The latest News and Information on Containers, Kubernetes, Docker and related technologies.
“Kubernetes vs. Docker” is a phrase that you hear more and more these days as Kubernetes becomes ever more popular as a container orchestration solution. However, “Kubernetes vs. Docker” is also a somewhat misleading phrase. When you break it down, these words don’t mean what many people intend them to mean, because Docker and Kubernetes aren’t direct competitors.
Kubernetes provides the freedom to rapidly build and ship applications while dramatically minimizing deployment and service update cycles. However, the velocity of application deployment requires a new approach that involves integrating tools as early as possible in the deployment pipeline and inspecting the code and configuration against Kubernetes security best practices. Kubernetes has many security knobs that address various aspects required to harden the cluster and applications running inside.
The “as a service” business model continues to grow rapidly, largely thanks to the rise of cloud computing. “As a service” offerings deliver IT products and technologies such as software, hardware, and data storage to consumers via the Internet, rather than having to install or manage them themselves. Serverless and containers are two such “as a service” technologies that have seen increasing adoption in recent years.
Click here to learn more about the components you need for Kubernetes governance success! https://bit.ly/2ELNa70
Compromising a pod in a Kubernetes cluster can have disastrous consequences on resources in an AWS Elastic Kubernetes Service (EKS) account if access to the Instance Metadata service is not explicitly blocked. The Instance Metadata service is an AWS API listening on a link-local IP address. Only accessible from EC2 instances, it enables the retrieval of metadata that is used to configure or manage an instance.
Kubernetes gives organizations the ability to run Kubernetes clusters at scale across different cloud infrastructures and distributions. Unfortunately, this is where many of the challenges begin. As the number of clusters and workloads grow, they are being managed independently with very little consistency.
Kubernetes is a container orchestration tool, but its functionality extends far beyond just orchestrating containers in a narrow sense. It offers a range of additional features that—to a limited extent—address needs such as load balancing, access control, security policy enforcement, and even logging and monitoring. Indeed, Kubernetes’s broad functionality has led some folks to call it an “operating system” in its own right.
Amazon’s Bottlerocket is a new Linux-based open-source operating system that’s designed with containers in mind. Bottlerocket is optimized and stripped down to only the essential software needed to run containers. You can apply updates to Bottlerocket in a single step, and roll them back instantly if necessary. And, because it’s open-source, you can customize the operating system to fit your specific needs.
Sysdig is pleased to support AWS today in their GA launch of Bottlerocket, a special-purpose operating system designed for hosting Linux containers. Orchestrated container environments run potentially hundreds of compute nodes. Operating general-purpose Linux on container hosts introduces complexity for IT teams who must patch and update packages across their clusters. Worse, features and packages that are not necessary for running containers, introduce unnecessary security exposure.
