da Agency

Creating the best Linux Development experience on Windows & WSL 2

We are really excited to have had Docker Desktop be featured in a breakout session titled “The Journey to One .NET” at MSFT Build by @Scott Hanselman  with WSL 2. Earlier in the his  keynote, we learned about the great new enhancements for GPU support for WSL 2 and we want to hear from our community about your interest in adding this functionality to Docker Desktop. If you are eager to see GPU support come to Docker Desktop, please let us know by voting up our roadmap item and feel free to raise any new requests here as well.

With this announcement, the launch of the Windows 2004 release imminently and Docker Desktop v2.3.02 reaching WSL2 GA , we thought this would be a good time to reflect on how we got to where we are today with WSL 2.

April 2019

Casting our minds back to 2019 (a very different time!), we first discussed WSL 2 with Microsoft in April. We were excited to get started and wanted to find a way to get a build as soon as possible.

May 2019

It turned out the easiest way to do this was to collect a laptop at Kubecon EU (never underestimate the bandwidth of a 747). We brought this back and started work on what would be our first ‘hacky’ version of WSL 2 for Docker Desktop.

June 2019

With some internal demo’s done we decided to announce what we were planning <3

This announcement was a bit like watching a swan on a lake, our blog post was calm and collected, but beneath the water we were kicking madly to take us towards something we could share more widely.

July 2019

We finally got far enough along that we were ready to share something!

Get Ready for the Tech Preview of Docker Desktop for WSL 2

And not long after we released our first preview of Docker Desktop using WSL 2

5 Things to Try with Docker Desktop WSL 2 Tech Preview

August-September 2019

Once again, with a preview out and things seeming calm we went back to work. We were talking with Microsoft weekly about how we could improve what we had, on fixing bugs and generally on improving the experience. Simon and Ben did have enough time though to head over to the USA to talk to Microsoft about how we were getting on.

October 2019

We released a major rework to how Docker Desktop would integrate with WSL 2:

Introducing the Docker Desktop WSL 2 Backend

Along with adding K8s support and providing feature parity with our old Hyper-V based back end. We also made the preview more visible in Docker Desktop and our user numbers started to increase

November 2019 – Feb 2020

This time flew by, we spent a lot of this time chasing down bugs, looking at how we could improve the local experience and also what the best ways of working would be:

Docker Desktop release 2.2 is here!

March 2020

We had built up a fair bit of confidence in what we had built and finally addressed one of the largest outstanding items we still had in our backlog – we added Windows Home support

Docker Desktop for Windows Home is here!

This involved us removing the functionality associated with running our old Moby VM in Hyper V and all of the options associated with running Windows containers – as these are not supported on Windows Home. With this we were now able to focus on heading straight to GA…

April 2020

We doubled down how we were getting ready for GA, learning lessons on improving our development practice. We wanted to share how we were preparing and testing WSL 2 ready for the 2.7m people out there running Docker Desktop.

How we test Docker Desktop with WSL 2

May 2020

We finally reached our GA with Docker Desktop v2.3.02!

Now we are out in the wild, we shared some ideas and best practices to make sure you are getting the best experience out of Docker Desktop when working with WSL 2. 

Docker Desktop: WSL 2 Best practices

(And of course for Windows Pro users this still comes with all the same features you know and love including the ability to switch back over to using Windows Containers.)

What’s next?

Next, is that people start to use Docker Desktop with WSL 2! To try out Docker Desktop with WSL 2 today, make sure you are on Windows 2004 or higher and download the latest Docker Desktop to get started.

If you are enjoying  Docker Desktop but have ideas of what we could do to make it better then please give us feedback. You can let us know what features you want to see next via our roadmap, including voting up GPU support for WSL 2. 
The post Creating the best Linux Development experience on Windows & WSL 2 appeared first on Docker Blog.
Quelle: https://blog.docker.com/feed/

da Agency

Kubernetes storage performance myths

blog.mayadata.io – Brian Matheson has spent twenty years doing things like supporting developers, tuning networks, and writing tools. A serial entrepreneur with an intense customer focus, Brian has helped a number of s…
Quelle: news.kubernauts.io

da Agency

Deploy Mayastor on GKE

medium.com – Today I’ll be writing about another one of OpenEBS storage engines. I’ll be going through how to deploy Mayastor on GKE. If you’re new to OpenEBS, take a look at the concepts about cStor and how you …
Quelle: news.kubernauts.io

da Agency

Tinkerbell.org

tinkerbell.org – Tinkerbell has four major components: a DHCP server (boots), a workflow engine (tink), an in-memory operating system (OSIE) and a metadata service (hegel). The workflow engine is comprised of a serve…
Quelle: news.kubernauts.io

da Agency

EKS Best Practices Guide for Security

aws.github.io – This guide provides advice about protecting information, systems, and assets that are reliant on EKS while delivering business value through risk assessments and mitigation strategies. The guidance h…
Quelle: news.kubernauts.io

da Agency

Helping You Better Identify Vulnerabilities in Partnership with Snyk

We are really excited that Docker and Snyk are now partnering together to engineer container security scanning deeply into Docker Desktop and Docker Hub. Image vulnerability scanning has been one of your most requested items on our public roadmap.

Modern software uses a lot of third party open source libraries, indeed this is one of the things that has really raised productivity in coding, as we can reuse work to support new features in our products and to save time in writing implementations of APIs, protocols and algorithms. But this comes with the downside of working out whether there are security vulnerabilities in the code that you are using. You have all told us that scanning is one of the most important roadmap issues for you.

Recall a famously huge data breach from the use of an unpatched version of the Apache Struts library, due to CVE 2017-5638. The CVE was issued in March 2017, and according to the official statement, while the patch should have been applied within 48 hours, it was not, and during May 2017 the websites were hacked, with the attackers having access until late July. This is everyone’s nightmare now. How can we help with this?

Do you know if there are security issues? The joint solution with Snyk and Docker will integrate scanning both on Docker Desktop and in Docker Hub so that developers can quickly check for security issues while they are developing code, in the inner loop, and adding new dependencies, and also the whole team can see vulnerabilities once images are pushed to Docker Hub, the outer loop.

The Snyk scanning will generally provide remediation information for updates that will fix vulnerabilities that are found. You do not have to try to fix all the vulnerabilities all the time, as that is a losing game. There is an ongoing flow of vulnerabilities, and you are always likely to see new ones being added.

The target for your team should be to triage the highest risk issues to see if they apply to you and fix issues with high priority. The Apache Struts vulnerability is an example here, as it provided remote code execution from any server using this framework. These types of vulnerabilities tend to have exploits written quite soon and scripts become available to try to attack them. Other vulnerabilities might not be so critical, as your code may not be configured in a way that makes it vulnerable. If you are unsure better to update sooner though.

For less-critical vulnerabilities, the aim is to make sure that you get fixes updated in your build pipeline and vulnerabilities don’t hang around forever in dependencies that do not get updated. They may not be directly exploitable, but as they accumulate they may allow escalation from another vulnerability or combinations of vulnerable components that may create a larger vulnerability.

As we launch the joint Docker and Snyk scanning features we look forward to helping your team to ship software better, faster and more securely. For more information, check out this blog post by Snyk or read today’s press release. 
The post Helping You Better Identify Vulnerabilities in Partnership with Snyk appeared first on Docker Blog.
Quelle: https://blog.docker.com/feed/

da Agency

Multi-tenant Rancher Kubernetes cluster

itnext.io – Here we explore the idea of creating a multi-tenant Kubernetes cluster using Rancher, Rancher projects and project network isolation. We’ll investigate some security and usage concerns. This might of…
Quelle: news.kubernauts.io