Why Linkerd doesn’t use Envoy
Why Linkerd doesn’t use Envoy In this article I’m going to describe why Linkerd isn’t built on Envoy. This is a bit of a weird article to write.
Read More
Kubernetes Ingress goes GA
After a long time in beta, Kubernetes Ingress has gone GA in 1.19. Read more about how it impacts you, and your Ingress Controllers here
Read More
Yes, you can run VMs on Kubernetes with KubeVirt
Containers and Kubernetes are awesome technologies that enable applications to run without a heavy operating system (OS), as using a virtual machine (VM) would require. Container-first, cloud-native applications are the future, but not every application is suitable to be cloud-native. KubeVirt allows you to run your virtual machines alongside your containers on a Kubernetes platform.
Read More
How Alibaba Cloud uses Cilium for High-Performance Cloud
A couple of weeks ago, the Alibaba team presented details on the new datapath for the Alibaba Cloud during the SIG Cloud-Provider-Alibaba meeting and also published a blog post with the technical architecture. Guess what, it is all Cilium & eBPF based. Alibaba Cloud is not the first cloud provider to directly embed Cilium.
Read More
3 Years of Kubernetes in Production–Here’s What We Learned
We started out building our first Kubernetes cluster in 2017, version 1.9.4. We had two clusters, one that ran on bare-metal RHEL VMs, and another that ran on AWS EC2. Today, our Kubernetes infrastructure fleet consists of over 400 virtual machines spread across multiple data-centres.
Read More
Ingress for Anthos—Multi-cluster Ingress and Global Service Load Balancing
Ingress for Anthos is a Google cloud-hosted multi-cluster ingress controller for Anthos GKE clusters. Ingress for Anthos supports deploying shared load balancing resources across clusters and across regions enabling users to use a same load balancer with an anycast IP for applications running in a multi-cluster and multi-region topology. In simpler terms this allows users to place multiple GKE clusters located in different regions under one LoadBalancer.
Read More
B-21 stealth bomber running Kubernetes for better SDLC experience
The new stealth U.S. Air Force B-21 bomber has taken yet another key technological step toward being ready for war, through integrated computer automation designed to streamline information, improve targeting and offer pilots organized warzone information in real-time. Air Force and Northrop Grumman developers recently completedan essential software-empowered process intended to bring greater levels of information processing, data management and new measures of computerized autonomy,according to published statements from Air Force Acquisition Executive Dr. William Roper. Through virtualization and software-hardware synergy, B-21 sensors, computers and electronics can better scale, deploy and streamline procedural functions such as checking avionics specifics, measuring altitude and speed and integrating otherwise disparate pools sensor information.
Read More
New Kubernetes 1.18 Extends Ingress
Last month, the Kubernetes team released Kubernetes 1.18, which extended Ingress. The two most exciting features include a new IngressClass resource and the new pathType field. To minimize the risk for our users who want to try out these exciting new features, the Ambassador Edge Stack supports the latest version of the Kubernetes Ingress specifications.
Read More
Kiali with production-scale Prometheus
Of course, a definition of “production-scale Prometheus” can be as wide as the variety of cases where Istio and Prometheus are used in production. So in the context of this article, we have to make some assumptions. First of all, this article focuses on Istio using Telemetry v2, which is enabled by default starting from Istio 1.5.
Read More
Introducing PodTopologySpread
Managing Pods distribution across a cluster is hard. The well-known Kubernetes features for Pod affinity and anti-affinity, allow some control of Pod placement in different topologies. However, these features only resolve part of Pods distribution use cases: either place unlimited Pods to a single topology, or disallow two Pods to co-locate in the same topology.
Read More
What’s new in Kubernetes 1.16?
What’s new in Kubernetes 1.16: Ephemeral containers for easy pod debugging, support for dual-stack network, new options for the scheduler and much more. These are the features that look more exciting to us for this release (ymmv): Ephemeral containers are a great way to debug running pods, as you can’t add regular containers to a pod after creation (you should use sysdig tools like kubectl capture or kubectl trace for that though!), but you can run ephemeral containers. Right now the steps to run an ephemeral container aren’t straightforward.
