At SoundCloud we managed to break away from the monolith while delivering key business features. Our journey towards a microservices architecture has not been a straightforward one. We experimented a lot to reach the set of tools and technologies that we use today. We changed how we build our applications. We introduced specific apis for our mobile and web clients. We call them BFFs (backend for the frontend). They became the central piece of SoundCloud’s architecture. We rethought how we monitor our services. We created a service registry for knowledge sharing. While making all these changes, we benefited from the learnings of our peer companies. This talk will share our learnings from this journey: what worked for us and what we moved away from.
With the continuing success of the Docker engine, containers are increasingly moving from build chains into production environments. So it's high time to assess the current state of security of one’s container environment. Luckily, the Docker eco system is beginning to provide more and more tools to deploy security measures – some of the them being already active per default. At the same time, several pitfalls exist that could lead to a vulnerable environment.
The talk aims to present a security model covering multiple layers from building images, to the Docker host, and daemon, and up to containers at runtime while focusing on the knobs and levers for building a secure system.