// Topic

Containers

Definition

Containers coverage in this archive spans 11 posts from Feb 2016 to Jul 2022 and focuses on reliability, delivery speed, and cost discipline as one system, not three separate concerns. The strongest adjacent threads are kubernetes, devops, and security. Recurring title motifs include container, kubernetes, containers, and production.

Working claims

Most posts prioritize predictable operations over feature breadth or stack novelty.
Early posts lean on docker and production, while newer posts lean on container and kubernetes as constraints shifted.
This topic repeatedly intersects with kubernetes, devops, and security, so design choices here rarely stand alone.

How to apply this

Set SLOs first, then choose tooling that keeps deploy, observability, and rollback simple.
Start with the newest post to calibrate current constraints, then backtrack to older entries for first principles.
When boundary questions appear, cross-read kubernetes and devops before committing implementation details.

Where teams get burned

Adding platform layers faster than the team can operate and debug them.
Chasing throughput gains without proving they improve end-user reliability.
Applying guidance from 2016 to 2022 without revisiting assumptions as context changed.

Suggested reading path

Start here (current state): Container Scanning Without the Security Theater
Then read (operating middle): Two Years of Kubernetes in Production — The Boring Parts Are the Hard Parts
Finish with (foundational context): Docker in Production: What We Learned Running Containers at Dropbyke

References

11 posts

Container Scanning Without the Security Theater July 11, 2022 · 4 min Most container scanning setups generate noise, not security. Here is how to build a pipeline that actually catches what matters. containers security docker

Hardening Kubernetes: The Stuff That Actually Matters February 7, 2022 · 7 min Kubernetes defaults are built for getting things running, not for keeping attackers out. A layered hardening walkthrough covering pods, RBAC, network policies, secrets, and the control plane. kubernetes security hardening

Your Container Image Scan Passed. Now What? November 30, 2020 · 8 min Image scanning tells you what's in the box. Runtime security tells you what the box is doing. Here's how we lock down containers at Decloud with seccomp, network policies, Falco, and paranoia earned from NATO work. containers security kubernetes

Serverless vs Containers: Where the Math Stops Working June 22, 2020 · 5 min Serverless is great until it isn't. A comparison of serverless and containers at different traffic scales, with actual numbers on where the economics flip. serverless containers architecture

Container Security in 2018: What Actually Changed August 20, 2018 · 3 min Eight months after my first container security post, an update on what moved at the fintech startup and in the ecosystem — PodSecurityPolicy, image signing, and the shift from scratch to real. security containers docker

Two Years of Kubernetes in Production — The Boring Parts Are the Hard Parts January 22, 2018 · 7 min Year two of running Kubernetes at the fintech startup. The panic is gone. Now it's networking, resource tuning, and all the operational grunt work nobody blogs about. kubernetes containers devops

Your Containers Aren't Secure. Here's What to Actually Do About It. December 4, 2017 · 5 min Containers give you process isolation, not a security boundary. I break down how we hardened images, locked down runtimes, and segmented networks at the fintech startup — plus the stuff nobody warns you about. containers docker kubernetes

A Year Running Kubernetes in Production — What Actually Happened January 16, 2017 · 6 min After a year of running Kubernetes in production, the wins are real but the sharp edges drew blood first. Here's what paid off, what bit us, and what I'd do differently. kubernetes containers devops

2016: The Year I Stopped Fighting Infrastructure December 28, 2016 · 5 min A personal look back at what mattered in 2016 -- Docker going mainstream, Kubernetes momentum, Go adoption, and lessons from building at Dropbyke and a fintech startup. year-review technology engineering

Container Orchestration: Docker Swarm vs Kubernetes vs Mesos October 17, 2016 · 4 min A side-by-side comparison of Swarm, Kubernetes, and Mesos based on running all three in evaluation at Dropbyke. Kubernetes is going to win, but the operational tax is real. containers docker kubernetes

Docker in Production: What We Learned Running Containers at Dropbyke February 8, 2016 · 8 min Running Docker in production at Dropbyke forced us to get serious about image builds, container networking, log aggregation, and security. Here is what actually worked. docker containers devops