Hello, from all of us at Sysdig!
Thanks to cloud applications, people can keep shopping, connecting with friends, and working from home during this global pandemic. As a result, new companies are jumping to the cloud. Whether you’re just getting started with Kubernetes, or have experience, we’ve compiled some cloud-native highlights for you.
- Getting started with Kubernetes
- Industry buzz
- What’s new in the community?
- What’s new with Sysdig?
- Meet us online
Sign up for our monthly Cloud-native News.
Ping us @sysdig or on our open-source Sysdig Slack group to share your feedback and suggest topics for future issues! Previous editions are in the archive.
Getting started with Kubernetes
If you’re beginning on your cloud-native journey, here are a few Kubernetes tips:
Start with the basics
- Keep these in mind before migrating to Kubernetes.
- Boost your Kubernetes knowledge, here are five ways to do it.
- Avoid the most common Kubernetes mistakes.
- Learn the difference between Kubernetes apply, replace and patch.
Know your containers & deployments
- Did you know that you need containers to build an image?
- Experiment and learn by creating your own simplified container system.
- Beyond containers, here is how to make a Helm chart in 10 minutes.
- And here are some options to manage Helm charts.
Try something new, like these advanced topics
- Declare your infrastructure with the Kubernetes provider for Terraform.
- Get started with GitOps (plus Kustomize) with this example repo structure.
- Use SSL certificates in your Kubernetes Ingress.
- Secure your cluster with Gatekeeper.
Industry buzz
Blacks live matter
Many cloud-related companies showed their support to the BLM movement, including Sysdig. Here are some thoughts on how the tech community can provide further support.
🎂 Happy birthday, Kubernetes
Kubernetes turned six at the beginning of the month, happy birthday! Don’t miss this podcast with the creators of Kubernetes looking back through the years.
While we celebrate, let’s look at six things you might not know about Kubernetes.
The edge you need to keep moving forward
During the global pandemic, cloud applications kept businesses moving forward: People could shop, connect with friends and work from home. This article provides tips for successfully moving to the cloud with Secure DevOps, and can be interesting for your less cloud-savvy colleagues.
In other news…
- Here are 6 security best practices for Kubernetes deployments.
- Riskified recently shared their experience using GitOps with ArgoCD.
- Noah Kantrowitz shared some tips after using Kubernetes for two years.
- Thinking on going serverless? Check these DevOps considerations before.
- Check these 5 open source projects that make Kubernetes even better.
What’s new in the community?
Supporting the evolving Ingress specification in Kubernetes 1.18
Ingress saw a revamp in Kubernetes 1.18, and it’s getting ready for GA in 1.19. Learn what has changed and what you need to adopt this new specification.
About CVE-2020-8555
This server side request forgery vulnerability affects kube-controller-manager from v1.15 to v1.18. Here is a behind the scenes look from the team that discovered it.
Extra: here is how to use Falco to detect if CVE-2020-8555 is being exploited.
Know your attack vectors
These two articles describe two known attacks on Kubernetes and how to mitigate them. The first is to steal credentials on ECS, the second is to do privilege escalation on GKE.
Some extras…
- Google bug bounty program now includes GKE privilege escalations.
- LearnK8s has shared a thorough comparison of K8s managed services.
- An introduction to cloud bursting and how it can help with demand spikes.
- This is a nice comparison between popular logging stacks: EFK vs PLG.
- Kubetap helps you deploy intercepting proxies for Kubernetes Services.
- Use this tool to ensure image availability and avoid deployment errors.
What’s New with Sysdig?
New and improved dashboards
We just released a lot of new features for Sysdig Monitor dashboards, including support for PromQL, team sharing, an improved UX, predictions… and much more!
Read all about it and discover what new possibilities are now unlocked.
Attack of the mutant tags!
The image you scanned might not be the image you’re deploying. Discover mutant tags, the problems associated with them and mitigation strategies.
Detect reverse shell with Falco and Sysdig Secure
A reverse shell can provide unwanted access to your machine, even if you don’t have sshd installed. Learn how this attack works and how to detect it using Falco.
And also…
- We explain how to monitor AWS Fargate with Prometheus.
- Sysdig Secure is now available for IBM Cloud Pak customers.
- Azure you shot an ARO through our hearts, here is how to confidently observe and secure Azure Red Hat OpenShift with Sysdig and Arctiq.
Stay safe. Meet us online:
Building healthy
cloud native software
June 25 | 10am PDT | 7pm CEST
Secure DevOps virtual meetup
Europe June
June 25 | 12pm BST | 1pm CEST