High availability (HA) for MicroK8s, the lightweight Kubernetes, is now available as a tech preview for Linux, Windows and macOS. The Kubernetes control plane can now be distributed across multiple nodes, bringing resiliency to the cluster while maintaining a low footprint using Dqlite, the distributed SQL engine as the Kubernetes datastore.
New Kubernetes Node Vulnerability (CVE-2020-8558) bypasses localhost boundary A security issue was discovered in kube-proxy which allows adjacent nodes/hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace (host network). This breaks security assumptions made by services listening on localhost.
Netflix, Amazon, Google, Facebook, and a host of other companies have adopted chaos engineering, which encourages designing systems to proactively ward off potential issues through testing and the anticipation of failure. When it comes to container orchestration tools like Kubernetes, chaos engineering is a vital tactic for enhancing security.
Monitoring Kubernetes, both the infrastructure platform and the running workloads, is on everyone’s checklist as we evolve beyond day zero and into production. Traditional monitoring tools and processes aren’t adequate, as they do not provide visibility into dynamic container environments. Given this, what tools can you use to monitor Kubernetes and your applications?
A step by step cookbook on best practices for alerting on Kubernetes platform and orchestration, including PromQL alerts examples. If you are new to Kubernetes and monitoring, we recommend that you first read Monitoring Kubernetes in production, in which we cover monitoring fundamentals and open-source tools. Interested in Kubernetes monitoring?
With the growing popularity of containerized applications, organizations and startups at all levels need to manage their Kubernetes deployments more safely at scale. Today, there is an expanding list of tools and services that can help do this. One of these services is the package manager known as Helm.
We’re excited to announce that the latest release of Calico includes encryption for data-in-transit. Calico is the open source networking and network security solution for containers, virtual machines, and host-based workloads, offering connectivity and security for container workloads. One of Calico’s best-known security features is its implementation of Kubernetes Network Policy, providing a way to secure container workloads by restricting traffic to and from trusted sources.