Posts under kubernetes
As we close another inspirational KubeCon and look ahead to future gatherings, let’s also pause to reflect on the accomplishments we’ve achieved together as members of the cloud-native community. For most of us, 2020 was one of the most challenging periods in our personal and professional lives. Most of us experienced unprecedented stress and anxiety as our lives were altered by the pandemic. Some of us experienced far worse – severe illness or grief over the loss of loved ones.
Today, I’m excited to announce the launch of KubeLinter, a new open source project from StackRox! KubeLinter analyzes Kubernetes YAML files and Helm charts, and checks them against a variety of best practices, with a focus on production readiness and security. Scroll down to watch a video overview of KubeLinter. KubeLinter was born out of a pain point that we know only too well at StackRox, both from our internal clusters, and from listening to our customers: configuring Kubernetes applications is hard!
We are now six years past the initial release of Kubernetes, and it continues to be one of the fastest-growing open-source projects to date. The rapid development and adoption of Kubernetes has resulted in many different implementations of the application. The Cloud Native Computing Foundation (CNCF) currently lists over 100 certified Kubernetes distributions or platforms. To ensure some consistency between platforms, the CNCF focuses on three core tenets; Consistency: The ability to interact consistently with any Kubernetes installation.
The Istio service mesh continues its quarterly release cadence with version 1.6. After major changes in release 1.5 to the control plane architecture, notably moving from a set of microservices to a monolithic Istiod service, and the introduction of a new, unified model for extending Istio and its Envoy proxies using WebAssembly, Istio 1.6 may seem tame in comparison, but it still offers a large number of smaller enhancements with a focus on operability.
One of the strengths of Kubernetes as a container orchestrator lies in its ability to manage and respond to dynamic environments. One example is Kubernetes’ native capability to perform effective autoscaling of resources. However, Kubernetes does not support just a single autoscaler or autoscaling approach. In this post, we discuss the three forms of Kubernetes capacity autoscaling. 1. Pod Replica Count For many applications with usage that varies over time, you may want to add or remove pod replicas in response to changes in demand for those applications.
In February, we published an article providing side-by-side comparison between the managed Kubernetes offerings of the three largest cloud providers: Amazon’s Elastic Kubernetes Service (EKS), Azure Kubernetes Service (AKS), and Google Kubernetes Engine (GKE). The Kubernetes ecosystem changes rapidly, as do the feature sets of these managed platforms. This post covers important updates to these services made since our original comparison. Azure Kubernetes Service (AKS) Kubernetes Versions AKS has made Kubernetes 1.
A few months ago, we published a guide to setting up Kubernetes network policies, which focused exclusively on ingress network policies. This follow-up post explains how to enhance your network policies to also control allowed egress. A Brief Recap: What are Network Policies? Network policies are used in Kubernetes to specify how groups of pods are allowed to communicate with each other and with external network endpoints. They can be thought of as the Kubernetes equivalent of a firewall.
Kubernetes cluster networking can be more than a bit confusing, even for engineers with hands-on experience working with virtual networks and request routing. In this post, we will present an introduction into the complexities of Kubernetes networking by following the journey of an HTTP request to a service running on a basic Kubernetes cluster. We will use a standard Google Kubernetes Engine (GKE) cluster with two Linux nodes for our examples, with notes on where the details might differ on other platforms.
SOC (System and Organization Controls) 2 is a set of compliance requirements that applies to companies that store, process, or transmit customer data. A broad range of companies, including SaaS providers, may need to comply with SOC 2 to be competitive in the market and keep customer data secure. Public cloud providers such as Amazon Web Services, Google Cloud Platform, and Microsoft Azure are subject to SOC 2 and make their audit reports publicly available.
Operationalizing container security by integrating with existing DevOps tooling and workflows has long been a design principle in how we’ve built our StackRox Kubernetes Security Platform. Today we’re excited to announce yet another powerful integration to make our customers’ operational lives better – the StackRox App for Sumo Logic. With this integration, joint customers now get rich StackRox insights about Kubernetes and container security incidents directly in the Sumo Logic Continuous Intelligence Platform.
Wow! We went to the CODiEs awards ceremony last night hoping to come home with a win and came home with two! The StackRox Kubernetes Security Platform won both Best Emerging Technology and Best Network Security Solution! These wins continue a long stream of wins, including Best Emerging Technology from SC Magazine, a Gold Stevie Award, Most Innovative Company in the Cybersecurity Excellence Awards, and a Gold Winner in the Info Security PG Global Excellence Awards – all just this year!
Kubernetes is a powerful tool for building highly scalable systems. As a result, many companies have begun, or are planning, to use it to orchestrate production services. Unfortunately, like most powerful technologies, Kubernetes is complex. How do you know you’ve set things up correctly and it’s safe to flip the switch and open the network floodgates to your services? We’ve compiled the following checklist to help you prepare your containers and kube clusters for production traffic.