Read MoreBuilding a Kubernetes platform at Pinterest
Over the years, 300 million Pinners have saved more than 200 billion Pins on Pinterest across more than 4 billion boards. To serve this vast user base and content pool, we’ve developed thousands of services, ranging from microservices of a handful CPUs to huge monolithic services that occupy a whole VM fleet. There are also various kinds of batch jobs from all kinds of different frameworks, which can be CPU, memory or I/O intensive.
Read More
Announcing etcd 3.4
In particular, etcd experienced performance issues with a large number of concurrent read transactions even when there is no write (e.g. “read-only range request … took too long to execute”). Previously, the storage backend commit operation on pending writes blocks incoming read transactions, even when there was no pending write. Now, the commit does not block reads which improve long-running read transaction performance.
Read More
OPA Gatekeeper: Policy and Governance for Kubernetes
The Open Policy Agent Gatekeeper project can be leveraged to help enforce policies and strengthen governance in your Kubernetes environment. In this post, we will walk through the goals, history, and current state of the project. The following recordings from the Kubecon EU 2019 sessions are a great starting place in working with Gatekeeper: If your organization has been operating Kubernetes, you probably have been looking for ways to control what end-users can do on the cluster and ways to ensure that clusters are in compliance with company policies.
Read More
Kubernetes pod autoscaler using custom metrics
In this post we are going to demonstrate how to deploy a Kubernetes autoscaler using a third party metrics provider. You will learn how to expose any custom metric directly through the Kubernetes API implementing an extension service. Dynamic scaling is not a new concept by any means, but implementing your own scaler is a rather complex and delicate task.
Read More
Deprecated APIs Removed In Kubernetes 1.16
As the Kubernetes API evolves, APIs are periodically reorganized or upgraded. When APIs evolve, the old API is deprecated and eventually removed. The 1.16 release will deprecate APIs for four services: None of these resources will be removed from Kubernetes or deprecated in any way.
Read More
How to detect Kubernetes vulnerability CVE-2019-11246 using Falco.
A recent CNCF-sponsored Kubernetes security audit uncovered CVE-2019-11246, a high-severity vulnerability affecting the command-line kubectl tool. If exploited, it could lead to a directory traversal, allowing a malicious container to replace or create files on a user’s workstation. This vulnerability stemmed from an incomplete fix of a previously disclosed vulnerability (CVE-2019-1002101).
Read More
33(+) Kubernetes security tools
Kubernetes image scanning Kubernetes runtime security Kubernetes network security Image distribution and secrets management Kubernetes security audit End-to-end commercial security tools Join our live session to learn more! Kubernetes security tools … there are so freaking many of them; with different purposes, scopes and licenses. That’s why we decided to create this Kubernetes security tools list, including open source projects and commercial platforms from different vendors, to help you choose the ones that look more interesting to you and guide you in the right direction depending on your Kubernetes security needs.
Read More
YuniKorn: a universal resource scheduler
We are super excited today to announce the open-sourcing of one of the exciting new projects we’ve been working behind the scenes at the intersection of big-data and computation platforms – YuniKorn! Yunikorn is a new standalone universal resource-scheduler responsible for allocating/managing resources for big-data workloads including batch jobs and long-running services. YuniKorn is a light-weight, universal resource scheduler for container orchestrator systems.
Read More
Whats new in Kubernetes 1.15?
Another outstanding Kubernetes release, this time focused on making the CustomResource a first class citizen in your cluster, allowing for better extensibility and maintainability. But wait, there is much more! Here is the full list of what’s new in Kubernetes 1.15.
Read More
Introducing Volume Cloning Alpha for Kubernetes
Kubernetes v1.15 introduces alpha support for volume cloning. This feature allows you to create new volumes using the contents of existing volumes in the user’s namespace using the Kubernetes API. Many storage systems provide the ability to create a “clone” of a volume.
Read More
Future of CRDs: Structural Schemas
CustomResourceDefinitions were introduced roughly two years ago as the primary way to extend the Kubernetes API with custom resources. From the beginning they stored arbitrary JSON data, with the exception that kind, apiVersion and metadata had to follow the Kubernetes API conventions. In Kubernetes 1.8 CRDs gained the ability to define an optional OpenAPI v3 based validation schema.
