Hello, from all of us here at Sysdig! This month the buzz is again security, specifically automating it to ship applications faster. So don’t miss our use case on the subject, among the usual mix of highlights on the Cloud-native community.
We are in the middle of the RSA Conference in San Francisco, we would love to talk with you if you are attending, we are in the booth #4220.
Ping us @sysdig or on our open source Sysdig Slack group to share your feedback or to suggest topics we should include in future issues! You can find previous issues browsing the archive.
Sign up for our monthly Cloud-native News.
Automate security, ship applications faster
Cloud-native security keeps trending each month we sit to prepare this Newsletter. What can we learn about it from last month’s publications?
Security is here to stay
Every analyst saves some space for security in their articles, see the third point in these cloud-native predictions for 2020, and the last of these Kubernetes tips.
There is room for improvement
The AWS container security survey 2019, shows that only 17% of the respondents implemented runtime security.
New tools are designed with automation in mind
Some examples: Microsoft application inspector can find vulnerable points in your source code, Google Cloud Secret Manager helps you store and manage sensitive data, Google Config-Sync is configuration as code, and we just announced Sysdig inline image scanner for CircleCI.
Automating security is the key
Our conclusion from this exercise is that many companies are struggling to implement proper security, and automation might be what they need.
Here in Sysdig, we believe in the power of automation. Check out our Cloud-Native Ecosystem Integrations page and discover how Sysdig Secure can help your ship applications faster without compromising security. Request a demo today!
Industry buzz
Kubernetes operators: 4 facts to know
This article is a great introduction to what Kubernetes operators are and how they can be used to automate many infrastructure tasks.
https://enterprisersproject.com/article/2020/2/kubernetes-operators-4-things-know
Building resilience
What can we learn from safety-critical industries like aviation, healthcare or firefighting? Discover how to build resilience in this talk by @nickstenning
https://www.usenix.org/conference/srecon19emea/presentation/stenning
Are virtual machines dead?
Containers are often seen as the logical replacement for virtual machines. This article discusses some reasons why virtual machines will stay around for a while.
https://neonmirrors.net/post/2020-01/why-k8s-on-vms/
On a similar topic, check out this other approach to VMs: MicroVMs. Will they be the replacement of the current containers?
https://upstart.chrishic.com/the-future-of-containers-whats-next/
What’s new in the community?
Attacking and Defending Kubernetes
The know your enemy principle is a recommended approach to computer security. If you seek to improve your security skills, don’t miss this guide.
https://securekubernetes.com/#getting-started
Want more? Check this other one from gitlab, focused on Google Cloud Platform:
https://about.gitlab.com/blog/2020/02/12/plundering-gcp-escalating-privileges-in-google-cloud-platform/
Use GitHub actions at your own risk
Wow! Wait! Are GitHub actions insecure? Well, skipping the clickbait, this article reminds us of what we already knew for software libraries: Do pin your versions!
https://julienrenaux.fr/2019/12/20/github-actions-security-risk/
OpenShift Authentication Integration with ArgoCD
OpenShift and ArgoCD are the main characters of this guide, but there’s enough background context to get also started on GitOps and RBAC.
https://blog.openshift.com/openshift-authentication-integration-with-argocd/
Know your containers
Want to deepen your containers knowledge? Here is our two-act suggestion. First, did you know you can build containers with tools other than Docker?
https://blog.alexellis.io/building-containers-without-docker/
And second, what are the parts of a container manager? And, what can you learn from creating your own?
https://iximiuz.com/en/posts/conman-the-container-manager-inception/
What’s New with Sysdig?
RBAC support with Sysdig Secure
Learn how to provide visibility to your Secure DevOps team while restricting access to sensitive features, like the container security policy configuration.
https://sysdig.com/blog/rbac-sysdig-secure/
IBM and Sysdig team up to extend security governance
IBM Cloud Pak for Multicloud Management enables you to oversee multiple Kubernetes and OpenShift clusters regardless of where they run. Learn more about MCM and how tightly Sysdig Secure integrates with it.
https://sysdig.com/blog/ibm-sysdig-multicloud-management/
Kubernetes limits and requests.
They are no longer a mystery after reading these articles. Learn what they are, and how to troubleshoot when they are not properly configured.
- Understanding Kubernetes limits and requests by example
- Understanding Kubernetes pod evicted and scheduling problems
- How to troubleshoot Kubernetes OOM and CPU Throttle
Meet us here:
In the coming months we’re headed to some exciting industry events. We’d love to talk to you and your team in person about your cloud-native journey.
Cloud Expo Europe 2020
London | Mar. 11-12
KubeCon Europe 2020 →
Amsterdam | Mar. 30 – Apr. 2 | Booth P18
Google Cloud Next
San Francisco | Apr. 6-8