Operations | Monitoring | ITSM | DevOps | Cloud

How to Maximize the Performance of Your Kubernetes Deployment

With Kubernetes emerging as a strong choice for container orchestration for many organizations, monitoring in Kubernetes environments is essential to application performance. Poor application/infrastructure performance impact in the era of cloud computing, as-a-service delivery models is more significant than ever. How many of us today have more than two rideshare apps or more than three food delivery apps?

GitOps with Argo and Crossplane - Civo Online Meetup #10

Join Viktor Farcic and Anais Urlichs in this meetup as we will explore Crossplane through the Civo Crossplane Provider. We will showcase how to create Civo Kubernetes clusters through the Civo Crossplane Provider, we will look at GitOps best practices to manage all of your resources in Kubernetes, and lastly we will provide an overview on how you can take GitOps deployments to the next level with ArgoCD.

Kubernetes 1.22 - What's new?

This release brings 56 enhancements, an increase from 50 in Kubernetes 1.21 and 43 in Kubernetes 1.20. Of those 56 enhancements, 13 are graduating to Stable, a whopping 24 are existing features that keep improving, and 16 are completely new. It’s great to see so many new features focusing on security, like the replacement for the Pod Security Policies, a rootless mode, and enabling Seccomp by default. Also, watch out for all the deprecations and removals in this version!

A Sneak Peek at the "Calico Certified Operator: AWS Expert" Course

Recently, we released our new “Calico Certified Operator: AWS Expert” course. You can read more about why we created this course and how it can benefit your organization in the introductory blog post. This blog post is different; it’s an opportunity for you, the potential learner, to get a glimpse of just a few interesting parts of the course. You won’t learn all the answers here, but you’ll learn some of the questions!

Quick Kubeflow Pipelines with KALE, ElasticSearch and Ceph

KALE allows you to annotate your Jupiter notebooks on Kubeflow and magically compile and run Kubeflow Pipelines. In this demo, Aymen Frikha from Canonical shows how to deploy and run Kubeflow alongside ElasticSearch and Ceph, and how to quickly run a pipeline directly from a Jupyter notebook, using KALE (Kubeflow Automated pipeLines Engine).

What is the MITRE ATT&CK Framework for Cloud? | 10 TTPs You should know of

In any case, by using the MITRE ATT&CK framework to model and implement your cloud IaaS security, you will have a head start on any compliance standard since it guides your cybersecurity and risk teams to follow the best security practices. As it does for all platforms and environments, MITRE came up with an IaaS Matrix to map the specific Tactics, Techniques, and Procedures (TTPs) that advanced threat actors could possibly use in their attacks on Cloud environments.

How to mitigate CVE-2021-33909 Sequoia with Falco - Linux filesystem privilege escalation vulnerability

The CVE-2021-33909, named Sequoia, is a new privilege escalation vulnerability that affects Linux’s file system. It was disclosed in July, 2021, and it was introduced in 2014 on many Linux distros; among which we have Ubuntu (20.04, 20.10 and 21.04), Debian 11, Fedora 34 Workstation and some Red Hat products, too. This vulnerability is caused by an out-of-bounds write found in the Linux kernel’s seq_file in the Filesystem layer.

Monitoring Kubernetes the Elastic way using Filebeat and Metricbeat

In my previous blog post, I demonstrated how to use Prometheus and Fluentd with the Elastic Stack to monitor Kubernetes. That’s a good option if you’re already using those open source-based monitoring tools in your organization. But, if you’re new to Kubernetes monitoring, or want to take full advantage of Elastic Observability, there is an easier and more comprehensive way. In this blog, we will explore how to monitor Kubernetes the Elastic way: using Filebeat and Metricbeat.

Do you really need a service mesh?

The challenges involved in deploying and managing microservices have led to the creation of the service mesh, a tool for adding observability, security, and traffic management capabilities at the application layer. While a service mesh is intended to help developers and SREs with a number of use cases related to service-to-service communication within Kubernetes clusters, a service mesh also adds operational complexity and introduces an additional control plane for security teams to manage.

