Amazon’s Bottlerocket is a new Linux-based open-source operating system that’s designed with containers in mind. Bottlerocket is optimized and stripped down to only the essential software needed to run containers. You can apply updates to Bottlerocket in a single step, and roll them back instantly if necessary. And, because it’s open-source, you can customize the operating system to fit your specific needs.

Sysdig is pleased to support AWS today in their GA launch of Bottlerocket, a special-purpose operating system designed for hosting Linux containers. Orchestrated container environments run potentially hundreds of compute nodes. Operating general-purpose Linux on container hosts introduces complexity for IT teams who must patch and update packages across their clusters. Worse, features and packages that are not necessary for running containers, introduce unnecessary security exposure.

In surveys about why organizations adopt Kubernetes, a desire to reduce overall IT costs is an oft-cited reason for adopting containers and Kubernetes. Yet after the fact, when organizations talk about surprises during Kubernetes adoption, many cite increased costs. So does Kubernetes reduce costs or not? Like so many things in life, it depends. Here are some of the reasons Kubernetes projects come in over-budget and how to avoid them.

We are excited to partner with AWS in launching AWS Bottlerocket, a container optimized operating system. Bottlerocket gives DevOps teams speed, efficiency and security in containerized environments.

New Kubernetes versions are released multiple times per year, and you must upgrade your EKS cluster periodically to stay up to date. In this blog post we will go over the steps required to safely upgrade your production EKS cluster managed by Terraform. At Blue Matador, we use Terraform to manage most of our AWS infrastructure, and our EKS cluster is no exception. We use the eks module, which provides a lot of functionality for managing your EKS cluster and worker nodes.

Kubernetes is an open-source platform for container orchestration. You can use it to deploy a highly resilient, self-healing infrastructure using automation and infrastructure as code (IaC). Kubernetes includes features for zero downtime deployments, scaling, automatic rollout and rollback of updates, and service discovery. Kubernetes is designed to help you manage container deployments at scale via REST API.

We are very pleased to announce that we have received Federal Information Processing Standards (FIPS) Validation (CMVP Cert #3702) for the D2iQ Kubernetes Platform (DKP). With FIPS validation, U.S. public sector organizations can accelerate adoption of the D2iQ Kubernetes Platform to more quickly and securely build and deploy cloud native applications and services.

In an era where container technologies have taken the industry by storm, one of the most common online searches on the topic of containers is ‘Kubernetes vs Docker’. The relevance and accuracy of this comparison is questionable, as it is not really comparing apples to apples. In this blog post, we will attempt to clarify both terms, present their commonalities and differences, and help users better navigate the ever-growing container ecosystem.

As a network of microservices changes and grows, the interactions between them can be difficult to manage and understand. That’s why it’s handy to have a service mesh as a separate infrastructure layer. A service mesh is an approach to solving microservices at scale. It handles routing and terminating traffic, monitoring and tracing, service delivery and routing, load balancing, circuit breaking and mutual authentication.

In today’s economy, digital assets (applications, data, and processes) determine business success. Cloud-native applications are designed to iterate rapidly, creating rapid time-to-value for businesses. Organizations that are able to rapidly build and deploy their applications have significant competitive advantage.

Innovation. Scale. Power. These are just a few of the words used to describe the explosive impact that Kubernetes is having on the organizations leveraging it for their innovation efforts. Kubernetes gives organizations the ability to run Kubernetes clusters at scale across different cloud infrastructures and distributions. But as the number of clusters and workloads grow, it can be increasingly difficult to manage and create consistency across your organization’s digital footprint.

KubeCon + CloudNativeCon Europe 2020 Virtual happened online, August 18-20. It was the first virtual KubeCon, due to the coronavirus pandemic. I was happy to attend, although this was the second straight virtual conference I’ve participated in that ran on Amsterdam time. I did make it up for the 4 AM Pacific time start, though, and I was ready to go. As I got settled in, in front of my laptop, I knew I would be missing the hallway track a lot.

Kubernetes typically follows a quarterly release cycle. However, 2020 has been an unprecedented year so far, one that has impacted many contributors and businesses. The Kubernetes community responded to the challenges of 2020 by making some changes to the Kubernetes 1.19 release timeline. These changes extended the release cycle to allow more release candidates to be built while giving the community more time to focus on the enhancements that would be delivered.

So you’ve got a shiny new Kubernetes cluster up and it’s a dream. Deploying code is easy, scaling is a breeze, and you’ve never felt so efficient. However, despite claims that Kubernetes is self-healing, there’s still a nagging feeling in the back of your mind that wants to make sure your cluster is running smoothly. Just like any other tool, you need a monitoring solution to give you insight into Kubernetes.

