The latest News and Information on Containers, Kubernetes, Docker and related technologies.


Debugging Kubernetes Applications on the Fly

Over the recent years, software development organizations have seen a major shift in where they build and run their applications. Teams have transitioned from building applications that run exclusively on-prem to microservices applications that are built to run natively in the cloud. This shift gives businesses more flexibility as well as quick and easy access to enterprise services without the need to host costly applications and infrastructure.


What's new in Sysdig - September 2020

Welcome to our monthly update on what’s new from Sysdig! This month is a little eclipsed by last month’s big launch of Essentials and our new SaaS regions, KubeCon EU, and many of us finishing off the summer holidays and getting the kids packed off back to school. Our teams are busy working on some big feature releases which we don’t want to reveal just yet, but I think you’re all going to really love them in the coming months!


Insecure by Default - Kubernetes Networking

Traditional network security includes protection against layer2 and layer3 spoofing attacks. Many security teams don’t realize it, but these threats are still relevant when running applications on a Kubernetes cluster in the cloud. You might be using a complex container network, but that doesn’t mean that simple spoofing attacks between pods aren’t possible. This matters because it dramatically increases the blast radius of compromised pods.


Kublr 1.19 Continues Expanding Kubernetes Operations Capabilities, Supports Control Plane In-place Upgrades

With the release of Kublr 1.19, we are continuing the tradition of expanding customization capabilities available to end users and Kubernetes operators and administrators. Kublr 1.19 includes numerous improvements to the customization of Kubernetes clusters deployed on AWS and other clouds. Key among these is support for mixed instance policies including spot and on-demand instances and multiple instance types.

Tanzu Tuesdays - Production-Ready Kubernetes Clusters with VMware Tanzu - Tiffany Jernigan

An expanded version of her Spring One talk: Make Your Kubernetes Clusters Production-Ready with VMware Tanzu When you first started experimenting with Kubernetes, you may have started locally or on a set of servers. With simple applications, you may only have used a container registry and Kubernetes itself. When looking to move your clusters to a production setting, there are many more considerations, such as: How will I manage my clusters? How do I handle monitoring and logging? How do I safely back up my cluster resources? How do I ensure that my container images are safe and secure?

Network Policy with GKE

By default, pods are non-isolated; they accept traffic from any source. The Google GKE solution to this security concern is Network Security Policy that lets developers control network access to their services. Google GKE comes configured with Network Security Policy using Project Calico which can be used to secure your clusters. This class will describe a few use cases for network security policy and a live demo implementing each use case.

Kong for Kubernetes 0.10 Released With Ingress v1 Resource, Improved Ingress Class Handling, and More!

Kong for Kubernetes is a Kubernetes Ingress Controller and a full-fledged edge-router which can route traffic to any destination of your choice. In addition to Ingress management, it provides enhanced security and management capabilities. With Kong, you can use Kubernetes not just for running your workloads but also for securing and monitoring connectivity between your workloads – all managed via Kubernetes manifests .


Manage AppArmor profiles in Kubernetes with kube-apparmor-manager

Discover how Kube-apparmor-manager can help you manage AppArmor profiles on Kubernetes to reduce the attack surface of your cluster. AppArmor is a Linux kernel security module that supplements the standard Linux user and group-based permissions to confine programs to a limited set of resources. AppArmor can be configured for any application to reduce its potential attack surface and provide greater in-depth defense.

How to Secure Mixed Linux/Windows Clusters with Calico Policy

Calico is the only cross-platform CNI and Network Policy engine available today and is currently powers more than 150,000 known clusters across millions of nodes worldwide. Many organizations have .NET and windows workloads that they are or will eventually modernize and deploy to Kubernetes. We have been collaborating with Microsoft and joint customers over the past few years to bring Calico to the Windows platform.