Docker: Intro to LinuxKit, Docker EE on G-Cloud 9, Security of Docker for AWS / Azure, Docker EE Demo, LinuxKit Improving Linux Security
INTRO TO LINUXKIT — Docker has shared a recap of their online meetup introducing LinuxKit (“a toolkit for building secure, lean and portable Linux subsystems”). This is the same tooling that sits behind Docker for Windows and Docker for Mac. The LinuxKit meetup recap includes the full video and slide deck, along with Q&A.
DOCKER EE ON G-CLOUD 9 — Docker Enterprise Edition (EE) was recently accepted into G-Cloud 9, a framework designed by the UK government to “accelerate adoption of cloud-based services within the public sector.” This means UK public sector organizations can “procure the de facto container solution” without the need to go through an extensive procurement process.
SECURITY OF DOCKER FOR AWS / AZURE — A recent Docker post describes how Docker for AWS and Docker for Azure “provision by default an infrastructure with security in mind.” The post highlights a security assessment performed by NCC Group, and discusses NCC’s findings around “cloud-specific access control,” “network configuration settings,” and, “underlying host network configuration.” The post also discusses some limitations NCC uncovered and includes links to NCC’s full reports.
DOCKER EE DEMO — A recent webinar by Docker discusses use cases for Docker Enterprise Edition (EE) as well as “a demo of how end-to-end container lifecycle management can be securely controlled through Docker EE.” The webinar also explains how Docker EE is different from Docker Community Edition (CE). The webinar discusses Dockerizing Windows apps, managing both Linux and Windows containers, the distinction between Docker Trusted Registry (DTR) and Docker Registry, and integration with tools like Kubernetes, among other subjects.
LINUXKIT IMPROVING LINUX SECURITY — The LinuxKit project is currently “incubating several technologies to advance Linux security,” according to a recent article by eWeek. Wireguard VPN, Landlock, and the Kernel Self Protection Project (KSPP) are among the incubated projects. Docker and the LinuxKit project also intend to move their Linux kernel security work upstream, so the “mainline Linux kernel” can take advantage of these efforts.
Kubernetes: ksonnet, Microsoft Draft, Oracle On Kubernetes
KSONNET — Heptio (a company founded by Kubernetes co-founders) recently launched ksonnet, a Kubernetes configuration tool. ksonnect is meant to “automate the modeling and management of complex Kubernetes deployments,” according to an article by The New Stack. It’s part of an effort to make the Kubernetes platform easier to work with.
MICROSOFT DRAFT — Microsoft has unveiled a new open-source Kubernetes deployment tool that “[takes] away most of the requirements for using Kubernetes.” The new tool — called Draft — is meant to make Kubernetes “easier and more palatable for software teams.” Developers simply type “draft create” and Draft will scaffold out and containerize the app for them. Typing “draft up” will ship the code to Kubernetes, build the Docker images, and deploy them into a sandbox.
ORACLE ON KUBERNETES — Oracle is now contributing to Kubernetes, and will be using Kubernetes “to internally manage its container infrastructure,” according to an article by The New Stack. Oracle will be working with canonical Kubernetes, rather than trying to make their own distribution. Their contributions will likely revolve around making Kubernetes easier to use.
Other News: Shippable Server, Spinnaker CD Platform, DigitalOcean Cloud Firewalls, Switch Expansion
SHIPPABLE SERVER — Shippable – a company that aims to “unify enterprise software development workflows” – recently unveiled “Shippable Server,” a version of their product that can run in private data centers. According to VentureBeat, Shippable’s mission is to take, “workflows that compose software development and operation and make them function more like digital assembly lines.” With Shippable Server, they can provide this service to customers who won’t or can’t use a cloud service.
SPINNAKER CD PLATFORM — Spinnaker, a continuous delivery (CD) platform being produced by Netflix and Google, reached version 1.0 on Tuesday last week. According to an article by The New Stack, “the project’s ultimate goal is to support global, multi-cloud deployments, and automated releases across those deployments.” The project supports multiple cloud platforms and includes a management UI, a CLI, and monitoring tools.
DIGITALOCEAN CLOUD FIREWALLS — DigitalOcean just added a scalable firewall service to make it “easier for developers to protect the virtual machines they have running in the company’s cloud,” according to coverage by VentureBeat. The new “Cloud Firewalls” service lets users apply rules broadly (to all their VMs) or to specific groups of VMs (based on tagging). This should make it easier to manage “hundreds or thousands of virtual machines.”
SWITCH EXPANSION — Switch, a Cloud Native Computing Foundation member and Nevada-based company, has just announced plans for a massive data center campus in Atlanta. Switch is the “only carrier-neutral company in the world to design, build and operate Tier IV Gold data centers.” Their Atlanta data center campus will be over 1 million square feet and serve as “a PRIME hub for Ashburn, Miami and the rest of the Southeastern United States.”
Other Analysis: Cosmos DB, Capital One Interview, Uptick in Container Orchestration, Problems with Jenkins / CD
COSMOS DB — Microsoft recently introduced Cosmos DB, a “globally distributed NoSQL database service” that’s meant to provide “rich query options” along with scalability. The offering allows users to choose between five consistency choices that allow Cosmos DB to behave more like a relational database or more like a NoSQL database, depending on user preference. Check out the analysis of Cosmos DB by The New Stack.
CAPITAL ONE INTERVIEW — A recent The New Stack interview features Capital One’s Lorinda Brandon (Director for Developer Marketing, Capital One DevExchange,) discussing the company’s “journey to becoming a technology-first company.” The company is now building and open sourcing more of their own software. The interview covers what they’re working on, “the disruption process,” and how open source allows for innovation, among other topics.
UPTICK IN CONTAINER ORCHESTRATION — According to a recent research paper, container orchestration tools are “starting to be deployed in production as almost much as containers themselves.” The New Stack’s coverage of the report offers three possible reasons for the high reported use of orchestrators:
- “Containers” and “container orchestration” are becoming synonymous (especially among executives who haven’t been hands-on with the technology)
- Most container users actually also use container orchestration
- Although people report using a certain technology for production applications, it may not be their primary method (they’re using multiple methods concurrently)
PROBLEMS WITH JENKINS / CD — A recent editorial by The New Stack explores, “the many problems with Jenkins and continuous delivery.” Among them: Jenkins “has too many plugins,” was not designed for the Docker / container era, and struggles with microservices. Also, teams tend to conflate CI with CD, and expect the simple act of setting up a CI server to solve their software delivery woes. CD requires additional tooling as well as communication / collaboration initiatives, according to the artcile.
Any major container news we missed? Please feel free to drop us a line. This summary is part of an ongoing series from InfoSiftr, and we want to make sure all top container stories are covered.