Posts under Kubernetes
The Istio service mesh continues its quarterly release cadence with version 1.6. After major changes in release 1.5 to the control plane architecture, notably moving from a set of microservices to a monolithic Istiod service, and the introduction of a new, unified model for extending Istio and its Envoy proxies using WebAssembly, Istio 1.6 may seem tame in comparison, but it still offers a large number of smaller enhancements with a focus on operability.
One of the strengths of Kubernetes as a container orchestrator lies in its ability to manage and respond to dynamic environments. One example is Kubernetes’ native capability to perform effective autoscaling of resources. However, Kubernetes does not support just a single autoscaler or autoscaling approach. In this post, we discuss the three forms of Kubernetes capacity autoscaling. 1. Pod Replica Count For many applications with usage that varies over time, you may want to add or remove pod replicas in response to changes in demand for those applications.
In February, we published an article providing side-by-side comparison between the managed Kubernetes offerings of the three largest cloud providers: Amazon’s Elastic Kubernetes Service (EKS), Azure Kubernetes Service (AKS), and Google Kubernetes Engine (GKE). The Kubernetes ecosystem changes rapidly, as do the feature sets of these managed platforms. This post covers important updates to these services made since our original comparison. Azure Kubernetes Service (AKS) Kubernetes Versions AKS has made Kubernetes 1.
This blog article was originally published in February 2020. Since then, all three cloud providers have delivered varying updates to their managed Kubernetes services. We have summarized these updates in the follow-up blogs below. April 2020 update > May 2020 update > June 2020 update > July 2020 update > Now that Kubernetes has won the container orchestration wars, all the major cloud service providers offer managed Kubernetes services for their customers.
A few months ago, we published a guide to setting up Kubernetes network policies, which focused exclusively on ingress network policies. This follow-up post explains how to enhance your network policies to also control allowed egress. A Brief Recap: What are Network Policies? Network policies are used in Kubernetes to specify how groups of pods are allowed to communicate with each other and with external network endpoints. They can be thought of as the Kubernetes equivalent of a firewall.
Kubernetes cluster networking can be more than a bit confusing, even for engineers with hands-on experience working with virtual networks and request routing. In this post, we will present an introduction into the complexities of Kubernetes networking by following the journey of an HTTP request to a service running on a basic Kubernetes cluster. We will use a standard Google Kubernetes Engine (GKE) cluster with two Linux nodes for our examples, with notes on where the details might differ on other platforms.
SOC (System and Organization Controls) 2 is a set of compliance requirements that applies to companies that store, process, or transmit customer data. A broad range of companies, including SaaS providers, may need to comply with SOC 2 to be competitive in the market and keep customer data secure. Public cloud providers such as Amazon Web Services, Google Cloud Platform, and Microsoft Azure are subject to SOC 2 and make their audit reports publicly available.
Operationalizing container security by integrating with existing DevOps tooling and workflows has long been a design principle in how we’ve built our StackRox Kubernetes Security Platform. Today we’re excited to announce yet another powerful integration to make our customers’ operational lives better – the StackRox App for Sumo Logic. With this integration, joint customers now get rich StackRox insights about Kubernetes and container security incidents directly in the Sumo Logic Continuous Intelligence Platform.
Wow! We went to the CODiEs awards ceremony last night hoping to come home with a win and came home with two! The StackRox Kubernetes Security Platform won both Best Emerging Technology and Best Network Security Solution! These wins continue a long stream of wins, including Best Emerging Technology from SC Magazine, a Gold Stevie Award, Most Innovative Company in the Cybersecurity Excellence Awards, and a Gold Winner in the Info Security PG Global Excellence Awards – all just this year!
Kubernetes is a powerful tool for building highly scalable systems. As a result, many companies have begun, or are planning, to use it to orchestrate production services. Unfortunately, like most powerful technologies, Kubernetes is complex. How do you know you’ve set things up correctly and it’s safe to flip the switch and open the network floodgates to your services? We’ve compiled the following checklist to help you prepare your containers and kube clusters for production traffic.