Hello from all of us here at Sysdig! In this edition of Cloud-native News, we have a lot of exciting content, including new players joining the Kubernetes world, recently discovered vulnerabilities, and fresh tools that just came out of the forge!
Sign up for our monthly Cloud-native News.
Netflix discovers severe HTTP/2 vulnerabilities.
Verifying service mesh TLS in Kubernetes
With Ksniff and Wireshark you can inspect the traffic, test if your encryption is actually working and even check if your are using the latest TLS version.
Kubernetes security audit: What GKE and Anthos users need to know
The CNCF just published the first security audit on Kubernetes, now Google offers his thoughts about the results and some recommendations to their GKE and Anthos users.
Using Conftest and Kubeval with Helm
Config errors are easy to make and can be rather dangerous. If Helm is your package manager, you can use the Helm Kubeval plugin to check your configurations.
Policing through policy
Permissions or policies? Let’s take a drive and reflect on why policies are such a good fit for Kubernetes.
Kubernetes security (sketch series)
Kubernetes threat landscape infographic
A number of enterprises are scaling Kubernetes in production, yet are not aware of the increasing number of attack vectors that require them to reconsider their security approach.
VMworld 2019: VMware doubles down on Kubernetes
After the acquisition of Heptio and Pivotal we knew VMWare was committing strongly to the cloud-native space. With the announcements of Tanzu and Project Pacific they just consolidated their position.
How does ‘kubectl exec’ work?
It’s one of the basic Kubernetes commands, but have you ever stopped to think how ‘kubectl exec’ really works?
Adopting Istio for a multi-tenant Kubernetes cluster
Managing a 100+ service cluster is a real challenge, adopting Istio in the whole cluster is a huge milestone with many lessons worth learning.
Provision k3s on the fly with k3sup
k3s is already 5 numbers simpler than Kubernetes, and it gets even better when you can provision new nodes in a few seconds with tools like k3sup.
Running Spark with Jupyter Notebook & HDFS on Kubernetes
Big data services like Spark often run huge sporadic queries, like monthly reports. Thanks to Kubernetes you can deploy new Spark workers on demand to handle demand bursts.
Local development tools series
CDC pipeline with Red Hat AMQ Streams and Red Hat Fuse
Red Hat AMQ Streams now ships with CDC features, and it takes just a few steps to setup a CDC pipeline for a MySQL database.
Running Kubernetes end-to-end tests with Kind and Github actions
Github actions integrates seamlessly with Docker, how awesome is that? KinD is just the missing link you need to run tests from Github on a Kubernetes cluster.
Hardware accelerated transcoding in Kubernetes
Compute intensive tasks like transcoding or machine learning benefit from specialized hardware. Thanks to these intel plugins you can hardware accelerate your pods.
Bringing shielded VMs to GKE with Shielded GKE Nodes
Protecting your nodes is protecting your microservices, that’s why Google is starting to offer extended security protection in their GKE nodes.
How I moved my Kubernetes project to Amazon EKS in 4 hours
Moving between Kubernetes providers should be seamless, in practice it’s really easy although there are a few particularities to each service.
Bootstrapping Kubernetes on AWS with Cluster API
Cluster API aims to standardize processes between providers, so you could create a Kubernetes cluster in AWS without any AWS specific commands.
Deploying GitOps with Weave Flux and AWS EKS
Flux is now part of the CNCF Sandbox, let’s celebrate by showing how to use Flux to deploy into AWS EKS.