Read More
Kubernetes 1.15: Extensibility and Continuous Improvement
We’re pleased to announce the delivery of Kubernetes 1.15, our second release of 2019! Kubernetes 1.15 consists of 25 enhancements: 2 moving to stable, 13 in beta, and 10 in alpha. The main themes of this release are: Continuous ImprovementProject sustainability is not just about features.
Read More
How to monitor Golden signals in Kubernetes
What are Golden signals metrics? How do you monitor golden signals in Kubernetes applications? Golden signals can help to detect issues of a microservices application.
Read More
Chaos Engineering Kubernetes with the Litmus Framework
Litmus is an open source chaos engineering framework for Kubernetes environments running stateful applications. Created by MayaData, Litmus enables users to run test suites, capture logs, generate rep The book Mastering Collaboration by Gretchen Anderson provides techniques and exercises that can be used to improve collaboration in teams and between teams and their environment.
Read More
KubeCon EU 2019: Top 10 Takeaways
The Datawire team and I have returned home from an awesome time last week where we attended KubeCon and CloudNativeCon in Barcelona. Together, we were part of six talks at KubeCon, staffed a packed booth with amazing T-shirts (if I do say so myself!), spoke to dozens of community members, and attended some fantastic talks. As there was so much goodness on offer at KubeCon EU, I’ve tried to summarise some of my key observations in this blog post.
Read More
Deploying active-active Postgresql on Kubernetes
Kubernetes is a very popular container orchestration framework. I’ll show you how to get Symmetric-DS working on a single Kubernetes instance.
Read More
How big companies are using Kubernetes
Kubernetes’ increased adoption is showcased by a number of influential companies which have integrated the technology into their services. Let us take a look at how some of the biggest companies of our time are successfully using Kubernetes. The Docker adoption is still growing exponentially, more and more companies have started using it in Production.
Read More
Command-line tools for Kubernetes: kubectl, stern, kubectx, kubens
If you’ve ever worked with your hands, you know that you can’t do the job right without the right tools. That adage carries over quite well to software development as well. The right tools can make the difference between success or failure, regardless of the underlying technology.
Read More
Kyma – extend and build on Kubernetes with ease
According to this recently completed CNCF Survey, the adoption rate of Cloud Native technologies in production is growing rapidly. Kubernetes is at the heart of this technological revolution. Naturally, the growth of cloud native technologies has been accompanied by the growth of the ecosystem that surrounds it.
Read More
Setting up Kubernetes Network Policies
The container orchestrator war is over, and Kubernetes has won. With companies large and small rapidly adopting the platform, security has emerged as an important concern — partly because of the learning curve inherent in understanding any new infrastructure, and partly because of recently announced vulnerabilities. Kubernetes brings another security dynamic to the table — its defaults are geared towards making it easy for users to get up and running quickly, as well as being backward compatible with earlier releases of Kubernetes that lacked important security features.
Read More
Introducing kube-iptables-tailer: Better Networking Visibility in Kubernetes Clusters
At Box, we use Kubernetes to empower our engineers to own the whole lifecycle of their microservices. When it comes to networking, our engineers use Tigera’s Project Calico to declaratively manage network policies for their apps running in our Kubernetes clusters. App owners define a Calico policy in order to enable their Pods to send/receive network traffic, which is instantiated as iptables rules.
Read More
The Future of Cloud Providers in Kubernetes
Approximately 9 months ago, the Kubernetes community agreed to form the Cloud Provider Special Interest Group (SIG). The justification was to have a single governing SIG to own and shape the integration points between Kubernetes and the many cloud providers it supported. A lot has been in motion since then and we’re here to share with you what has been accomplished so far and what we hope to see in the future.
Read More
Pod Priority and Preemption in Kubernetes
Kubernetes is well-known for running scalable workloads. It scales your workloads based on their resource usage. When a workload is scaled up, more instances of the application get created.
