Crossplane v0.3 – accelerating support for more clouds and managed services

New developer guide, CLI tooling and enhanced out-of-tree Infra Stacks (GCP, AWS, Azure) enables the community to add support for more cloud providers, managed Kubernetes offerings, and fully-managed cloud services that can be hosted in your cloud of choice. The momentum keeps rolling forward with Crossplane community engagement around extending Crossplane to add support for […]

A standard way of managing configurations for multiple environments (and clouds)

This article intended to share ideas and solutions to address some challenges related to Configuration Management, especially in the cloud environment. Hope you find this read helpful. The approach described in this article was conceptualized a few years back, then implemented and used across many, many projects to build configuration management components for production-grade systems […]

Announcing etcd 3.4

In particular, etcd experienced performance issues with a large number of concurrent read transactions even when there is no write (e.g. “read-only range request … took too long to execute”). Previously, the storage backend commit operation on pending writes blocks incoming read transactions, even when there was no pending write. Now, the commit does not […]

OPA Gatekeeper: Policy and Governance for Kubernetes

The Open Policy Agent Gatekeeper project can be leveraged to help enforce policies and strengthen governance in your Kubernetes environment. In this post, we will walk through the goals, history, and current state of the project. The following recordings from the Kubecon EU 2019 sessions are a great starting place in working with Gatekeeper: If […]

Verifying Service Mesh TLS in Kubernetes, Using ksniff and Wireshark

Alongside Nic Jackson from HashiCorp, I have recently presented at several conferences and webinars about the need for transport-level encryption that spans end-to-end, or “user to service”, within modern applications. TLS encryption (and termination) for traffic from a user’s browser to the application edge has been a long-standing feature of API gateways, CDNs and edge […]

Kubernetes pod autoscaler using custom metrics

In this post we are going to demonstrate how to deploy a Kubernetes autoscaler using a third party metrics provider. You will learn how to expose any custom metric directly through the Kubernetes API implementing an extension service. Dynamic scaling is not a new concept by any means, but implementing your own scaler is a […]

Deprecated APIs Removed In Kubernetes 1.16

As the Kubernetes API evolves, APIs are periodically reorganized or upgraded. When APIs evolve, the old API is deprecated and eventually removed. The 1.16 release will deprecate APIs for four services: None of these resources will be removed from Kubernetes or deprecated in any way. However, to continue using these resources, you must use a […]

How to detect Kubernetes vulnerability CVE-2019-11246 using Falco.

A recent CNCF-sponsored Kubernetes security audit uncovered CVE-2019-11246, a high-severity vulnerability affecting the command-line kubectl tool. If exploited, it could lead to a directory traversal, allowing a malicious container to replace or create files on a user’s workstation. This vulnerability stemmed from an incomplete fix of a previously disclosed vulnerability (CVE-2019-1002101). Source: sysdig

33(+) Kubernetes security tools

Kubernetes image scanning Kubernetes runtime security Kubernetes network security Image distribution and secrets management Kubernetes security audit End-to-end commercial security tools Join our live session to learn more! Kubernetes security tools … there are so freaking many of them; with different purposes, scopes and licenses. That’s why we decided to create this Kubernetes security tools […]

Incremental App Migration from VMs to Kubernetes: Planning and Tactics

One of the core goals when modernising software systems is to decouple applications from the underlying infrastructure on which they are running. This can provide many benefits, including: workload portability, integration with cloud AI/ML services, reducing costs, and improving/delegating specific aspects of security. The use of containers and orchestration frameworks like Kubernetes can decouple the […]