for chaos

Inspired by the “Netflix Chaos Monkey”, Pumba connects to the Docker daemon and generates infrastructure chaos: “randomly” killing, stopping, and removing running containers.

Migrate your old recipes from container links to user-defined networks. Step by step and applying the principle of least privilege.

Multi-platform DockerHub images

Using extended manifests, Docker will automatically select the image that matches your platform / OS.

Use multi-stage builds to inject CA certs

Dealing with root CA certificates is a pain but multi-stage builds make it easier to borrow security artifacts from other images.

The two metrics that matter for host security

Introducing the ‘reverse uptime’ and ‘golden image freshness’ concepts, they will completely change the way you look at your infrastructure design and security.


OpenShift and Blockchain

Intriguing right? Blockchain is much more than just Bitcoin. Red Hat has partnered with BlockApps, one of the leaders in the blockchain space to offer Blockchain-as-a-Service.

9 Lessons from our Customers

The DevOps (replace with your favourite buzzword) culture is maturing, these are 9 important lessons the OpenShift team has compiled for you.

Why Red Hat Chose Kubernetes for OpenShift

Out of all the available container orchestration solutions, why Kubernetes? Here you have a thoroughly detailed rationale, both from the technical and community point of view. Get the facts.


Announcing Sysdig Secure: container run-time security and forensics

Sysdig Secure is designed to provide container run-time security & forensics for enterprises with distributed, dynamic services. Secure comes with deep container visibility and a natural integration with key orchestration technologies like Kubernetes, Docker, OpenShift, Amazon ECS.

Sysdig Secure shares the same instrumentation as Sysdig Monitor, the exact same analytics backend, and consistent UIs.

This is just the beginning, attend one of our Sysdig Secure intro webinars.


Kubernetes 1.8 is here!

RBAC support finally graduated to stable, Workloads API, TLS certificate rotation and much more.

Kubernetes and Vault

Cloud agnostic, application agnostic and scalable distribution of access credentials with HahiCorp Vault and Kubernetes.

Heptio Sonobuoy scanner

A web-based tool to check your Kubernetes cluster configuration. Just launch the Sonobouy scanner on your cluster and connect to it to get a detailed conformance report.

Kernel tuning in Kubernetes

Need to fine tune a kernel parameter in a readable, declarative way? You can use sysctl and init containers to avoid ad-hoc hacks.

CRIO-O workflow

Try out a Kubernetes deployment that uses CRI-O containers buildah and kpod instead of the default Docker stack.

Kanali Ingress controller

Meet Kanali, performance centric, featuring open tracing integration, declarative configuration and available to install using Helm.

Using Nginx as Ingress controller

Learn from the experience of running Nginx for some heavy duty, multi environment production deployment.

Blue-Green deployment pattern

Some workloads just don’t work well with rolling updates, you need to switch versions globally in one single step. Blue-Green deployment strategy mitigates this limitation.

Kubernetes certifications

As Kubernetes cloud container orchestration grows ever more important, so does the need for qualified Kubernetes administrators! Certified Kubernetes Administrator (CKA) program and exam.


Announcing: Kubernetes on DC/OS

Kubernetes on DC/OS is available on beta stage! Mesosphere DC/OS is finally including Kubernetes as a Marathon alternative, aiming to provide a “public cloud” experience.

Mesos deployment checklist

Deploying a small Go-based API server using Docker over Mesos? Piece of cake. But if you want to have a proper production deployment, follow this useful checklist.

Real-Time processing of geospatial data with Mesosphere

With the IoT we suddenly have customers that need millions of events per second.


Sysdig Inspect has also joined the family!

The Sysdig FOSS tool is awesome extracting rich capture files with full visibility and containers’ metadata. However, mastering the art of analyzing sysdig capture files requires dedication and skills. We want to help you!

Sysdig Inspect is a powerful, intuitive tool for sysdig capture analysis that runs natively on your Mac or your Linux PC, with a user interface that has been designed for performance and security investigation.

The big OOM theory

How do you debug a container that dies periodically because it gets OOM’ed? Using Sysdig, of course. Let’s follow the syscall trail that leads to the culprit.