This release brings 50 enhancements, up from 43 in Kubernetes 1.20 and 34 in Kubernetes 1.19. Of those 50 enhancements, 15 are graduating to Stable, 14 are existing features that keep improving, and a whopping 19 are completely new. It’s great to see old features, that have been around as long as 1.4, finally become GA. For example CronJob, PodDisruptionBudget, and sysctl support.

In April 2020, MalwareHunterTeam found a number of suspicious files in an open directory and posted about them in a series of tweets. Trend Micro later confirmed that these files were part of the first cryptojacking malware by TeamTNT, a cybercrime group that specializes in attacking the cloud—typically using a malicious Docker image—and has proven itself to be both resourceful and creative.

While containers are known for their multiple benefits for the enterprise, one should be aware of the complexity they carry, especially in large scale production environments. Having to deploy, reboot, upgrade or apply patches to patches to hundreds and hundreds of containers is no easy feat, even for experienced IT teams. Different types of Kubernetes solutions have emerged to address this issue.

In my last post (read here), we saw how CloudHedge enables enterprises to execute the transformation of WebSphere ND on Linux Apps to WebSphere Liberty Container in a non-intrusive way. As an addition to the previous post, this one talks about transforming WebSphere ND on AIX to WebSphere Liberty containers using CloudHedge’s App Modernization platform.

Lateral movement is a growing concern with cloud security. That is, once a piece of your cloud infrastructure is compromised, how far can an attacker reach? What often happens in famous attacks to Cloud environments is a vulnerable application that is publicly available can serve as an entry point. From there, attackers can try to move inside the cloud environment, trying to exfiltrate sensitive data or use the account for their own purpose, like crypto mining.

Implementing the AWS Foundations CIS Benchmarks will help you improve your cloud security posture in your AWS infrastructure. What entry points can attackers use to compromise your cloud infrastructure? Do all your users have multi-factor authentication setup? Are they using it? Are you providing more permissions that needed? Those are some questions this benchmark will help you answer. Keep reading for an overview on AWS CIS Benchmarks and tips to implement it.

Implementing effective threat detection for AWS requires visibility into all of your cloud services and containers. An application is composed of a number of elements: hosts, virtual machines, containers, clusters, stored information, and input/output data streams. When you add configuration and user management to the mix, it’s clear that there is a lot to secure!

This hands-on Flux tutorial explores how Flux can be used at the end of your continuous integration pipeline to deploy your applications to Kubernetes clusters.

We're very proud to announce that we have been accepted by the Cloud Native Computing Foundation (CNCF) as a conformant Certified Kubernetes provider for our v1.20 Civo Kubernetes product based on K3s. Every small business starts with a goal of competing with the big fish of the industry, and a huge part of that is having the certification to prove you're providing a compatible service. We're now in the company of some really inspirational organisations...

Speedscale ‘SpeedChat’ Episode 2: Shift-Left vs. Shift-Right Throwdown featuring Nate Lee (Founder, Speedscale), Ken Ahrens (Founder, Speedscale) and Jason English (Principal Analyst, Intellyx).

In today’s digital landscape, users expect applications to be available at all times and developers are expected to deploy new versions of these applications several times a day. Both of these expectations can be met by upgrading your Kubernetes cluster. Kubernetes is constantly getting new features and security updates, so your Kubernetes cluster needs to be kept up-to-date as well.

Kubernetes orchestrates clusters of machines to run container-based workloads. Building on the success of the container-based development model, it provides the tools to operate containers reliably at scale. The container-based development methodology is popular outside just the realm of open source and Linux though.

DevOps tool of the month is a series, where each month I will introduce one new useful DevOps tool in 2021 For March I chose: Shipa – Shipa’s cloud native application management framework makes working with Kubernetes for developers extremely easy.

Following the Open Operator Collection announcement from November, Canonical is today proud to announce the availability of Juju Operator Lifecycle Manager (OLM) 2.9. This new release of Juju brings new capabilities for Kubernetes operators as well as smooth integration with the Open Operator Collection.

During the next seven weeks, our team will work to improve the overall experience of Qovery. We gathered all your feedback (thank you to our wonderful community 🙏), and we decided to make significant changes to make Qovery a better place to deploy and manage your apps. This series will reveal all the changes and features you will get in the next major release of Qovery. Let's go!

