Operations | Monitoring | ITSM | DevOps | Cloud

Same as in the community, Enterprise developers need tools that are both powerful and flexible. They need to innovate quickly, iterate efficiently‌ and deploy with confidence. This is where the synergy between Rancher Desktop and SUSE Application Collection truly shines, offering a comprehensive environment for modern enterprise developers.

Managing permissions in sprawling Kubernetes landscapes can often feel like untangling an ever-growing knot. As clusters and user bases expand, so does the intricate web of RoleBindings, impacting everything from UI responsiveness to the very stability of etcd. This complexity, if unaddressed, can become a significant hurdle to achieving scalability and maintaining optimal performance in Rancher. SUSE is committed to improving its container management platform.

Managing and deploying applications across multiple Kubernetes clusters presents significant challenges, especially as the number of clusters grows. Traditional methods, like manually applying Helm charts or manifests per cluster, become cumbersome, error-prone, and difficult to scale or maintain consistency for Day 2 operations. While Rancher allows managing Helm chart repositories and apps, this is done on a per-cluster basis via the UI.

In backend engineering, many days follow a familiar rhythm: coffee, code reviews, maybe deploying a new feature. But occasionally, the routine is interrupted by a message that signals a different kind of challenge, like a Slack notification from the security team: “Hey, we’ve identified a potential issue. Need to sync up.” This post details one such instance—our journey addressing CVE-2024-21626, a privilege escalation vulnerability reported in Rancher.

If you’re working with containers, SBOMs or any kind of vulnerability scan, you know the drill. Every scan lights up like a Christmas tree. Critical, high, medium and low vulnerabilities. It feels that the list will always go on. The goal is always zero CVEs. And while that sounds great, it’s not realistic. They come at such a high pace, and sometimes they are really hard to resolve. Teams are spending time chasing vulnerabilities that don’t matter.

As organizations move beyond traditional hypervisors, Harvester continues to lead the way as an open source, Kubernetes-native virtualization solution. With the release of Harvester 1.5, users now have greater flexibility and ecosystem alignment than ever before—with General Availability (GA) for ARM64 and support for CSI-compatible storage backends. Harvester is part of a growing shift toward cloud-native infrastructure that unifies VMs and containers under the Kubernetes API.

Monitoring deployed applications with eBPF is quickly becoming the standard for good reasons, eBPF: Revolutionizing Observability for DevOps and SRE Teams. Not in the least because it allows monitoring to be a purely operations affair, instead of having to instrument each and every application individually. The security-conscious SRE and SRE manager will immediately ask the question: is this secure? And how about this claim that HTTPS traffic can be monitored?

Rancher Continuous Delivery (known as Fleet) can be used in a workflow to deploy applications to many clusters. With its GitOps support, it enables downstream clusters to pull updates from a Git repository. We know of users that monitor several hundred Git repositories and deploy to a thousand clusters. To make this scale possible, several intermediate steps are necessary. First, the application is converted into separate bundles, which are then targeted at clusters.