Organizations are turning in droves to Prometheus to monitor their container and microservice estates, but larger companies often run headlong into a wall: They face scaling challenges when they move beyond a handful of apps.

Canonical today announced full enterprise support for Kubernetes 1.19 spanning from public cloud to the edge, covering Charmed Kubernetes, MicroK8s and kubeadm. “As with all releases, Canonical is committed to fast following so that users benefit from the latest features, lifecycle operations and enterprise support in line with the upstream. With Kubernetes 1.19, MicroK8s and Charmed Kubernetes also bring enhanced security and carrier grade features.

As the cloud-native ecosystem continues to evolve, many alternative solutions are popping-up, that challenges the status quo of application deployment methodologies. One of these solutions that is quickly gaining traction is Unikernels, which are executable images that can run natively on a hypervisor without the need for a separate operating system.

Kubernetes upgrades are always a tough undertaking when your clusters are running smoothly. Upgrades are necessary as every three months, Kubernetes releases a new version. If you do not upgrade your Kubernetes clusters, within a year, you can fall far behind. Rancher has always focused on solving problems, and they are at it again with a new open source project called System Upgrade Controller. In this tutorial, we will see how to upgrade a K3s Kubernetes cluster using System Upgrade Controller.

The problem with a majority of governance models is that they aren’t continuous. As development teams adopt cloud native technologies and evolve to more agile methods, such as continuous flow and continuous iteration, they are up against decades of policy that assume an older model and don’t fit into a month-long sprint. While governance models need to be restructured, if they’re too restrictive, it can discourage developers and prevent innovation.

In this blog post, we are going to explain how to monitor Harbor container registry with Prometheus metrics. Harbor is an open-source container registry, originally developed by VMware and now under the CNCF umbrella. Although many of us typically use hosted container registries such as DockerHub, Quay, ECR, GCR, or ACR, when you need a self-hosted registry, Harbor is a great choice. Harbor provides great features such as RBAC, replication, and image scanning.

It’s one thing to build a Kubernetes log management strategy that only needs to support Kubernetes. But most organizations don’t have that luxury. They have log management practices already in place for other types of platforms or infrastructure, and they need to extend them to support Kubernetes. How can you do that in an efficient way? Keep reading for tips on integrating Kubernetes logging data into your existing log management workflow without rebuilding from the ground up.

Kubernetes (or “K8s”) is an open-source container orchestration tool developed by Google. In this tutorial, we will be leveraging the power of Kubernetes to look at how we can overcome some of the operational challenges of working with the Elastic Stack.

Sometimes technology partnerships are greater than the sum of their parts. That’s the case with two Swiss companies who have come together to deliver Kubernetes solutions to their customers. VSHN is Switzerland’s leading 24/7 cloud operations partner and first Kubernetes Certified Service Provider. amazee.io is an open source container hosting provider that offers flexible solutions built for speed, security and scalability.

Rancher Labs’ recent launch of Longhorn was in response to DevOps’ distress call for a cloud-native persistent storage solution for Kubernetes. At the time, industry pundit Chris Mellor posted that the company had entered into direct competition with its partners Portworx and Storage OS. A healthy dose of coopetition may be more like it.

Helm was born during the Pycon conference in 2013. Well, it wasn’t exactly Helm, it was Docker. It took Mr. Solomon Hykes a little over five minutes to completely change computing history. Ok, I admit that not everyone knows about -and uses- Docker and/or Kubernetes, but there is one fact that is undeniable: Helm in November 2019 had a million downloads and that is something important. We will see why.

The Rancher Academy launched on May 15, 2020. Here we are, 94 days later, and we’ve issued our 1,000th certificate to a graduate of the Certified Rancher Operator: Level 1 course. Rancher is open source software, so anyone can download it and use it. With that freedom, though, comes a cost: we all learn how to use it according to how we need to use it. Through this lens, the actual potential of Rancher becomes distorted, and the experience of each individual varies widely.

The standard Command Line Interface for Kubernetes (kubectl) is a very powerful tool for debugging or monitoring purposes. It is very inefficient, but just if you want to get a high-level overview of your Kubernetes cluster or want to work with multiple resources at the same time. A large number of graphical Kubernetes dashboards exist today and chances are that you already used the default Kubernetes dashboard or the one that comes with your cloud provider.

COVID-19 is leading to large-scale migrations away from on-premises environments, according to Codefresh’s second annual State of DevOps survey that revealed this and other surprising insights into the continued evolution of the industry. At the same time, DevOps automation continues to expand in scope and complexity with more and more processes becoming automated, and more involved technologies like Kubernetes continuing to gain strong traction.