Read More
Kubernetes Ingress Past, Present, and Future
This post was inspired by listening to the February 19, 2019, Kubernetes Podcast, “Ingress, with Tim Hockin.” The Kubernetes Podcast is turning out to be a very well done podcast overall, and well worth the listen. In the Ingress episode, the podcasters interview Tim Hockin who’s one of the original Kubernetes co-founders, a team lead on the Kubernetes predecessor Borg/Omega, and is still very active within the Kubernetes community such as chairing the Kubernetes Network Special Interest Group that currently own the Ingress resource specification.
Read More
Tinder’s move to Kubernetes
Almost two years ago, Tinder decided to move its platform to Kubernetes. Kubernetes afforded us an opportunity to drive Tinder Engineering toward containerization and low-touch operation through immutable deployment. Application build, deployment, and infrastructure would be defined as code.
Read More
What’s new in Kubernetes 1.14?
What’s new for Kubernetes 1.14. A preview of the enhancements and new features that Kubernetes 1.14 will contain when released on March 25 2019. A colossal effort spanning almost 3 years, SIG-Windows is promoting the support of Windows Containers to stable.
Read More
Kubernetes End-to-end Testing for Everyone
Implementing a test suite. This is the main focus of this blog post. The Kubernetes E2E framework is written in Go.
Read More
A Guide to Kubernetes Admission Controllers
Kubernetes has greatly improved the speed and manageability of backend clusters in production today. Kubernetes has emerged as the de facto standard in container orchestrators thanks to its flexibility, scalability, and ease of use. Kubernetes also provides a range of features that secure production workloads.
Read More
Detecting the Kubernetes API server DoS vulnerability (CVE-2019-1002100).
Recently, a new Kubernetes related vulnerability was announced that affected the kube-apiserver. This was a denial of service vulnerability where authorized users with write permissions could overload the API server as it is handling requests. The issue is categorized as a medium severity (CVSS score of 6.5) and can be resolved by upgrading the kube-apiserver to v1.11.8, v1.12.6, or v1.13.4.
Read More
Announcing Istio 1.1
Since we released 1.0 back in July, we’ve done a lot of work to help people get into production. Not surprisingly, we had to do some patch releases (6 so far!), but we’ve also been hard at work adding new features to the product. The theme for 1.1 is Enterprise Ready.
Read More
Blog: KubeEdge, a Kubernetes Native Edge Computing Framework
KubeEdge becomes the first Kubernetes Native Edge Computing Platform with both Edge and Cloud components open sourced! Open source edge computing is going through its most dynamic phase of development in the industry. So many open source platforms, so many consolidations and so many initiatives for standardization!
Read More
Inside Kubernetes RBAC
Kubernetes is a Container Orchestration Engine designed to host containerized applications on a set of nodes, commonly referred to as a cluster. Using a systems modeling approach, this series aims to advance the understanding of Kubernetes and its underlying concepts. The Kubernetes API is an Http API that provides Create/Read/Update/Delete access to query and modify the Kubernetes Object Store.
Read More
Kubernetes Metrics and Monitoring
This post explores the current state of metrics and monitoring in Kubernetes by walking through the gradual thought process that I experienced when learning this topic. Kubernetes needs some metrics for it’s basic out-of-the-box functionality, like autoscaling and scheduling. This is regardless of any monitoring solution you may want for the purpose of troubleshooting and alerting.
Read More
Kubernetes Operations: Prioritize Workload in Overcommitted Clusters
One of the benefits in adopting a system like Kubernetes is facilitating burst-able and scalable workload. Horizontal application scaling involves adding or removing instances of an application to match demand. Kubernetes Horizontal Pod Autoscaler enables automated pod scaling based on demand.
Read More
Kubernetes at CERN: Use Cases, Integration and Challenges
Kubernetes at CERN: Use Cases, Integration and Challenges.
Read More
Istio and Kubernetes in production. Part 2. Tracing
In the previous post, we took a look at the building blocks of Service Mesh Istio, got familiar with the system, and went through the questions that new Istio users often ask. In this post, we will look at how to organize the collection of tracing information over the network. The first thing that developers and system administrators think about when they hear the term Service Mesh is tracing.
