Kubernetes Security Essentials Course Now Available
The Linux Foundation Training & Certification and the Cloud Native Computing Foundation announced the availability of LFS260 – a Kubernetes Security Essentials course. It aims to be the preparation course for the Certified Kubernetes Security Specialist (CKS).
Containers & Orchestration
Vertical Pod Autoscaling: The Definitive Guide
Vertical Pod Autoscaling, increasing the resource capacity of pods, is commonly used for stateful applications or everywhere where horizontal scaling is not an option. Povilas Versockas gives an in-depth overview of what to consider when utilizing VPA in Kubernetes.
Sonobuoy 0.20: Going Beyond Conformance
Announcing the release of Sonobuoy version 0.20 and looking ahead to 1.0. And it seems like there is a lot to come: "The Sonobuoy team envisions the project will continue to grow as a general cluster-readiness project. In the near future, we will introduce enhancements that make it easier for users to create and manage custom plugins."
Virtual Application Networks (VAN) for Multi-Cloud, Multi-Cluster, and Cloud-Edge Interconnect
"There are various reasons for deploying or replicating an application in multiple locations: geographically distributed applications for enhanced performance and availability, maintain compliance, connected vehicles, local breakouts in 5G, remote edge sites, etc. This requirement makes application-oriented multi-cloud and multi-cluster connectivity an inevitable trend of cloud computing."
Sysdig 2021 container security and usage report: Shifting left is not enough
"[...] we can see that 74% of organizations are scanning container images in the build process. This indicates that container security is shifting left. However, if we look at the runtime scanning data, we see that the majority of images are still overly permissive with 58% of containers running as root. This indicates that while shifting left is a good start and might help catch vulnerabilities sooner, there is still a need for runtime scanning to detect when configuration errors occur.". I couldn't agree more, observing the same daily.
Hardening Docker and Kubernetes with seccomp
By default, containers are way less secure than you might think. Seccomp can help to narrow down a lot of attack vectors. Unfortunately, though, in my daily work with clients, I don't see too much awareness for such topics :(
Announcing CDK for Terraform 0.1
CDK for Terraform now supports Java and C# and has new collaboration features on Terraform Cloud. This release brings us closer to a beta version of CDK for Terraform.
"kubefwd is a command line utility built to port forward multiple services within one or more namespaces on one or more Kubernetes clusters. kubefwd uses the same port exposed by the service and forwards it from a loopback IP address on your local workstation. kubefwd temporally adds domain entries to your /etc/hosts file with the service names it forwards."