Best Practices for Docker Security
In a recent study by the CNCF, 43% of respondents listed “security” as the biggest obstacle to container adoption. With that in mind, The New Stack has shared “five Docker security best practices.” The article covers patching the host OS, Docker runtime security, image authenticity, resource utilization / noisy neighbor issues, and the questionable practice of running in super-privileged mode.
Docker Birthday 5
With Docker turning five this week, a number of articles emerged celebrating the project’s history and accomplishments. Check out eWeek’s excellent slideshow and Docker’s own blog post on the subject. Also, see how InfoSiftr celebrated Docker’s birthday with the Docker Las Vegas meetup last week.
Microservices Basics (and Benefits)
The New Stack has been sharing a series of articles “exploring the basics of microservices.” The latest installment covers some of the benefits of microservices, as well as the “gotchas,” and delves into the typical processes, infrastructure, and application models at various levels of microservices maturity. Check out part three of this fantastic series by following the link.
Challenges to Kubernetes Implementation
The oft-stated “complexity problem” of Kubernetes is only the “fifth most cited challenge” of Kubernetes implementation, according to a recent article by The New Stack. Among the other challenges: security (cited by 46 percent of Kubernetes users), networking, storage, and scaling based on load.
4 Indicators DevOps is Working
The New Stack has shared “four truths” that indicate a company is “fulfilling the DevOps promise.” Among them: velocity (“time it takes for a feature to be programmed, developed and deployed” is decreasing), Dev and Ops aren’t being forced to use the same tools, “it’s not just DevOps, it’s DevSecOps,” “orchestration is crucial.”
CNCF Adds NATS Messaging Project
The CNCF recently voted to adopt NATS as their latest open source project. The technology supports distributed messaging and is meant “help improve high-throughput communications in cloud native environments,” according to eWeek.
Univa (a workload management vendor) recently open sourced “Project Tortuga,” a “general purpose cluster- and cloud-management framework” according to The New Stack. One potential use case is to “provide an improved on-ramp to the cloud for high-performance computing (HPC) workloads.”
CNCF Auditing Projects for Security
The CNCF has started performing third-party security audits for their projects. The first audit was performed on Envoy (a service mesh donated by Lyft) and found eight vulnerabilities, none of which were classified as “critical.” A Kubernetes audit is set to follow soon.