Kubernetes is a fantastic tool for building large containerised software systems in a manner that is both resilient and scalable. But the architecture and design of Kubernetes has evolved over time, and there are some areas that could do with tweaking or rethinking. This post digs into some issues related to how image tags are handled in Kubernetes and how they are treated differently in plain Docker.
I am embracing managed Kubernetes services and here’s my journey. While I attended KubeCon 2018 ready to soak up all I could about Kubernetes and the cloud-native ecosystem, I sought to learn as much as I could to aid me in running my clusters day to day. More importantly, though, I experienced a fundamental shift in what I see as the future of Kubernetes, and what getting started in Kubernetes looks like for companies today.
In this post, I’m going to cover some of the fundamentals of how Calico works. I really don’t like the idea that with these Kubernetes deployments, you simply grab a yaml file and deploy it, sometimes with little to no explanation of what’s actually happening. Hopefully, this post will servce to better understand what’s going on.
A Docker image contains an application and all its dependencies. As it also contains the numerous binaries and libraries of an OS, it’s important to make sure no vulnerabilities exist in its root filesystem, or at least no critical or major ones. Scanning an image within a CI/CD pipeline can ensure this additional level of security.
With the start of the new year, it is a good time to look at what changes have happened in our industry over the last 12 months. With the help of a few recent industry surveys and some of our own perspective, I’d like to summarize some of the key trends that we are seeing.
I talk a lot about containerd. I write blog posts about it, speak at conferences about it, give introductory presentations internally at IBM about it and tweet (maybe too much) about it. Due to my role at IBM, I’ve helped IBM’s public cloud Kubernetes service, IKS, start a migration to use containerd as the CRI runtime in recent releases and similarly helped IBM Cloud Private (our on-premises cloud offering) offer containerd as a tech preview in the past two releases.
