TL;DR – Last Week’s Container News (01/26/18-02/02/18)

CNCF Accepts Rook (Storage Project)

The Cloud Native Computing Foundation (CNCF) has accepted Rook (cloud storage) as an inception-level project, according to an article in The New Stack. This is the CNCF’s 15th project.

Rook is different from earlier container storage technologies like Flocker and the Container Storage Interface, as these projects “focus on the consumption side of storage,” according to Rook creator Bassam Tabbara. Rook instead focuses “on the provider side of storage; it runs the actual storage cluster as a cloud-native application integrated into Kubernetes.”

Check out more of Tabbara’s comments in this eWeek article.

Docker EE RBAC Support for Kubernetes

The latest release of Docker EE extends the product’s existing RBAC support to include Kubernetes primatives, according to a Docker blog post. The blog post walks through what this looks like in action and discusses how it works “under the covers.”

Kubernetes Support on Docker for Windows Desktop

This past week, Docker announced the beta for Docker for Windows Desktop with Kubernetes. This is available as part of the edge channel. Follow the link for instructions on how to get started – and suggestions on things to try.

Heptio Kubernetes Subscription

Heptio has introduced a Heptio Kubernetes Subscription (HKS) offering, providing “production-grade” Kubernetes with 24/7 support and some tools for optimization. Heptio was founded by Kubernetes co-creators Craig McLuckie and Joe Beda and is known for Sonobuoy, Heptio Ark, and ksonnet, along with Kubernetes support and training.

Cisco Announces Container Platform

This past week, Cisco announced they’re building their own container platform. Based on Kubernetes, the Cisco Container Platform is expected to be available in April (debuting on Cisco’s Hyperflex server system).

According to eWeek, the move “adds to previous efforts Cisco has made regarding containers, including the partnership it announced almost a year ago with container provider Docker,” and represents, “another step in the company’s ongoing transition to a role as a software and services vendor.”

Unikernels Vs. Containers

A recent TechTarget article compares containers and unikernels, arguing that unikernels are “akin to a shrunken container.” According to the article, while containers depend on a normal OS, unikernels operate with only the “minimum necessary OS functionality to run the application.” The article explores use cases for unikernels and speculates about the future of unikernels in the broader market.

4 Kubernetes Threat Models

A recent article by The New Stack explores four Kubernetes threat models. Among them:

  1. “External attacks aiming to compromise Kubernetes controls”
  2. “Compromised containers or nodes”
  3. “Compromised credentials”
  4. “Misuse of legitimate privileges”

Minimize Meltdown Patch Performance Impact

A recent The New Stack article explores “how to minimize the Meltdown patch performance penalty.” Some suggested courses of action:

  1. “Instead of running lots of small machines, run a larger virtual machine and own all the possible CPU cores on that box… then divide the machine back using containers that run your own, controlled code, hypervisor, or a framework that can scale up to all of the cores.”
  2. “Reduce your reliance on the kernel. Minimize the amount of context switches by moving more work to user space and batching more actions into the same kernel accesses.”

About the Author: