San Francisco, CA, USA
Sep 13, 2019 | By Mete Atamel
When learning a new technology like Istio, it’s always a good idea to take a look at sample apps. Istio repo has a few sample apps but they fall short in various ways. BookInfo is covered in the docs and it is a good first step. However, it is too verbose with too many services for me and the docs seem to focus on managing the BookInfo app, rather than building it from ground up. There’s a smaller helloworld sample but it’s more about autoscaling than anything else.
Sep 5, 2019 | By Spike Curtis
AquaSec’s Daniel Sagi recently authored a blog post about DNS spoofing in Kubernetes. TLDR is that if you use default networking in Kubernetes you might be vulnerable to ARP spoofing which can allow pods to spoof (impersonate) the IP addresses of other pods. Since so much traffic is dialed via domain names rather than IPs, spoofing DNS can allow you to redirect lots of traffic inside the cluster for nefarious purposes.
Aug 7, 2019 | By Andy Wright
We are excited to announce the general availability of Tigera Secure 2.5. With this release, security teams can now create and enforce security controls for Kubernetes using their existing firewall manager.
Aug 1, 2019 | By Govind Rangasamy
The radical shift towards DevOps and the continuous everything movement have changed how organizations develop and deploy software. As the consolidation and standardization of continuous integration and continuous delivery (CI/CD) processes and tools occur in the enterprise, a standardized DevOps model helps organizations deliver faster software functionality at a large scale.
Aug 1, 2019 | By Daniel Oh
In the first two articles in this series about using serverless on an open source platform, I described how to get started with serverless platforms and how to write functions in popular languages and build components using containers on Apache OpenWhisk.Here in the third article, I’ll walk you through enabling serverless in your Kubernetes environment.
Feb 26, 2019 | By Tigera
This whitepaper explains five best practices to help meet network security and compliance requirements for modern microservices stack.
Feb 1, 2019 | By Tigera
This guide contains detailed technical instructions on how to install and configure network security on Kubernetes platforms.
Jan 1, 2019 | By Tigera
Tigera commission an unbiased, third-party research firm to speak with enterprise security professionals to understand the state of network security with modern applications.
Dec 1, 2018 | By Tigera
OpenShift provides a declarative, automated platform to integrate developer workflows into application deployments leveraging open source building blocks such as Kubernetes.
Sep 10, 2019 | By Tigera
Free and Open Source, Tigera Calico delivers secure networking for the cloud-native era, and 2019 has seen many major enhancements to the most deployed networking and network security solution for Kubernetes.
Of course, Tigera’s ability to provide Kubernetes pod networking and facilitate service discovery is extremely valuable, but its real superpower is that both Tigera’s commercial offerings and open-source Tigera Calico can implement network security policies inside a Kubernetes cluster.
Compliance standards such as PCI DSS have assumed that traditional characteristics and behaviors of the development and delivery model would continue to be constant going forward. With the Container/Kubernetes revolution, that set of assumptions is no longer entirely correct. Attend this webinar and learn about what’s changed, how those changes weaken your compliance and control environment, and what you can do to adjust to the new reality.
Security teams use firewalls to secure their production environments, often using a zone-based architecture, and Kubernetes does not deploy well to that architecture. Application teams are launching new business-critical applications on Kubernetes and are aggressively moving to production. A clash is bound to happen.
Since practically the beginning of data networks, Network and Security professionals have gravitated towards, and grown to love, Zone-Based network architectures.