Tag: containers

What is a CaaS? Containers as a Service, Defined

October 17, 2017

When public clouds first began gaining popularity, it seemed that providers were quick to append the phrase “as a service” to everything imaginable, as a way of indicating that a given application, service, or infrastructure component was designed to run in the cloud. It should therefore come as no surprise that Container as a Service, or CaaS, refers to a cloud-based container environment. Read more

Containers vs. Serverless Computing

October 9, 2017

Serverless computing is a hot topic right now—perhaps even hotter than Docker containers.

Is that because serverless computing is a replacement for containers? Or is it just another popular technology that can be used alongside containers? Read more

Bootstrapping Rancher 2.0

October 3, 2017

It’s finally here: the Rancher you’ve all been waiting for. Rancher 2.0 is now in preview mode and available to deploy!

Rancher 2.0 brings us a whole new Kubernetes-based structure, with new features like platform-wide multi-select, adoption of existing Kubernetes clusters, and much, much more. Read more

Container Security Tools Breakdown

August 1, 2017

Container security was initially a big obstacle to many organizations in adopting Docker. However, that has changed over the past year, as many open source projects, startups, cloud vendors, and even Docker itself have stepped up to the challenge by creating new solutions for hardening Docker environments. Today, there is a wide range of security tools that cater to every aspect of the container lifecycle.

Docker security tools fall into these categories:

  • Kernel security tools: These tools have their origins in the work of the open source Linux community. They have been inherited by container systems like Docker as foundational security tools at the kernel level.
  • Image scanning tools: Docker Hub is the most popular container registry, but there are many others, too. Most registries now have solutions for scanning container images for known vulnerabilities.
  • Orchestration security tools: Kubernetes and Docker Swarm are the two most popular orchestrators, and their security features have been gaining strength over the past year.
  • Network security tools: In a distributed system powered by containers, the network is more important than ever. Policy-based network security is gaining prominence over perimeter-based firewalls.
  • Security benchmark tools: The Center for Internet Security (CIS) has provided guidelines for container security, which have been adopted by Docker Bench and similar benchmark security tools.
  • Security with CaaS platforms: AWS ECS, GKE and other CaaS platforms build on the security features of their parent IaaS platform, and then add container-specific features or borrow security features from Docker or Kubernetes.
  • Purpose-built container security tools: This is the most advanced option for container security. In it, machine learning takes center stage as these tools look to build an intelligent solution to container security.

Here’s a cheatsheet of Docker security tools available as of mid-2017. It’s organized according to which part of the Docker stack the tool secures.

Read more

How to Run GitLab in Rancher - Part 2

June 22, 2017

GitLab and RancherThis is part two of our series on using GitLab and Rancher together to build a CI/CD pipeline, and follows part one from last week, which covered deploying, configuring, and securing GitLab in Rancher. We’ve also made the entire walkthrough available for download. 

Using GitLab CI Multi-Runner to Build Containers

GitLab CI is a powerful tool for continuous integration and continuous delivery. To use it with Rancher, we’ll deploy a runner that will execute jobs.

Launching the Runner

There are several ways that runners can be deployed, but since we’ll be targeting building containers from our repositories, we’ll run a Docker container that has direct access to /var/run/docker.sock to build images that are siblings to itself.

  1. In Rancher, add a service to your Gitlab stack
  2. Set it up with the following configuration:
  • Name: runner01
  • Image: gitlab/gitlab-runner
  • Console: None
  • Volumes:
    • /var/run/docker.sock:/var/run/docker.sock
    • runner01-etc:/etc/gitlab-runner

When the container launches, it will create a default configuration in /etc/gitlab-runner, to which we’ve connected a volume. The next step is to register the runner with your Gitlab instance.

The options that I’m setting below are correct for a basic runner that will build any job. You can also limit runners to specific repositories or use other images. Read the documentation from Gitlab to learn what options are best for your environment.

Read more

Recent Posts

Upcoming Events