Kubernetes as a project is maturing, support has been increased from nine to 12 months, and there’s a new protocol in place to ensure a steady progress on feature development. Also, many of its new features are meant to improve the quality of life of its users, like Generic ephemeral inline volumes, or the structured logging.

The National Institute of Standards and Technology (NIST) Special Publication on Container Security provides a comprehensive review of the major risks for core components of a container system. One of the most obvious objects of concern (alongside a host of other things to keep a good security professional up at night) is, of course, the containers running on your platform. Container security is obviously critical to your applications and data.

Implementing AppDynamics in a k8s environment? In this post, I’ll discuss what's new and best practices to get started quickly.

Running Kubernetes applications requires visibility into not only the overall performance of clusters but also the health of individual pods, deployments, and other resources that make up your environment. Datadog already integrates with your containerized environments and includes features like the Live Container view and the Container Map, enabling you to easily monitor Kubernetes and container runtime performance in real time and get deep visibility into clusters.

Today, we are excited to share our Sysdig 2020 Container Security Snapshot, which provides a sneak peak into our upcoming 2020 Container Usage Report As containers and Kubernetes adoption continue to increase, cloud teams are realizing they need to adopt a new workflow that embeds security into their DevOps processes. Secure DevOps, a variation of DevSecOps, embeds security and monitoring throughout the application lifecycle, from development through production.

In our final article on Kubernetes RBAC, we are focusing on RBAC itself. Everything else in the series led towards this key piece. In part one we discussed authentication and authorization on a high level and in part two we focused specifically on authentication. Now let’s dive into authorization.

As various teams within your organization are discovering new ways to leverage Kubernetes, they’re adopting a growing number of clusters to support their project efforts. Unfortunately, this is where many of the challenges begin. While managing one Kubernetes cluster is not trivial, trying to manage multiple Kubernetes clusters across multiple environments becomes exponentially more difficult.

KubeCon Europe 2020 is virtual this year, and Elastic is doing our part to help "keep cloud native connected." We would rather be there in person to shake hands, tell stories, and laugh, but the challenges of a virtual conference also provide the opportunity to share great content and materials that we might not be able to at a crowded booth.

With more engineering teams adopting Kubernetes as their container orchestration platform, new challenges emerge in giving your entire team visibility into Kubernetes for monitoring, debugging, and deployment. We’ve heard consistent feedback from developers and infrastructure teams about the observability gaps that exist between underlying Kubernetes infrastructure and deployed services.

How much does your Kubernetes service cost to operate? This seems like a simple question, right? It’s one thing to say how much your Kubernetes cluster itself costs to operate — that, after all, is a group of real servers, associated with a specific number.

If you’re a gamer, you probably know how immersed you can get in your favorite game. Or if you’re the parent or partner of a gamer, you probably know what it’s like to try to get the attention of someone who is in “gaming mode.” Creating worlds and enriching players’ lives is in Ubisoft’s DNA.

Hybrid cloud infrastructures run critical business resources and are subject to some of the strictest network security controls. Irrespective of the industry and resource types, these controls broadly fall into three categories. Workloads (pods) running on Kubernetes are ephemeral in nature, and IP-based controls are no longer effective. The challenge is to enforce the organizational security controls on the workloads and Kubernetes nodes themselves.

Businesses of all shapes and sizes are taking advantage of the hundreds of technology services that the cloud native landscape offers. Every few months, new open source projects, databases, and developer tools are coming out, and it’s empowering innovation across enterprises like never before.

Since the VMware Tanzu portfolio was introduced last year at VMworld, we have brought to market multiple Tanzu products and services to help our customers deliver better software faster, by automating the modern app lifecycle, running Kubernetes across clouds, and unifying and optimizing multi-cloud operations.

During my career, I’ve taken part in many on-call rotations and post-mortems. The longest on-call rotation I’ve ever had — no breaks, vacations, or holidays — lasted for a whopping 2.5 years at Lucid Software. I’m jaded. I strongly prefer stability to tinkering with shiny new toys. Very few software engineers start this way, but enough of them make the transition after having been bit enough times by a bad release.

For our second community meetup we focussed on using Civo for CI/CD through GitOps and Github actions for cloud native application development This installment featured talks from our CTO Andy, our Developer Advocate Kai, and guest talks from community members Sam Weston and Johannes Tegnér. The talks touched on a wide variety of topics within CI/CD, from automating builds to monitoring and observability. Here's what was on the agenda...

Discover what registry scanning is, how it helps with shifting security left, and how you can implement it using Harbor and Sysdig. Shifting security left is all about moving security to the earliest possible moment in the development process, dramatically improving “time to fix” and security impact. In this article, we’re going to show you how to shift left with Harbor registry and Sysdig Secure.

