Monitoring systems help DevOps teams detect and solve performance issues faster. With Docker still on the rise, it’s important to get container monitoring right from the start. This is no easy feat. Monitoring Docker containers is very complex. Developing a strategy and building an appropriate monitoring system is not simple at all. In this post, we’re going to delve deep into what container monitoring is and why you need it.

In Part 1 we’ve described what container monitoring is and why you need it. Because each container typically runs a single process, has its own environment, utilizes virtual networks, or has various methods of managing storage. Traditional monitoring solutions take metrics from each server and the applications they run. These servers and applications running on them are typically very static, with very long uptimes.

Even though containers have been around for ages, it wasn’t until Docker showed up that containers really became widely adopted. Docker has made it easier, faster, and cheaper to deploy containerized applications. However, organizations that adopt container orchestration tools for application deployment face new maintenance challenges.

A few months ago, we published a guide to setting up Kubernetes network policies, which focused exclusively on ingress network policies. This follow-up post explains how to enhance your network policies to also control allowed egress.

In this blog post, you will learn how to setup image scanning with Github Actions using Sysdig Secure DevOps Platform. We will create a basic workflow to perform a local scan to detect vulnerabilities and bad practices before the image is pushed to any registry. We will also customize scanning policies to stop the build according to a set of defined rules.

Most discussions about the merits of Docker Swarm vs. Kubernetes focus on large-scale deployments. But, what if you’re running your containerized app on a single host or a small cluster? In that case, the considerations for choosing Swarm or a Kubernetes implementation tend to be different. With that reality in mind, here’s a look at the benefits and drawbacks of Docker Swarm vs. Kubernetes for single-host environments.

CRI-O is a Cloud Native Computing Foundation incubating project. According to their website, “CRI-O is an implementation of the Kubernetes CRI (Container Runtime Interface) to enable using OCI (Open Container Initiative) compatible runtimes. It is a lightweight alternative to using Docker as the runtime for Kubernetes (K8s).” CRI-O allows K8s to use any OCI-compliant runtime for running pods. CRI-O has support for OCI container images and is able to pull from any container registry.

Monolithic applications are outdated. We are now solidly in a development revolution as rapid software development and deployment have become standard. Microservices and containers are key to enabling this new way of working driven by DevOps practices such as Continuous Integration and Continuous Delivery. As a result, securing Kubernetes master and worker nodes has become critical.