Another container focused note, with the general availability of Azure Container Instances, a new free security scanner by Aqua, and Netflix open sourcing Titus, their container management tool.
ACI Generally Available
Azure Container Instances, the Azure service that allows you to run Docker containers in a serverless manner, as in you don’t have to worry about the underlying infrastructure is now generally available. It’s close to a year since it initially was released in preview, so a fair number of improvements have been made to it in that time. Especially concerning monitoring the containers.
Part of the release also includes some price changes, and finally an expansion of the regions where it is available. Unfortunately, it is only expanded to a total of 6 regions, which means there’s still a good chance you can’t use it. But if you use Azure, and are in a region where ACI is available, it’s worth checking out.
In related news, AWS Fargate, the similar service from AWS has also expanded its availability. Unfortunately, like Azure, this still doesn’t include Australia meaning I can’t play with it at work yet.
Aqua released a new, free, vulnerability scanner for Docker. This is similar to their paid offering, except it runs as part of your Dockerbuild. It’s also more limited in what it does but offers a good indication of vulnerabilities in your image.
In a way, having the scan done as part of your build makes it a lot easier to integrate and if you wish to have it separate you can always run it as a second build process that uses your created image as the base. Either way, it is easier to set up than something like Clair, but it depends on your use case whether or not it’s something you wish to use. And obviously, for your critical containers, it might be worth it to pay for all the extra features various companies offer1.
Mostly as a side note, Netflix open sourced their container management platform named Titus. In a market where it seems like Kubernetes is the big winner, it’s still interesting to see a new player emerge. The apparent main attraction of Titus, however, is their integration with AWS, which is not very surprising. I do not doubt that this is a very good solution, but I also suspect that for most use cases it will be a bit overkill.
That said, it is still a solution that might be worth looking into if you need that tight AWS integration and can’t wait until EKS is available. And of course, at the very least I hope that it will give those working on Kubernetes and other container management tools some ideas for improvement. Lastly, as is usually the case with the Netflix tech blog it’s a good read with various interesting tidbits.
I haven’t done enough in this space to be willing to offer any recommendations. ↩︎
Read more like this:
- Week 26, 2019 - AWS App Mesh and Cloud Map; IAM Access Advisor; Azure Bastion
- Week 25, 2018 - AKS; Daemons in ECS; Docker Application Designer; Private API Gateways
- Week 17, 2018 - Azure Sphere; Docker EE 2.0; kaniko; Vault Operator
- Week 7, 2018 - ECS Target Tracking; User Account Best Practices; APN Cloud Warrior
- Week 31 2017 - CloudFormation StackSets; Microsoft Container Instances; Flash EOL
Or always get the latest by subscribing through RSS, Twitter, or email!