Over the years the adoption of Elasticsearch and its ecosystem of tools positioned them as the leaders in the time series data management and analysis market. With strong search capabilities, great analytical engine, Kibana as the flexible frontend and a number of data shippers enable building of end to end data processing pipeline using components designed to work with each other. Very simple setup and configuration resulted in high adoption rates and the whole stack gaining more and more users.
Kubernetes provides several built-in security capabilities, including network security, resource isolation, access control, and logging and auditing. One of the more recent security capabilities is a group of plugins known as admission controllers.
Calico is a popular CNI plugin for Kubernetes. It leverages Border Gateway Protocol (BGP) for communicating routes available on nodes. This method fosters a highly scalable networking model between our workloads.
This week we have a number of articles from the Grafana Labs blog we’d like to share, plus a new panel plugin and other updates. Also, take a look at our upcoming events. If you’re going to be attending any of them, please come and say hello!
In an integrated on-call incident management tool, automated and manual escalations built for human workflows become essential. In part 4 of our reducing MTTA series, we’ll talk about how you can create a system for rapid incident response through optimized escalation processes. Being able to quickly reroute an incident and involve the right people and teams from the get-go allows on-call responders to acknowledge and remediate incidents faster.
As it is already a tradition, here we are with What’s new for Kubernetes 1.14. Here at Sysdig we follow the Kubernetes development cycle closely in order to bring you a sneak peak of the enhancements and new features that Kubernetes 1.14 will contain when released on March 25, 2019.
This week CVE-2019-3874 was discovered which details a flaw in the Linux kernel where an attacker can circumvent cgroup memory isolation using the SCTP socket buffer. In containerised environments, this has the potential for a container running as root to create a DoS.