What's new in Sysdig - July 2021

Welcome to another monthly update on what’s new from Sysdig! Happy 4th of July to our American audience, and bonne Bastille to our French friends. It’s been heating up in the northern hemisphere, so we hope you’ve all been managing to stay cool and safe. Our team continues to work hard to bring great new features to all of our customers, automatically and for free! The big news this month is our intent to acquire Apolicy, which has everyone full of excitement.

Accelerating Machine Learning with MLOps and FuseML: Part One

Building successful machine learning (ML) production systems requires a specialized re-interpretation of the traditional DevOps culture and methodologies. MLOps, short for machine learning operations, is a relatively new engineering discipline and a set of practices meant to improve the collaboration and communication between the various roles and teams that together manage the end-to-end lifecycle of machine learning projects.

Microservices Are 'Easy', Dependencies Are Hard - Itiel Shwartz (at Yalla DevOps 2021)

Yalla! DevOps 2021 -- The first, in-person DevOps conference of the year! Driven by the DevOps community. All about the DevOps community. Microservices Are ‘Easy’, Dependencies Are Hard: The Right Way to Build a Cloud-Native CI/CD Microservices are more agile, easier to test, and simpler to maintain. If you don’t know, now you know. Thanks to k8s, it’s so easy! In fact, it is so easy, we’re gradually scaling down to smaller and smaller services. Sounds like there’s no downside at all. Or is there? In this talk, Itiel describes the many pitfalls of microservices, and how to avoid them.

High-availability connectivity for Kubernetes with dual ToR

Dual ToR (top of rack) peering provides a redundant path for customers with cluster applications that cannot tolerate service downtime or failure and require a high-availability solution. While Calico ToR connectivity has existed for some time, Calico Enterprise now supports connectivity with dual ToR switches.

How to Instrument a Java App Running in Amazon EKS

As we start to see big moves from monolith deployments to microservices, the adoption of Kubernetes has become top of mind for many SREs. Organizations can leverage the open-source system to automate deployments, scale, and manage containers, making Kubernetes one of the primary solutions for delivering workloads. However, maintaining the system can be difficult and, in some cases, overwhelming.

How to test the latest Kubernetes 1.22 release candidate with MicroK8s

Today, the Kubernetes community made the 1.22 release candidate available, a few weeks ahead of general availability, planned for August the 4th. We invite developers, platform engineers and cloud tech enthusiasts to experiment with the new features, report back findings and bugs. MicroK8s is the easiest way to get up and running with the latest version of K8s for testing and experimentation.

Migrating Thousands of Cloud Instances to New Kubernetes Custom Resources

Mattermost’s Kubernetes Operator spins up and manages Mattermost instances running on Kubernetes based on a ClusterInstallation Custom Resource (CR). Mattermost Operator 1.0 has evolved a lot since its release, along with the ClusterInstallation CR in the v1alpha version. As time went by — as with any software — the Operator gained more features, configuration options, functionalities, and technical debt.

LaunchDarkly Integration: Feature Flag Aware Troubleshooting

Troubleshooting is the understanding of changes within the system and their impact on its health, behavior, and functionality. However, as dev environments grow exponentially more complex, the definition of “the system” itself also constantly expands. To keep pace, we constantly work to evolve Komodor’s platform and enrich it with new capabilities and integrational options.

GitOps meets AppOps

Kubernetes allowed us to manage application deployments and infrastructure components using declarative configuration files (yes, those YAMLs that you may not be a fan of ). While dealing with a myriad of YAML files may be loved by some and hated by others, it enables us to host all these files into a Git repository, hook it up to a pipeline (Jenkins, GitLab, etc.), and have a tool apply those changes to a cluster—and voilà, you have GitOps.

Sysdig and Apolicy join forces to help customers secure Infrastructure As Code and automate remediation

Today, we announced that Sysdig is acquiring Apolicy to enable our customers to secure their infrastructure as code. I could not be more excited because the innovation that Apolicy brings to bear is unique and highly differentiated, allowing customers to strengthen their Kubernetes and cloud security and compliance by leveraging policy as code and automated remediation workflows that close the gap from source to production.