Read More
Poseidon-Firmament Scheduler – Flow Network Graph Based Scheduler
In this blog post, we briefly describe the novel Firmament flow network graph based scheduling approach (OSDI paper) in Kubernetes. We specifically describe the Firmament Scheduler and how it integrates with the Kubernetes cluster manager using Poseidon as the integration glue. We have seen extremely impressive scheduling throughput performance benchmarking numbers with this novel scheduling approach.
Read More
The State of Kubernetes Configuration Management
Configuration management is a hard, unsolved problem. We share some unique insights about the strengths and weaknesses of several popular K8s config management tools. Of all the problems we have confronted, the ones over which the most brainpower, ink, and code have been spilled are related to managing configurations.
Read More
Docker and Kubernetes in high security environments
This is brief summary of parts of my master’s thesis and the conclusions to draw from it. This medium-story focuses on containerized application isolation. The thesis also covers segmentation of cluster networks in Kubernetes which is not discussed in this story.
Read More
Reaching for the Stars with Ansible Operator
In this post I will show you how to use Roles published to Ansible Galaxy as an Operator to manage an application in Kubernetes. Reusing a Role in this way provides an example of how to create an Operator that simply installs an application with the flexibility to expand and customize the behavior organically as requirements dictate. I will leverage both the Ansible Operator and the k8s module to demonstrate how you can use Ansible to create Kubernetes native applications.
Read More
Server Name Indication (SNI) Support Now in Ambassador
We’ve discussed many interesting use cases for SNI support within the edge proxy/gateway with both open source and commercially supported users of Ambassador. In a nutshell (and with thanks to Wikipedia), SNI is an extension to the TLS protocol which allows a client to indicate which hostname it is attempting to connect to at the start of the TCP handshaking process. This allows the server to present multiple certificates on the same IP address and TCP port number, which in turn enables the serving of multiple secure websites or API services without requiring all those sites to use the same certificate.
Read More
Jaeger integration in Kiali
Kiali has the ability to show traces obtained from Istio. Jaeger collects traces for monitoring and troubleshooting microservices-based distributed systems, and both Istio and Kiali use the data that Jaeger provides. Originally this was done via a separate tab in the UI.
Read More
Help! Something is wrong with my Jaeger installation!
Jaeger is composed of different components, each potentially running in its own host. It might be the case that one of these moving parts isn’t working properly, causing spans to not be processed and stored. When something goes wrong, make sure to check the items listed here.
Read More
Container Storage Interface (CSI) for Kubernetes GA
The Kubernetes implementation of the Container Storage Interface (CSI) has been promoted to GA in the Kubernetes v1.13 release. Support for CSI was introduced as alpha in Kubernetes v1.9 release, and promoted to beta in the Kubernetes v1.10 release. The GA milestone indicates that Kubernetes users may depend on the feature and its API without fear of backwards incompatible changes in future causing regressions.
Read More
APIServer dry-run and kubectl diff
Declarative configuration management, also known as configuration-as-code, is one of the key strengths of Kubernetes. It allows users to commit the desired state of the cluster, and to keep track of the different versions, improve auditing and automation through CI/CD pipelines. The Apply working-group is working on fixing some of the gaps, and is happy to announce that Kubernetes 1.13 promoted server-side dry-run and kubectl diff to beta.
Read More
Sidestepping Dependency Ordering with AppSwitch
We are going through an interesting cycle of application decomposition and recomposition. While the microservice paradigm is driving monolithic applications to be broken into separate individual services, the service mesh approach is helping them to be connected back together into well-structured applications. As such, microservices are logically separate but not independent.
Read More
CVE-2018-18264 Privilege escalation through Kubernetes dashboard
A recently disclosed vulnerability in Kubernetes dashboard (CVE-2018-18264) exposes secrets to unauthenticated users. In this blog post we’ll explore some key takeaways regarding monitoring privilege escalation on Kubernetes. The Kubernetes dashboard is a web based user interface that allows users to manage applications and resources within the cluster.
Read More
Running Kubernetes in the Federal Government
Tackling security compliance is a long and challenging process for agencies, systems integrators, and vendors trying to launch new information systems in the federal government. Each new information system must go through the Risk Management Framework (RMF) created by the National Institute of Standards and Technology (NIST) in order to obtain authority to operate (ATO). This process is often long and tedious and can last for over a year.
Read More
Rate Limiting at the Edge
I’m sure many of you have heard of the “Death Star Security” model—the hardening of the perimeter, without much attention paid to the inner core—and while this is generally considered bad form in the current cloud native landscape, there is still many things that do need to be implemented at edge in order to provide both operational and business logic support. One of these things is rate limiting. Modern applications and APIs can experience a burst of traffic over a short time period, for both good and bad reasons, but this needs to be managed well if your business model relies upon the successful completion of requests by paying customers.
Read More
Combining Federation V2 and Istio Multicluster
In a previous post, we saw how to leverage Istio Multicluster to deploy an application (bookinfo) on multiple Red Hat OpenShift clusters and apply mesh policies on all of the deployed services. We also saw that the deployment process was relatively complex. In this post we are going to see how Federation V2 can help simplify the process of deploying an application to multiple clusters.
Read More
Write operators for databases in Kubernetes with KubeDB
Running production quality databases in Kubernetes can be quite a hassle. But KubeDB promises to solve all your problems. Let’s have a quick look at this framework.
Read More
Kubernetes Failure Stories
I started to compile a list of public failure/horror stories related to Kubernetes. It should make it easier for people tasked with operations to find outage reports to learn from. Since we started with Kubernetes at Zalando in 2016, we collected many internal postmortems.
Read More
Deployment strategies for the Jaeger Agent
If you’ve been following the evolution of the Kubernetes templates for Jaeger, you might have noticed an important change recently: the Jaeger Agent is not being deployed as a DaemonSet anymore. Instead, instructions are now being provided on how to deploy it as a “Sidecar”. The Agent component was developed to act as a “buffer” between the tracer and the collector.
Read More
A Crash Course For Running Istio
At Namely we’ve been running with Istio for a year now. Yes, that’s pretty much when it first came out. We had a major performance regression with a Kubernetes cluster, we wanted distributed tracing, and used Istio to bootstrap Jaeger to investigate.
Read More
PostgreSQL across clouds and on-premises
PostgreSQL is a very popular open source relational database. It’s been in active development for over 30 years and has achieved a very high level of reliability and performance, as well as a very robust feature set.
Read More
Envoy Proxy at Reddit
Reddit’s engineering team and product complexity has seen significant growth over the last three years. Facilitating that growth has taken a lot of behind-the-scenes evolution of Reddit’s backend infrastructure. One major component has been adopting a service-oriented architecture, and a significant facet of that has been evolving service-to-service discovery and communication.
Read More
8 emerging trends in container orchestration
Containerization is now officially mainstream. A quarter of Datadog’s total customer base has adopted Docker and other container technologies, and half of the companies with more than 1,000 hosts have done so. As containers take a more prominent place in the infrastructure landscape, we see our customers adding automation and orchestration to help manage their fleets of ephemeral containers.
Read More
8 emerging trends in container orchestration
Containerization is now officially mainstream. A quarter of Datadog’s total customer base has adopted Docker and other container technologies, and half of the companies with more than 1,000 hosts have done so. As containers take a more prominent place in the infrastructure landscape, we see our customers adding automation and orchestration to help manage their fleets of ephemeral containers.
Read More
Istio Multicluster
Istio Multicluster is a feature of Istio–the basis of Red Hat OpenShift Service Mesh–that allows for the extension of the service mesh across multiple Kubernetes or Red Hat OpenShift clusters. The primary goal of this feature is to enable control of services deployed across multiple clusters with a single control plane. The main requirement for Istio multicluster to work is that the pods in the mesh and the Istio control plane can talk to each other.
Read More
Kubernetes Federation V2
With datacenters spread across the globe, users are increasingly looking at ways to spread their applications and services across multiple locales or clusters. This need is driven by multiple use cases: from providing high availability, spreading load across multiple clusters while being resilient to individual cluster failures; to avoiding provider lock-in by using hybrid cloud … With datacenters spread across the globe, users are increasingly looking at ways to spread their applications and services across multiple locales or clusters.
Read More
Moving from Kube2Iam to Kiam
At Ibotta, we chose kube2iam to assign AWS IAM Roles to containers running in our Kubernetes cluster. Lately, we’ve run into some issues with it—specifically when running a job that scores all of our service repos. This spins up a number of pods in parallel and has often failed to correctly access roles.
Read More
Kubernetes Federation Evolution
Deploying applications to a kubernetes cluster is well defined and can in some cases be as simple as kubectl create -f app.yaml. The user’s story to deploy apps across multiple clusters has not been that simple. How should an app workload be distributed?
Read More
Knative: bringing serverless to Kubernetes everywhere
Knative, the open-source framework that provides serverless building blocks for Kubernetes, is on a roll, and GKE serverless add-on, the first commercial Knative offering that we announced this summer, is enjoying strong uptake with our customers. Today, we are announcing that we’ve updated GKE serverless add-on to support Knative 0.2. In addition, today at KubeCon, RedHat, IBM, and SAP announced their own commercial offerings based on Knative.
Read More
Introducing Shipper
Booking.com is proud to announce the first public release of Shipper, an open source project that provides powerful, customizable rollouts to one or manyKubernetes clusters. Shipper uses Helm charts and native Kubernetes concepts to make it easy for anyone to set up blue/green or canary rollouts for their applications. The current release uses vanilla Kubernetes traffic shifting, so you don’t need a service mesh provider to get started.
Read More
Kubernetes’ first major security hole discovered
Kubernetes has become the most popular cloud container orchestration system by far, so it was only a matter of time until its first major security hole was discovered. And the bug, CVE-2018-1002105, aka the Kubernetes privilege escalation flaw, is a doozy. It’s a CVSS 9.8 critical security hole.
Read More
eBay Moves Away From OpenStack, Embraces Kubernetes and Docker
As part of an initiative to completely revamp its data center infrastructure, eBay is “re-platforming, using Kubernetes and Docker and moving away from OpenStack,” according to a message to SDxCentral from Mazen Rawashdeh, VP of platform engineering at eBay. In May 2017 at the OpenStack Summit in Boston, an eBay executive said that 95 percent of all eBay traffic ran on its OpenStack cloud, which at the time managed 167,000virtual machines(VMs) and 4,000 applications. But since then, eBay has pivoted away from OpenStack as part of a major three-year infrastructure initiative.
Read More
Kubernetes Containerd Integration Goes GA
Containerd 1.1 works with Kubernetes 1.10 and above, and supports all Kubernetes features. The test coverage of containerd integration on Google Cloud Platform in Kubernetes test infrastructure is now equivalent to the Docker integration (See: test dashboard). We’re very glad to see containerd rapidly grow to this big milestone.
Read More
Containers, Security and Echo chambers
There seems to be some confusion around sandboxing containers as of late, mostly because of the recent launch of gvisor. Before I get into the body of this post I would like to make one thing clear. I have no problem with gvisor itself.
Read More
Gardener: Manage Kubernetes clusters across multiple cloud providers
Many Open Source tools exist which help in creating and updating single Kubernetes clusters. However, the more clusters you need the harder it becomes to operate, monitor, manage and keep all of them alive and up-to-date. And that is exactly what project Gardener focuses on.
Read More
Gitkube – Deploy to Kubernetes Using Git Push
Ideal for development where you can push your WIP branch to the cluster to test. Reference implementation for writing git-based automation on your server. Fork this repo and create your own CRD + controller + git remote hook that can do things on the Kubernetes cluster.
Read More
Google Skaffold – Easy and Repeatable Kubernetes Development
Skaffold is a command line tool that facilitates continuous development for Kubernetes applications. You can iterate on your application source code locally then deploy to local or remote Kubernetes clusters. Skaffold handles the workflow for building, pushing and deploying your application.
Read More
Kubernetes Graduates from Cloud Native Computing Foundation (CNCF)
Established, global organizations like Uber, Bloomberg, Blackrock, BlaBlaCar, The New York Times, Lyft, eBay, Buffer, Squarespace, Ancestry, GolfNow, Goldman Sachs and many others use Kubernetes in production at massive scale. Furthermore, according to Redmonk, 71 percent of the Fortune 100 use containers and more than 50 percent of Fortune 100 companies use Kubernetes as their container orchestration platform.
Read More