5 Top Container Engine Trends in 2022 

Containers are a standardized form of software comprised of packages of code with all their dependencies mapped carefully. They contain everything required to run applications. Code, runtime, tools, libraries, settings, and more are all contained within the container. This block of software runs on top of an OS as designed regardless of the environment. Developers, then, can use them like Lego blocks to provide systems faster and applications with more agility. They have the advantage of being even more portable than virtual machines (VMs) and requiring fewer resources. 

There is constant development work and plenty of news in the container engine space. Below are just a few of the latest news highlights and trends: 

Docker Enhancements 

Docker is the original commercial container engine. But it hasn’t rested on its laurels. Most recently it acquired Atomist to enhance security. Atomist provides visibility and control across the software supply chain — without disrupting existing workflows and tools. It protects against unwittingly shipping changes that expose users to risk. 

“Integrating this into Docker will be invaluable in helping developers shift left on security as they create their applications while satisfying DevSecOps teams,” said Docker CEO Scott Johnston. 

Just a few weeks before the Atomist acquisition, Docker also added Tilt, the maker of a development environment as code for teams on Kubernetes. The aim is to use this to reduce the pains of microservice development within Docker. 

“Tilt helps developers building apps for Kubernetes get their jobs done faster,” said Johnston. “Integrating Tilt’s features, including live updates and shareable, reproducible development environments, into Docker Desktop will increase development team collaboration and accelerate their release cadence.”

Windows Container Upgrades 

Microsoft has recently introduced a number of container upgrades as part of its Windows Server 2022 platform. For example, Windows containers can now maintain a virtualized time zone configuration separate from the host. It also fixed several issues in its container engine that users were complaining about. These included: 

  • Resolution of a port exhaustion issue when using hundreds of Kubernetes services and pods on a node.
  • Improved packet forwarding performance in the Hyper-V virtual switch.
  • Better reliability across Container Networking Interface (CNI) restarts in Kubernetes.
  • Improvements in the Host Networking Service (HNS) control plane and in the data plane used by Windows Server containers and Kubernetes networking.

Oracle Container Engine 

Oracle Container Engine for Kubernetes is an Oracle-managed container orchestration service. It is designed to reduce the time and cost to build modern cloud native applications. The vendor provides the Container Engine for Kubernetes as a free service that can run on higher-performance, lower-cost compute platforms. 

One of the most recent developments for this container engine is the Oracle Cloud Infrastructure (OCI) Service Operator for Kubernetes (OSOK). This open source add-on allows Kubernetes users to manage OCI resources such as the Autonomous Database service and the MySQL Database service using a Kubernetes API. As a result, it becomes easier to create, manage, and connect to OCI resources from a Kubernetes environment and using Kubernetes tooling. 

Container Security Upgrades

The various container platforms such as Docker and Kubernetes include some native security controls. But like cloud security, the safeguarding of containers has given rise to many different security tools and approaches. Containerized application development, too, often takes advantage of third-party software components that may have vulnerabilities. Thus, containers are susceptible to rogue processes that bypass the isolation that containers are supposed to provide. That opens the door to unauthorized access to other container images. If the container image itself includes a vulnerability, it can then be deployed unwittingly in applications. And then there are misconfigured permissions that could be abused by an attacker.

Thus, there is a lot of attention on container security, these days. The leading vendors and open-source flavors of container technology have all issued upgrades that enhance security. As container usage spreads, expect these engines to include even more built-in security features. 

Aqua Security Improvements 

Aqua Security, for example, has been steadily increasing the geographies that can be served by its SaaS services. In addition, it recently released its runtime security service for Red Hat OpenShift on IBM Power Systems. The Aqua platform provides visibility into hybrid clouds. It can detect and prioritize, risk, provide supply chain protection, and mitigate attacks on containerized workloads without having to stop them. Recent feature additions include enforcement of container immutability, the ability to scan Red Hat OpenShift hosts running on the IBM Power 10 architecture and find any malware and vulnerabilities, as well as network segmentation enforcement and compliance, and monitoring of file integrity.

Drew Robb
Drew Robb
Drew Robb has been a full-time professional writer and editor for more than twenty years. He currently works freelance for a number of IT publications, including eSecurity Planet and CIO Insight. He is also the editor-in-chief of an international engineering magazine.

Latest Articles

How to Secure Direct-Attached Storage (DAS): 5 Steps

Direct-attached storage (DAS) security is critical for all companies that use solid-state drives (SSDs), hard disk drives (HDDs), or arrays in conjunction with their...

Network-Attached Storage (NAS) Security: Everything You Need to Know

Network-attached storage (NAS) security is the measures a company takes to protect critical enterprise and customer data within NAS environments from both internal and...

What is Direct-Attached Storage (DAS) Security?

Direct-attached storage (DAS) security helps businesses protect the data stored on their flash drives, hard disk drives (HDDs), and arrays.  DAS connects directly to computers...