Containers provide increased security through isolation and rule-based access control. While this is a great improvement, this proved to be a challenge at Datadog for effectively instrumenting and monitoring containerised workloads. In this talk, we will go through several of the technical issues we encountered while developing container-aware instrumentation, and how what we learned can be leveraged to improve your deployment’s security and performance.
-
Cgroup hierarchies: limits and accounting
-
Kernel namespacing: what do –net, –pid, –privileged imply?
-
Host-local traffic through Unix Domain Sockets: performance gains and origin detection thanks to ancillary data
-
How to secure you Docker socket?
![track icon](https://www.datocms-assets.com/1787/1500555466-track-png.png)
![duration icon](https://www.datocms-assets.com/1787/1500555449-time-png.png)
![language icon](https://www.datocms-assets.com/1787/1500555473-language-png.png)
![level icon](https://www.datocms-assets.com/1787/1500555460-difficolta-png.png)