April 2020 cloud-native news

Hello, from all of us here at Sysdig! Even when we’re all at home, the cloud-native community remains active with more new projects, articles and content than ever. Here are our highlights on the Cloud-native community from April.

Sign up for our monthly Cloud-native News.

Ping us @sysdig or on our open-source Sysdig Slack group to share your feedback and suggest topics we should include in future issues! You can find previous issues by browsing the archive.

Industry buzz

Attack matrix for Kubernetes

This MITRE ATT&CK-like matrix comprises the major techniques that are relevant to container and Kubernetes security. Are you protected against all of them?

Five things CISOs can do to secure containers

As organizations increase their use of containers and Kubernetes for critical applications, efforts to exploit these technologies escalate as well. Here are five key priorities you can work toward in your organization to counter this risk.

14 Kubernetes interview questions

Are you looking for a Kubernetes-related job? Are you a manager hiring for such a job? Either way, these questions will help you prepare.

Reliable, self-healing Kubernetes explained

In Kubernetes, if an application component goes down, it will be instantly re-deployed to match the desired-state. Discover the implications of this feature, and why Kubernetes is the king of self-healing.

A primer on continuous integration and continuous delivery

Cloud-native has a close relationship with DevOps, and CI/CD are key parts of it. If you want to catch up, here is an exposition on what CI/CD is, what problems it solves and what cool workflows enables.

What’s new in the community?

Provisioning cloud resources in Kubernetes

Are you mixing your Kubernetes applications with external cloud resources? This comprehensive guide will help you succeed on heterogeneous scenarios.

Please don’t evict my pod

We’ve been talking lately about Kubernetes limits and requests, and how pods are evicted when resources are needed. Now, we invite you to discover how to use PriorityClass to avoid your important pods being evicted.

CVE-2020-8551: Kubelet DoS via API

A recent vulnerability has been detected that, if exploited via the Kubelet API, could cause DoS in kubelet v1.17.2, v1.16.6 and v1.15.9. Upgrade now!

Kpt: Packaging up your Kubernetes configuration

Google just announced this OSS tool to help you bundle, publish, customize, update and apply Kubernetes configuration manifests using a standard format.

Following up on the Kubernetes 1.18 release

If you were excited with the Kubernetes 1.18 release last month, you may be interested in these two articles describing some of its main features: The priority and fairness API, and the improved support for windows.

Also, discover what the responsibilities of the Kubernetes release team are, and how to get involved.

What’s New with Sysdig?

We just announced the availability of IBM Cloud’s new IBM cloud service monitoring solution. IBM Cloud users now have a unified solution for monitoring infrastructure, applications and services; it’s also compatible with Prometheus.

This follows our announcement last month of full Prometheus compatibility in Sysdig Monitor. Stay tuned, full Prometheus compatibility will be generally available soon! You probably faced some challenges trying to use Prometheus at scale; those are the same issues we are trying to solve for you at Sysdig.

Want to learn about Prometheus internals? Check this bit on its metric exposing format and the newer open alternative: OpenMetrics. Is Prometheus unbound?

Beyond monitoring, we’ve been working on some Security integrations.

Amazon just announced Fargate 1.4 with support for ptrace, and we’ve been working with them to optimize Falco performance on it. We’ve also launched support for inline image scanning in Tekton pipelines, as well as an admission controller to scan images right before deploying them, using OPA.

If your applications are handling credit card data, then validating PCI Compliance is a must. We just published a bunch of materials (guides, webinars, videos) to help you prepare and discover how automated tools like Sysdig Secure or Falco can help you achieve continuous validation and compliance.

Stay safe. Meet us online:

In the coming weeks, we’ll be hosting some exciting webinars with Q&A sessions. We’d love to talk to you and your team about your cloud-native journey.

Red Hat Summit →
Apr 28 – 29

Top 5 cloud native pipeline security considerations →
Apr. 30 | 10am PDT | 6pm GMT

Moving applications to the cloud?
How top financials reduced their security risk →

May. 7 | 10am PDT | 6pm GMT

Find more Sysdig events →
Browse the On-Demand webinars →

There’s no Instructor Led training happening in these crazy times, so why not check out our online self-paced content on the Sysdig Training Portal.

Master all aspects of Sysdig Monitor and Sysdig Secure, and learn on related topics like Prometheus and PromQL!