Demystifying Containers – Part I: Kernel Space

This series of blog posts and corresponding talks aims to provide you with a pragmatic view on containers from a historic perspective. Together we will discover modern cloud architectures layer by layer, which means we will start at the Linux Kernel level and end up at writing our own secure cloud native applications. Simple examples […]

Predictive CPU isolation of containers at Netflix

Because microprocessors are so fast, computer architecture design has evolved towards adding various levels of caching between compute units and the main memory, in order to hide the latency of bringing the bits to the brains. However, the key insight here is that these caches are partially shared among the CPUs, which means that perfect […]

Anatomy of CVE-2019-5736: A runc container escape!

On Monday, February 11, CVE-2019-5736 was disclosed. This vulnerability is a flaw in runc, which can be exploited to escape Linux containers launched with Docker, containerd, CRI-O, or any other user of runc. But how does it work? Dive in! Processes interact with the operating system to perform a variety of operations (for example, reading […]

Docker and Kubernetes in high security environments

This is brief summary of parts of my master’s thesis and the conclusions to draw from it. This medium-story focuses on containerized application isolation. The thesis also covers segmentation of cluster networks in Kubernetes which is not discussed in this story.You can read my full thesis here; it’s available through open access:Container Orchestration in Security […]

Dockter: A Docker image builder for researchers

Dependency hell is ubiquitous in the world of software for research, and this affects research transparency and reproducibility. Containerization is one solution to this problem, but it creates new challenges for researchers. Docker is gaining popularity in the research community—but using it efficiently requires solid Dockerfile writing skills. As a part of the Stencila project, […]

8 emerging trends in container orchestration

Containerization is now officially mainstream. A quarter of Datadog’s total customer base has adopted Docker and other container technologies, and half of the companies with more than 1,000 hosts have done so. As containers take a more prominent place in the infrastructure landscape, we see our customers adding automation and orchestration to help manage their […]

Red Hat Container Development Kit 3.7 now available

Red Hat Container Development Kit (CDK) 3.7 is now available to run anOpenShift/Kubernetes cluster on your laptop for developing cloud- and container-based applications. We are pleased to announce the availability of theRed Hat Container Development Kit (CDK) 3.7.CDK 3.7 is based on Minishiftv1.27.0, a command-line tool to quickly provision anOpenShift and Kubernetes cluster on your […]

Exploring container security: This year, it’s all about security. Again.

Earlier this year at KubeCon in Copenhagen, the message from the community was resoundingly clear: “this year, it’s about security”. If Kubernetes was to move into the enterprise, there were real security challenges that needed to be addressed. Six months later, at this week’s KubeCon in Seattle, we’re happy to report that the community has […]

Introducing Makisu: Uber’s Fast, Reliable Docker Image Builder for Apache Mesos and Kubernetes

To ensure the stable, scalable growth of our diverse tech stack, we leverage a microservices-oriented architecture, letting engineers deploy thousands of services on a dynamic, high-velocity release cycle. These services enable new features to greatly improve the experiences of riders, drivers, and eaters on our platform. Although this paradigm supported hypergrowth in both scale and […]

Docker App and CNAB

Docker App is a new tool we spoke briefly about back at DockerCon US 2018. We’ve been working on docker-app to make container applications simpler to share and easier to manage across different teams and between different environments, and we open sourced it so you can already download Docker App from GitHub at https://github.com/docker/app. In […]