E06: Best practices for containers

When is a best practice not a best practice? Sadly, often when we talk about containers. Containers had a very simple promise: better security through discrete process isolation. One process or application per container. What have we done? Crammed as many things into a container to run together so we’ve basically turned containers into lightweight virtual machines. When did this happen? Why? And how can we realize the promise of better security using containers the way they were designed to be used? It starts by understanding what they are, and why a vulnerability in a properly-designed container is so …