Hello, from all of us at Sysdig!
One of the barriers to cloud security and monitoring adoption is the complexity of tools. With that in mind, we are thrilled to announce a new, streamlined, five-minute setup for Sysdig. This newsletter will give you the highlights of our new launch, along with a compilation of tips to get started with Kubernetes. Don’t miss our cloud-native highlights!
- Getting started with Kubernetes
- Industry buzz
- What’s new in the community?
- What’s new with Sysdig?
- Meet us online
Sign up for our monthly Cloud-native News.
Ping us @sysdig or on our open-source Sysdig Slack group to share your feedback and suggest topics for future issues! Previous editions are in the archive.
Getting started with Kubernetes
If you’re beginning your cloud-native journey, here are a few Kubernetes tips:
Is Kubernetes for you?
- This analogy can help you understand what Kubernetes is all about.
- Learn 4 ways to add automation to help save your IT budget.
- Here’s what to keep in mind when architecting your cluster size.
Start with the basics
- These resources will let you understand the hardest parts of Kubernetes.
- And the official training courses can help you to get up to speed.
- How can operators assist you? Learn here.
- Running as root is not the same as running as privileged.
Do some experiments
- You just need to follow a few steps to set up a minimum viable cluster.
- And this is the simplest Kubernetes dashboard.
- You can try installing a load balancer in your home cluster.
- Get started with gitops and Terraform.
- Or take a look at OPA, a cloud-native security project.
Deploy Faster
by Automating Container Security, Monitoring and Compliance
August 6 | 10am PDT | 7pm CEST
Try Sysdig Today! With our simplified onboarding you can get results after just a five-minute setup.
Industry buzz
CNCF scales their sandbox approval process
A new, simplified process will increase the acceptance of the latest projects into the first level within the CNCF – the Sandbox.
We’ve already seen a flurry of CNCF activity, with the graduation of Harbor, then the SPIFFE, SPIRE, and Contour Incubation approvals. The CNCF is also taking charge of Red Hat’s operator framework.
5 Problems with Kubernetes cost estimation strategies
Optimizing resource usage can reduce your infrastructure cost and also make it easier to estimate in the future. Learn how in this article.
Scaling the hottest app in tech on AWS and Kubernetes
HEY, the new email client, recently took the tech world by storm. In this interview, learn what challenges they faced and how they scaled to meet demand.
In other news…
- KubeCon Europe will be a virtual event, and tickets are now discounted!
- Suse just acquired Rancher Labs.
- Discover how chaos engineering can improve your security.
- Learn more about continuous delivery with these 7 design patterns.
- On service meshes, here’s how Istio compares to Linkerd.
What’s new in the community?
Getting started with Kubernetes authentication
This article covers the basics of Kubernetes authentication.
And for the advanced users, here’s how to set up the OICD issuer discovery for Kubernetes service accounts, and here’s how to integrate with LDAP.
About CVE-2020-8557 and CVE-2020-8559
With CVE-2020-8559, an attacker can compromise other nodes by intercepting and redirecting certain requests to the Kubelet.
Also, CVE-2020-8557 can be exploited by writing into /etc/hosts to cause a denial of service (DoS). Here is how to detect such a scenario with Falco.
Conftest joins OPA
Conftest has formally joined the OPA project. Here is a good introduction into OPA and Conftest, and you can find some more Conftest examples in this article.
When it comes to validating Kubernetes YAML, this is how Conftest compares with its alternatives.
Some extras…
- Here, you can learn how ConfigMaps work in Kubernetes.
- This is a nice roundup of the current state of Kubernetes threat modelling.
- Learn how to break from a privileged container.
- Infrastructure as code is a thing with this development kit for Terraform.
What’s New with Sysdig?
Simplified and guided onboarding + the 5 essential workflows
Today, we announced a streamlined and guided five-minute setup for the five core security, compliance, and visibility workflows that organizations need to get started with Kubernetes and containers.
We also announced Sysdig Essentials, a new pricing tier. Delivered as an SaaS solution, Sysdig Essentials packages the five essential workflows. The workflows include image scanning, Kubernetes and container monitoring, application and cloud service monitoring, runtime security, and compliance.
12 container image scanning best practices
Image scanning is a key function to embed into your secure DevOps workflow. With these 12 tips and best practices for image scanning, discover how you can detect and block vulnerabilities before they become exploited.
And also…
- Don’t miss our Kubernetes monitoring guide.
- Or our best practices for alerting on Kubernetes, with PromQL examples.
- Discover how to protect your containers with file integrity monitoring.
- Read how Pike13 is maximizing application uptime with ECS and Sysdig.
- And before you go, please spend 10 minutes taking the Puppet 2020 State of DevOps survey. We’re sponsors of the annual report!
Stay safe. Meet us online:
Deploy Faster
by Automating Container Security, Monitoring and Compliance
August 6 | 10am PDT | 7pm CEST
Image Scanning Best Practices for Containers and Kubernetes
July 29 | 10am PDT | 7pm CEST
Secure DevOps Virtual Meetup Europe July
July 30 | 12pm BST | 1pm CEST