Newsletter

September 2018 Container Newsletter

Hello from all of us here at Sysdig! The new academic year brings us a new Kubernetes version full of exciting features and so much more, continue reading to stay current on the container world.

So here it is again: a monthly newsletter to share the latest happenings in the container ecosystem across vendors and open source projects like Docker, Kubernetes, DC/OS Mesos, Openshift, etc.

We hope you enjoy this! Ping us at @sysdig or on our open source Sysdig Slack group to share anything you feel should be included in future newsletters, we are looking forward your contributions! You can also find previous newsletter editions in the Container Newsletter archive.

SECURITY

Docker scanning for Jenkins with the Sysdig Secure plugin

Integrating Sysdig Secure with your Jenkins CI/CD pipeline you can evaluate Docker images for security, compliance, and reliability before deploying to production

Improving security for Kubernetes deployments at scale

According to the research conducted by Lacework, over 21,000 container orchestration and API management systems were discoverable on the Internet, including open dashboards that required no authentication.

Deploy only what you trust

Introducing Binary Authorization for Google Kubernetes Engine. Binary Authorization is a container security feature that provides a policy enforcement gateway to ensure only signed and authorized images are deployed in your environment.

5 open source tools for container security

Securing containers is now a top priority for DevOps engineers. Learn about the five must-have container security tools and what they bring to the table.

Increasing security with a service mesh

Istio helped make the “service mesh” concept more concrete, and with the recent release of Istio 1.0, we can expect a surge in interest. With Istio, communication between services in the mesh is secure and encrypted by default.

Kubernetes: Assigning Pod Security Policies with RBAC

A PodSecurityPolicy is a cluster-level resource for managing security aspects of a pod specification. This brief tutorial will guide you through the process of creating and assigning a PSP to a pod, including code examples and common caveats.

SYSDIG

Sysdig raises $68.5 million for container security solutions

We are very excited to announce that we closed our $68.5M Series D financing round last month, bringing our total funding to $121.5M.

Scanning images in Azure Container Registry

The 2.0 release of Sysdig Secure supports new integrations with ACR (Azure Container Registry). In this article we’ll be diving deeper into how to integrate Sysdig Secure to scan images for for security, compliance, and reliability.

Hello to new Sysdig documentation

We are excited to share our brand new Sysdig documentation website. Sysdig Docs are now organized into Platform, Monitor and Secure sections.

Monitoring and securing Java apps at Quby

A case study, how Sysdig reduced the effort and cost of managing and operating monitoring for Quby, the Amsterdam-based developer of smart home solutions.

Running containers in production for dummies

KUBERNETES

What’s new in Kubernetes 1.12

What new and exciting features can you expect from the upcoming Kubernetes version? Kubeadm moving towards general availability, the new RuntimeClass cluster resource, new storage features and more.

Kubernetes monitoring with Prometheus – Part 2 and 3

Two new deliveries of the “Kubernetes monitoring with Prometheus” series, this time covering the full Prometheus stack (Alertmanager, Grafana, Pushgateway, etc) and the Prometheus Operator framework.

Make a Kubernetes Operator in 15 minutes with Helm

An Operator is a method of packaging, deploying and managing a Kubernetes application. This post will walk through making an Operator using the Helm Operator kit from the Operator Framework.

Kubernetes in 10 minutes: A complete guide to look for

Why are you in such a rush? Learn about the history, main moving parts and entities that compose the cluster, operational pros and cons and real use-case scenarios. Stay calm! We will explain everything in just 10 minutes.

Google takes a step back from running the Kubernetes development infrastructure

Until now, Google hosted virtually all the cloud resources that supported the project, like its CI/CD testing infrastructure, container downloads and DNS services on its cloud. Now Google is transferring all of this to the community.

50+ useful Kubernetes tools

Behold the huge tooling ecosystem that Kubernetes has spawned around the container orchestrator in just a few years! Get up-to-date reading this comprehensive list introducing 50 relevant Kubernetes tools available today.

Tips for designing a Kubernetes cluster

Not that many people has years of experience designing highly scalable Kubernetes clusters (yet). This post provides some design tips to help you set up Kubernetes and Helm in a cluster used by a few different teams.

Kubernetes networking: How to write your own CNI plug-in with Bash

People can get especially puzzled when they need to choose one of the available networking solutions for Kubernetes. Really knowing how the internal Kubernetes networking works will shed some light on the higher level cluster concepts.

How to deploy Spinnaker on Kubernetes

The quicker and dirtier guide. This article is going to show you how to deploy Spinnaker using Helm.

DOCKER

Top 10 options for docker run

The docker run CLI command has around 100 options, but let’s take it little by little. This tutorial will explain 10 of the most common ones, as well as links to learn more about using them.

Machine learning environment setup within 10 min

Seems that nobody has more than 10 minutes to learn a new technology nowadays, no problem, we can adapt to that. Docker would be the best tool to explore all machine learning frameworks without wasting much time.

10 free courses to learn Docker for programmers and DevOps engineers

Docker and containers are a whole new way of developing and delivering applications and the IT infrastructure. Still not familiar with these technologies? Here is a list of some of the free courses developers can use to learn Docker.

Quick tutorial: Docker + Traefik

Traefik is a reverse proxy for managing the routing between containers. Deployed together with Docker you can spawn your own microservice mesh in no time, learn by example completing this quick tutorial.

OPENSHIFT & MESOS

Kubernetes Ingress vs OpenShift Route

These two entities seem to have some overlap at first glance. What are the differences? Can I just use the “plain” Kubernetes ingress? Worry not! Since the release of Red Hat OpenShift 3.10, ingress objects are supported alongside route objects.

How to survive an outage and live to tell about it

Inspiring title no doubt. if you need to have a disaster recovery plan today this article will detail a potential solution stretching an OpenShift cluster across multiple datacenters.

The Docker vs. Kubernetes vs. Apache Mesos myth

And why what you think you know is wrong. Some articles and talk-tracks are misinformed and perpetuate the myth that these three open source projects are in a fight-to-the-death for container supremacy.

Getting custom metrics into the DC/OS metrics service

DC/OS ships with a comprehensive metrics service, providing metrics from DC/OS cluster hosts and containers. It’s also possible to add your own custom metrics from your applications to the metrics service and in this blog will show you how.