The Official Sysdig Blog
Author - mateo
Kubernetes Security Guide, Chapter 3. Securing Kubernetes components: kubelet, etcd and Docker registry
In this chapter of the Kubernetes security guide, we are going to cover best practices related to sensitive Kubernetes components and common external resources like the Docker registry. We will learn how…
Kubernetes Security Guide, Chapter 2: Kubernetes Security Context and Kubernetes Network Policy
Once you have defined Kubernetes users and services credentials and permissions, we start leveraging Kubernetes orchestration capabilities to configure security at the pod level. We will learn how to use Kubernetes Security…
Kubernetes Security Guide, Chapter 1: Kubernetes RBAC and TLS certificates
RBAC security context is a fundamental part of your Kubernetes security best practices, as well as rolling out TLS certificates / PKI authentication for the core Kubernetes API server. We will learn…
Sending Kubernetes & Docker events to Elasticsearch and Splunk using Sysdig
In this article we are going to see how to aggregate Kubernetes / Docker events and alerts into a centralized logs system like Elasticsearch and Splunk. Logging engines are a great companion…
How to monitor Istio, the Kubernetes service mesh
In this article we are going to deploy and monitor Istio over a Kubernetes cluster. Istio is a microservice mesh platform that offers advanced routing, balancing, security and high availability features, plus…
How to build a Kubernetes Horizontal Pod Autoscaler using custom metrics
The default Kubernetes Horizontal Pod Scaler (HPA) uses CPU load, in this article we will show how to configure it to pivot over any other monitoring metric implementing and extending the Kubernetes…
How to deploy Openshift on AWS
In the following tutorial we will show how to quickly boot an OpenShift Origin multinode deployment on Amazon AWS using CloudFormation and Ansible. We found the reference architecture had too many additional…
Integrating Prometheus alerts and events with Sysdig Monitor
Prometheus alerts: Sysdig ♥ Prometheus (part II) If you already use (or plan to use) Prometheus alerts and events for application performance monitoring in your Docker / Kubernetes containers, you can easily…
Kubernetes Security: How to harden internal kube-system services
Are you looking at how to improve your Kubernetes security?. We have put together here the best practices for implementing run-time security on the kube-system components (kubelet, apiserver, scheduler, kubedns, etc) deployed…
Sysdig Secure, Docker native run-time security
The veil has lifted! Sysdig Secure was officially launched last month. Now the Sysdig commercial offering includes run-time security for Docker and microservices. Natively integrated with key container orchestration technologies like Kubernetes,…