In the pre-Kubernetes, pre-container world, backup and recovery solutions were generally implemented at the virtual machine (VM) level. That works for traditional applications when an application runs on a single VM. But when applications are containerized and managed with an orchestrator like Kubernetes, this system falls apart. That means effective disaster recovery (DR) plans for Kubernetes must be designed for containerized architectures and natively understand the way Kubernetes functions.

In the world of containers and Kubernetes, observability is crucial. Cluster administrators need visibility into the infrastructure and cluster operators need to know the status of their workloads at any given time. And in both cases, they need observability into moving objects. This is where Metricbeat and its autodiscover feature do the hard part for you.

The Kubernetes 1.19 release candidate is now available for download and experimentation ahead of general availability later this month. You can try it now with MicroK8s. To get the latest Kubernetes on your machine, install MicroK8s and get a lightweight, zero-ops K8s cluster in no time: Or install from https://snapcraft.io/microk8s and select 1.19/candidate You can install MicroK8s on Ubuntu and all major Linux distributions or on Windows and macOS using native installers.

You’re deploying Kubernetes, congratulations! This is an important first step toward a faster path to production. Your next step should be to download the new beta of VMware Tanzu Application Service. Better software does not add value unless it furthers an organization’s business goals, and regardless of what your organization’s business goals are, Kubernetes in combination with Tanzu Application Service will help you reach them.

Logs, metrics and traces are the three pillars of the Observability world. The distributed tracing world, in particular, has seen a lot of innovation in recent months, with OpenTelemetry standardization and with Jaeger open source project graduating from the CNCF incubation. According to the recent DevOps Pulse report, Jaeger is used by over 30% of those practicing distributed tracing.

Kubernetes has a lot of features and deployment options for running containers. One of these is the DaemonSet. In this blog post, we’ll discuss what a DaemonSet is, what it can be used for, and how to create and update them.

Elastic Container Service (ECS) is the fully managed container orchestration service by Amazon. Combined with Fargate, Amazon’s serverless compute engine for containers, you can run your container workload without the need to provision your own compute resources. But how can you consolidate and query all of your logs and metadata for these workloads? Enter Loki, the log aggregation system from Grafana Labs that has proven to increase performance and decrease costs.

Learning how to monitor etcd is of vital importance when running Kubernetes in production. Monitoring etcd will let you validate that the service performs as expected, while detecting and troubleshooting issues that could take your entire infrastructure down. Keep reading to learn how you can collect the most important metrics from etcd and use them to monitor this service. etcd is a foundational component of the Kubernetes control plane.

Microsegmentation is a security technique that is used to isolate workloads from one another. Microsegmentation limits the blast radius of a data breach by making network security more granular. Should a breach occur, the damage is confined to the affected segment. Application workloads have evolved over time – starting from bare metal, to a mix of on-prem and cloud virtual machines and containers.

When monitoring third-party applications with Prometheus, you’ll need an exporter if the application doesn’t already expose metrics in the appropriate format. How do you find an appropriate exporter, and once you have your exporters, how should you organize your label taxonomies to reflect your infrastructure? Many applications in the systems you’re in charge of will be third-party applications, which do not natively expose Prometheus-formatted metrics.

PostgreSQL is an open source database known for its reliability and performance. It’s used across many industries and applications, and is especially a favorite of web developers. All major web frameworks support PostgreSQL natively, from node.js and Django to Rails and Spring, so its adaptation is relatively broad across the internet for site backend systems. As with any database, developers need tools to work with them. Pgweb is an open source, web-based client for PostgreSQL.

Recently we hit the infamous kmem bug in our internal Production Konvoy Cluster. We discovered that we were having this issue after users began reporting a particular CI Job was failing intermittently throughout the Cluster with the following error: From the Pod Logs: From the Kernel Logs.

Many organizations use Kubernetes to quickly ship new features and improve the reliability of their services. Rancher enables teams to reduce the operational overhead of managing their cloud-native workloads — but getting continuous visibility into these environments can be challenging. In this post, we’ll explore how you can quickly start monitoring orchestrated workloads with Rancher’s built-in support for Prometheus and Grafana.

Having a proper backup recovery plan is vital to any organization's IT operation. However, when you begin to distribute workloads across data centers and regions, that process begins to become more and more complex. Container orchestration platforms such as Kubernetes have begun to ease this burden and enabled the management of distributed workloads in areas that were previously very challenging.

VMware Tanzu Application Service 2.10 is now generally available (GA) on the Tanzu Network. As SpringOne approaches, it’s only fitting to have a new Tanzu Application Service release to talk about. Spring and Tanzu Application Service is the dynamic duo that drives superior business outcomes for enterprises around the world.