Software engineer @ Datadog
Xavier is a data-addicted software engineer. After using instrumentation and data to optimize industrial equipment’s turnaround times and designing real-time feedback algorithms to help athletes perfect their technique, he is now part of Datadog’s container-monitoring engineering team. There, he chews orchestrator betas for breakfast and investigates how to get more and more insights on your containerised workload.
|2017||Datadog presents: Container monitoring challenges: isolation vs instrumentation|
Containers provide increased security through isolation and rule-based access control. While this is a great improvement, this proved to be a challenge at Datadog for effectively instrumenting and monitoring containerised workloads. In this talk, we will go through several of the technical issues we encountered while developing container-aware instrumentation, and how what we learned can be leveraged to improve your deployment’s security and performance. - Cgroup hierarchies: limits and accounting - Kernel namespacing: what do --net, --pid, --privileged imply? - Host-local traffic through Unix Domain Sockets: performance gains and origin detection thanks to ancillary data - How to secure you Docker socket?