TL;DR – Last Week’s Container News (02/09/18-02/16/18)

Container / Microservices Security Tips

A recent article in The New Stack details the unique security challenges of container-based microservices, and discusses a few remedies. According to the article, strong microservices security involves:

  • Container image scanning
  • Running containers as unprivileged, non-root
  • Keeping images small (reducing the potential attack surface), and keeping container lifespans short
  • Employing “micro-firewalls” to protect each service in the mesh
  • Leveraging data analysis for threat detection
  • Centralized logs

Security Controls Within Kubernetes

A recent article in The New Stack discusses “security controls within the immediate Kubernetes environment.” Among them:

  • Authentication & Authorization controls meant to control API access for both users and service accounts
  • Resource Isolation to prevent denial-of-service attacks and provide privacy and data protection
  • Hardening operations (including “restrictions on running privileged containers, limiting privilege escalations and whether a container can access the host networking interface and file system”)
  • Network security (through the use of segmentation, Transport Layer Security (TLS) client authentication, and service network Access Control Lists)
  • Logging & Auditing (Kubernetes 1.9 provides Audit Logging as a beta feature)

Docker EE Case Study: HudsonAlpha

eWeek has shared a Docker EE case study featuring HudsonAlpha, a non-profit medical research institute. The article outlines HudsonAlpha’s implementation of Docker EE, the ROI and efficiencies gained, and some lessons learned along the way.

Among the highlights: they gained portability across multi-cloud environments, they accelerated research (“without compromising security”), and they established a clear separation of concerns.

Container Case Study: IBM Content Services

IBM is now leveraging containers for their content platform components, according to an article by SDxCentral. Container usage is allowing for greater portability / interoperability, better “scalability, resiliency, management, and monitoring,” and has allowed IBM to “cut the deployment of an IBM content platform from hours to weeks or minutes.”

10 Essential Tools for DevOps

A recent article by TechTarget identifies 10 essential tools for DevOps. Among them:

  • A source code repository (like Git or GitHub)
  • An artifact repository (like JFrog Artifactory)
  • A CI/CD tool (like Jenkins)
  • Containers (via Docker)
  • Container Orchestration (via Kubernetes or Docker Swarm)
  • Infrastructure as code tools (like Terraform or Ansible)
  • Configuration management (Puppet, Chef, Ansible, SaltStack)
  • Log monitoring (via something like ELK Stack or Splunk)
  • Metrics monitoring (via Prometheus, or similar)
  • ChatOps (with something like Slack)

Struggle with Monitoring Microservices? Try the RED Method

A recent article in The New Stack describes the RED Method — a new way to monitor microservices. Developed by former Google and Weave engineer Tom Wilkie, the RED Method “encourages you to come to some sort of consistency of monitoring.” By “instrumenting microservices along the channels described by RED,” you are given “a standard set of tools to diagnose and correct an issue,” according to the article. 

OSF’s Edge Computing Group

A recent article in The New Stack describes the OpenStack Foundation (OSF)’s Edge Computing Group: its mission and current initiatives. According to the article, edge computing cases are multiplying, and so too are the “demands for a fully functional edge computing cloud infrastructure built on open source technologies. The OSF Edge Computing Group (comprised of Verizon, Red Hat, AT&T, and Cisco, among others) has “identified fundamental requirements and issued a challenge to the open infrastructure community to create or adapt the tools that are needed to enable broad adoption.” Follow the link for more information.


About the Author: