2. Information presented is confidential
Containers
• Easy to bundle apps
• Easy to replicate
environments
• Bridge from app
developers to ops
engineers
3. Information presented is confidential
Containers in production: new challenges
• Orchestration
• Monitoring
• Troubleshooting
• Logging
• Security
4. Information presented is confidential
Troubleshooting
• network:
tcpdump, netstat
• file: lsof
• memory/cpu:
top, ps
They don’t play well with containers
5. Information presented is confidential
Sysdig architecture
Kernel
Container1
Docker
Container2
runc
Container3
rkt
sysdig
Docker
Capture and
analysis
Instrumentation
through kernel
module
6. Information presented is confidential
sysdig
• Capture system events, filter them, run
useful scripts
• Tracefiles for postponed analysis
• Native support for: Docker, Kubernetes,
Mesos, rkt and so on
• Open Source
7. Information presented is confidential
Two Flavours
• event filtering and
printing on screen
• apply bundled or
custom chisels
• save tracefiles for later
analysis
• easy to use
interface
• tabular or graphic
views for various
purposes
sysdig csysdig