Deploy your apps on Scaleway with Qovery! Get early access now

When we launched Qovery in January 2020, our product was only supporting app deployment on Amazon Web Services (AWS). 20 months later, 5534 developers from more than 120 countries use Qovery to deploy their apps on AWS and Digital Ocean. Today, more and more European companies would love to benefits from the excellent user experience of Qovery on a European cloud service provider 🇪🇺.

How to Establish a Culture of Secure DevOps

We’re constantly told to “Shift Left” and that Secure DevOps is the only way to have confidence in your cloud native applications. But speaking to end-users and industry colleagues, it’s clear that there are some major challenges in adopting Secure DevOps. If we read our history books, we know that DevOps wasn’t successfully adopted by buying tools, and a true cultural movement towards DevOps wasn’t established by having a small dedicated team of DevOps specialists.

Packet Capture Without "tcpdump" for Go Apps in Kubernetes

Every developer knows there are some utilities that are completely indispensable from their workflows. The programmer’s toolbelt, if you will. These toolbelts are usually different from person to person, but if there is one tool that everyone should use or at least know how to use, it is tcpdump. If you are unfamiliar, tcpdump is a tool that allows you to dump and inspect live network traffic being observed on a network interface.

Calico eBPF Data Plane Deep-Dive

Sometimes the best way to understand something is to take it apart and see how it works. This blog post will help you take the lid off your Calico eBPF data plane based Kubernetes cluster and see how the forwarding is actually happening. The bonus is, unlike home repairs, you don’t even have to try to figure out how to put it back together again! The target audience for this post is users who are already running a cluster with the eBPF data plane, either as a proof-of-concept or in production.

Observability with Zero Code Instrumentation? Meet eBPF

Current observability practice is largely based on manual instrumentation, which requires adding code in relevant points in the user’s business logic code to generate telemetry data. This can become quite burdensome and create a barrier to entry for many wishing to implement observability in their environment. This is especially true in Kubernetes environments and microservices architecture.

Kubernetes security policy design: 10 critical best practices

In this blog post, I will be looking at 10 best practices for Kubernetes security policy design. Application modernization is a strategic initiative that changes the way enterprises are doing business. The journey requires a significant investment in people, processes, and technology in order to achieve the desired business outcomes of accelerating the pace of innovation, optimizing cost, and improving an enterprise’s overall security posture.

Kubernetes in 2021: Where does the industry go next?

Ever since Google made Kubernetes open-source in 2014, it has enjoyed incredible growth, helping businesses of all sizes to successfully manage their containers and ultimately make the most of all that our cloud native world has to offer. Individual users certainly initially led the charge with Kubernetes, identifying issues, and generally exploring the best ways to intelligently test, manage, and deploy workloads.

Civo reviewed by respected Kubernetes guru Viktor Farcic

A couple of days ago, I was pleasantly surprised to suddenly see a tweet come in from Viktor Farcic. Viktor now works at upbound.io who developed Crossplane, and he also runs his own popular YouTube channel and co-hosts DevOps Paradox podcast. He’s well respected in the cloud native community. When I saw the tweet and noticed that Viktor had recorded a review of Civo on YouTube, I was just hoping he was kind to us...and I am pleased to say he was!

Environment variables and Secrets for Qovery v2 released

I am super excited to announce that we released the support of Environment Variables and Secrets. Watch the video to see those features in action. Environment Variables and Secrets are similar. The main difference is that the Secrets are encrypted and the value can’t be revealed. Both are injected at the build and runtime of your applications. Give it a try now! Resources: I am eager to have your feedback. Put a comment here. ‍

Terraform meets AppOps

The growing adoption of microservices and Kubernetes gave rise to the need to efficiently manage, schedule, and control Kubernetes clusters, where tools like Terraform are helping many organizations address those challenges today. Terraform is a popular choice among DevOps and Platform Engineering teams as engineers can use the tool to quickly spin up and edit environments directly from their CI/CD pipelines.

