Hello from all of us here at Sysdig! Starting today, our newsletter has a new name, ‘Cloud-native news,’ to reflect the continuing growth in collecting and curating the latest in cloud-native. We look forward to building our knowledge alongside you as you forge ahead on your cloud-native journey.
Ping us at @sysdig or on our open source Sysdig Slack group to share your feedback or to suggest topics we should include in future issues! You can find previous issues browsing the archive.
Sign up for our monthly Cloud-native News.
SECURITY
33 Kubernetes security tools
A comprehensive Kubernetes security tool directory covering: image scanning, admission policies, runtime security, secret management, Kubernetes security audit, and more.
The CISO’s guide to Kubernetes security
Think about securing Kubernetes from two perspectives: features vs. habits. Features like RBAC or Oauth and habits like software update policies or properly designed logging.
How to detect Kubernetes CVE-2019-11246 using Falco
CVE-2019-11246 is a high-severity vulnerability affecting the kubectl tool. You can use Falco, a CNCF open source project, to detect both phases of the exploit described in this CVE.
Hardening Kubernetes security before using Jenkins X
Before you jump into Jenkins X, you should perform a Kubernetes security hardening. This post highlights the CVEs that can be used to attack your cluster leveraging Jenkins X features.
Kubernetes security using admission webhooks
Kubernetes offers a standardized way to extend cluster manageability and increase security. For instance, you can use admission controllers to integrate with external security platforms.
Creating and deploying honeypots in Kubernetes
Hackers constantly come up with new patterns for attacks. Therefore, it’s important to keep an eye out for new, unexpected threats. Deploying a Honeypot is a fun way to increase your insight.
SYSDIG
Sysdig Secure now integrates with AWS Security Hub
The benefits of Sysdig’s integration with AWS Security Hub include: continuous security based on runtime analysis, security compliance and audit, forensics, and post-mortem analysis.
Infographic: Kubernetes threat landscape
A number of enterprises are scaling Kubernetes in production, yet are not aware of the increasing number of attack vectors that require them to reconsider their security approach.
Feeling lost in the sea of Kubernetes security tools and best practices? Check out Sysdig tech talks and webinars.
KUBERNETES AND OPENSHIFT
What’s new in Kubernetes 1.15?
Another outstanding Kubernetes release, 1.15 focuses on making the CustomResource a first class citizen in your cluster, allowing for better extensibility and maintainability.
To run or not to run a database on Kubernetes
Should you run your database on Kubernetes? On a VM? On a fully managed service provided by your cloud platform? The advice and decision tree in this post will shed some light.
Cloud-native CI/CD with OpenShift pipelines
Starting with OpenShift 4.1, you can try the developer preview of OpenShift Pipelines, Kubernetes-style CI/CD delivery pipelines based on the Tekton project.
Yggdrasil, Envoy control plane for multi-cluster ingress
Yggdrasil is an Envoy control plane that configures listeners and clusters based off Kubernetes ingresses from many Kube clusters, allowing you to deploy a multi-cluster K8S load balancer.
Building your own Kubernetes CRDs
There are multiple Kubernetes projects using CRDs to store custom objects in the API. Would you like to know how to create your own CRDs, learning by example?
Kubernetes: The video game
Enjoy this creative keynote from KubeCon China explaining the Kubernetes ecosystem, from end to end within the context of video games.
Future of CRDs: Structural schemas
Without complete knowledge about the JSON structure of a CRD, you cannot do anything to prevent persistence of unknown data. Structural OpenAPI schema will fill this knowledge gap.
Introducing volume cloning alpha for Kubernetes
Kubernetes v1.15 introduces alpha support for volume cloning. This feature allows you to create new volumes using the contents of existing volumes just using the Kubernetes API.
Internal and external connectivity in Kubernetes space
If you are a newcomer to the Kubernetes space, you may want to read this crash-course to understand how your app components connect to each other and to the outside world.
CLOUD PROVIDERS
Introducing the Jenkins-GKE plugin
While it’s already possible to run Jenkins on GKE, it’s hard to manage robust deployment strategies for your workloads. The Jenkins-GKE plugin will streamline the integration.
How to set up a Cloud IDE platform on DigitalOcean Kubernetes
Learn how to deploy a Microsoft Visual Studio Code multi-user development environment, running on your Kubernetes cluster, available via HTTPS and protected by a password.
Simplify Kubernetes in AWS with the Amazon EKS service
A multi part article detailing the deployment and first steps required to get up to speed with Amazon EKS, extremely detailed and covering the whole procedure with examples.
5 frequently asked questions about Google Cloud Anthos
Anthos’ arrival has generated a lot of inquiries from enterprises looking to move closer to the cloud. Here are five common questions about Anthos.
The IBM cloud podcast miniseries
Introducing a seven-episode miniseries from the IBM Cloud Podcast that will cover all things cloud-native, running Kubernetes in production and the microservices cultural shift.
A GitHub-to-EC2 CI/CD pipeline
A simple template for creating a CI/CD pipeline that automatically picks up new commits from GitHub, builds them with AWS CodeBuild, and deploys them to EC2 using AWS CodeDeploy.