July 2019 Cloud-native News.

Hello from all of us here at Sysdig! Starting today, our newsletter has a new name, ‘Cloud-native news,’ to reflect the continuing growth in collecting and curating the latest in cloud-native. We look forward to building our knowledge alongside you as you forge ahead on your cloud-native journey.

Ping us at @sysdig or on our open source Sysdig Slack group to share your feedback or to suggest topics we should include in future issues! You can find previous issues browsing the archive.

Sign up for our monthly Cloud-native News.


33 Kubernetes security tools

A comprehensive Kubernetes security tool directory covering: image scanning, admission policies, runtime security, secret management, Kubernetes security audit, and more.

The CISO’s guide to Kubernetes security

Think about securing Kubernetes from two perspectives: features vs. habits. Features like RBAC or Oauth and habits like software update policies or properly designed logging.

How to detect Kubernetes CVE-2019-11246 using Falco

CVE-2019-11246 is a high-severity vulnerability affecting the kubectl tool. You can use Falco, a CNCF open source project, to detect both phases of the exploit described in this CVE.

Hardening Kubernetes security before using Jenkins X

Before you jump into Jenkins X, you should perform a Kubernetes security hardening. This post highlights the CVEs that can be used to attack your cluster leveraging Jenkins X features.

Kubernetes security using admission webhooks

Kubernetes offers a standardized way to extend cluster manageability and increase security. For instance, you can use admission controllers to integrate with external security platforms.

Creating and deploying honeypots in Kubernetes

Hackers constantly come up with new patterns for attacks. Therefore, it’s important to keep an eye out for new, unexpected threats. Deploying a Honeypot is a fun way to increase your insight.


Sysdig Secure now integrates with AWS Security Hub

The benefits of Sysdig’s integration with AWS Security Hub include: continuous security based on runtime analysis, security compliance and audit, forensics, and post-mortem analysis.

Infographic: Kubernetes threat landscape

A number of enterprises are scaling Kubernetes in production, yet are not aware of the increasing number of attack vectors that require them to reconsider their security approach.

Feeling lost in the sea of Kubernetes security tools and best practices? Check out Sysdig tech talks and webinars.


What’s new in Kubernetes 1.15?

Another outstanding Kubernetes release, 1.15 focuses on making the CustomResource a first class citizen in your cluster, allowing for better extensibility and maintainability.

To run or not to run a database on Kubernetes

Should you run your database on Kubernetes? On a VM? On a fully managed service provided by your cloud platform? The advice and decision tree in this post will shed some light.

Cloud-native CI/CD with OpenShift pipelines

Starting with OpenShift 4.1, you can try the developer preview of OpenShift Pipelines, Kubernetes-style CI/CD delivery pipelines based on the Tekton project.

Yggdrasil, Envoy control plane for multi-cluster ingress

Yggdrasil is an Envoy control plane that configures listeners and clusters based off Kubernetes ingresses from many Kube clusters, allowing you to deploy a multi-cluster K8S load balancer.

Building your own Kubernetes CRDs

There are multiple Kubernetes projects using CRDs to store custom objects in the API. Would you like to know how to create your own CRDs, learning by example?

Kubernetes: The video game

Enjoy this creative keynote from KubeCon China explaining the Kubernetes ecosystem, from end to end within the context of video games.

Future of CRDs: Structural schemas

Without complete knowledge about the JSON structure of a CRD, you cannot do anything to prevent persistence of unknown data. Structural OpenAPI schema will fill this knowledge gap.

Introducing volume cloning alpha for Kubernetes

Kubernetes v1.15 introduces alpha support for volume cloning. This feature allows you to create new volumes using the contents of existing volumes just using the Kubernetes API.

Internal and external connectivity in Kubernetes space

If you are a newcomer to the Kubernetes space, you may want to read this crash-course to understand how your app components connect to each other and to the outside world.


Introducing the Jenkins-GKE plugin

While it’s already possible to run Jenkins on GKE, it’s hard to manage robust deployment strategies for your workloads. The Jenkins-GKE plugin will streamline the integration.

How to set up a Cloud IDE platform on DigitalOcean Kubernetes

Learn how to deploy a Microsoft Visual Studio Code multi-user development environment, running on your Kubernetes cluster, available via HTTPS and protected by a password.

Simplify Kubernetes in AWS with the Amazon EKS service

A multi part article detailing the deployment and first steps required to get up to speed with Amazon EKS, extremely detailed and covering the whole procedure with examples.

5 frequently asked questions about Google Cloud Anthos

Anthos’ arrival has generated a lot of inquiries from enterprises looking to move closer to the cloud. Here are five common questions about Anthos.

The IBM cloud podcast miniseries

Introducing a seven-episode miniseries from the IBM Cloud Podcast that will cover all things cloud-native, running Kubernetes in production and the microservices cultural shift.

A GitHub-to-EC2 CI/CD pipeline

A simple template for creating a CI/CD pipeline that automatically picks up new commits from GitHub, builds them with AWS CodeBuild, and deploys them to EC2 using AWS CodeDeploy.