Monitor containerized ASP.NET Core applications with Datadog APM

ASP.NET Core is an open source web development framework that enables you to develop .NET applications on macOS, Linux, and Windows machines. The introduction of .NET Core in 2016 dramatically increased the number of ways to build and deploy .NET applications. This means that you need the ability to easily monitor application performance across a wide variety of platforms, such as Docker containers.

Kubernetes Master Class - Disaster Recovery with Rancher and Kubernetes

Everything breaks at some point; whether it is infrastructure (DNS, network, storage, etc.) or Kubernetes itself, something will fail eventually. In this session, we will walk through some common failure scenarios, including identifying failures and how to respond to them in the fastest way possible using the same troubleshooting steps, scripts, and tools Rancher Support uses when supporting our Enterprise customers.

Kubernetes Master Class - Scaling Kubernetes Nodes From Rancher

Take a deep dive with Staff Engineer Luther Monson into the new node pool scale down feature recently released in Rancher v2.5.6. This masterclass will walk you through everything you will need to know to go from zero to a scaling Kubernetes cluster using Rancher. We will explore using the cluster autoscaler in tandem with this new feature to scale pools on demand. Watch a full demo of a cluster sizing up and down to load while using a custom cloud provider built for the Rancher API.

Announcing Istio integration

Adoption of service meshes like Istio is increasing. As a result, Speedscale has developed a webassembly plugin. We extended Envoy using Rust, and no changes are required to your Istio configuration. This allows us to leverage the same sidecars that you have deployed throughout your environment to inspect API traffic. Once we are listening through Istio, the typical Speedscale magic can take place. We can use the data to build integration/performance test suites and autogenerate service mocks.

What's new in Calico Enterprise 3.7: eBPF data plane, high availability, and more!

As our enterprise customers build out large, multi-cluster Kubernetes environments, they are encountering an entirely new set of complex security, observability, and networking challenges, requiring solutions that operate at scale and can be deployed both on-premises and across multiple clouds. New features in our latest release add to the already formidable capabilities of Calico Enterprise.

Implementing an Internal Developer Platform

In a previous post, we discussed what an Internal Developer Platform (IDP) is and some drivers behind IDP initiatives. If we go through our interactions with different organizations, we see teams embarking on the journey to build their IDPs mainly driven by the following requirements: While building an IDP may seem like an obvious choice and initiative, it is definitely not an easy task to accomplish. Building an IDP involves dealing with many moving components.

How to Move Kubernetes Logs to S3 with Logstash

Sometimes, the data you want to analyze lives in AWS S3 buckets by default. If that’s the case for the data you need to work with, good on you: You can easily ingest it into an analytics tool that integrates with S3. But what if you have a data source — such as logs generated by applications running in a Kubernetes cluster — that isn’t stored natively in S3? Can you manage and analyze that data in a cost-efficient, scalable way? The answer is yes, you can.

A to Z of Kubernetes and Containerization

As more enterprises shift towards cloud-native, containers are proving their worth in providing developers with a flexible way to quickly get applications up and running in the cloud. Kubernetes is an integral part of this journey, offering an industry leading container orchestration platform to automate the deployment, scaling and management of containers.

What's new in Grafana Cloud for July 2021: Traces, live streaming, Kubernetes and Docker integrations, and more

If you’re not already familiar with it, Grafana Cloud is the easiest way to get started observing metrics (Prometheus and Graphite), logs (Grafana Loki), traces (Grafana Tempo), and dashboards. Here are the latest features you should know about!

Qovery - the ultimate AWS web console for SaaS startups

AWS is undoubtedly one of the best Cloud service providers to run serious business out there. Reliable and cost-effective. No doubt here. But something utterly wrong with AWS is the experience on their web management console. It is so bad that thousands of developers come using Qovery every month with the only promise of - a better developer experience on top of AWS. Here are the 7 reasons why Qovery is an excellent choice for SaaS startups.