Argo Rollouts is a progressive delivery controller created for Kubernetes. It allows you to deploy your application with minimal/zero downtime by adopting a gradual way of deploying instead of taking an “all at once” approach.

Wouldn’t it be handy to quickly spin up a Kubernetes cluster for CI testing, on-demand? Interested? If so, read on! Here at Codefresh, many of our customers develop Kubernetes-native applications. A common CI task is to create a Kubernetes cluster to test out deployment processes and integrations. Often, such tests can be greatly simplified if this cluster is ephemeral – that is, it is created on-demand for each build of a test pipeline.

Security remains a consistent priority for cloud providers to ensure that customers are always protected, data is secure and applications are safe. Users of Google Kubernetes Engine (GKE) are provided with ways to maintain the integrity of the compute instances that applications are running on top of.

Monitoring the current state and performance of applications is critical for IT Ops and DevOps teams alike. Understanding the health of an application is one of the most effective ways of anticipating potential bottlenecks or slowdowns, yet it’s one of the largest challenges faced by many organizations that build and deploy software. This is largely due to applications’ distributed and diversified nature.

Welcome to another monthly update on what’s new from Sysdig. Our team continues to work hard to bring great new features to all of our customers, automatically and for free! This month was mostly about compliance and a PromQL Query Explorer! Have a look below for the details. We have added a number of new compliance standards to our compliance dashboards page, making it even easier for our customers to quickly (and continuously!) check how well they’d do from an audit.

D2iQ Konvoy provides controls to easily upgrade Kubernetes itself, Kubernetes add-ons, like Prometheus, or the Konvoy CLI independently. Best of all, upgrades can be performed in place without disruption. This tutorial will cover how to upgrade node pools, or specify the upgrade based on specific node pools. We’ll also walk through how to upgrade in parallel, or specify the number of concurrent nodes to upgrade. To get started, take a look at the cluster config.

It’s with immense pride and excitement we can announce that Civo is coming out of beta! When we planned out our beta program, which we called #KUBE100, our first priority was getting real-world feedback from a wide range of developers, all at various stages in their Kubernetes journey. We wanted to create a Kubernetes platform that plugged the gaps we saw in the industry – speed of deployment, ease of use, and a simple billing model.

Server 3.x, which is now available to all CircleCI customers, was designed to meet the strictest security, compliance, and regulatory restraints. This self-hosted solution can scale under heavy workloads, all within your team’s Kubernetes cluster on your private network, but with the dynamically scaling cloud experience of CircleCI. Offering an exceptional on-premise service means keeping that service up-to-date with the latest releases.

Containers have revolutionized how we distribute applications by allowing replicated test environments, portability, resource efficiency, scalability and unmatched isolation capabilities. While containers help us package applications for easier deployment and updating, we need a set of specialized tools to manage them.

During the next eight weeks, our team will work to improve the overall experience of Qovery. We gathered all your feedback (thank you to our wonderful community 🙏), and we decided to make significant changes to make Qovery a better place to deploy and manage your apps. This series will reveal all the changes and features you will get in the next major release of Qovery. Let's go! Read the previous article: The Future of Qovery - Week #2.

Speedscale ‘SpeedChat’ Episode 1: Discussing software product management, ‘dogfooding’ and scaling quickly for product/market fit without breaking things.

D2iQ Konvoy simplifies the deployment on Azure by providing a command line interface to automate the deployment and operations of Kubernetes clusters all in one place. In this tutorial, we’ll show you the provisioning of an enterprise-grade Kubernetes cluster on Azure using a single command. Before we get started, let’s talk about a few prerequisites you’ll need: First, download the D2iQ Konvoy installer and authenticate it to your Azure account.

As we wrap up the first quarter of 2021, we wanted to talk about things we should be doing as part of a cloud native strategy for the remaining 3/4 of the year. Moving from traditional monolithic. architectures to a modern microservices approach has many benefits, but still has the greater majority of us baffled in terms of tapping into its full potential.

Unifying three distinct teams—development, security, and operations—around a common approach to get application releases to production is challenging. This post explores how Tanzu Labs partnered with a major branch of the Department of Defense (DoD) to build an automated DevSecOps process using VMware Tanzu and several open source tools.

Keeping your distributed systems running smoothly has never been easy. To that end, Healthwatch for VMware Tanzu created an “out of the box” option for tracking the health of your app platform. The module proved to be a big upgrade from homegrown monitoring toolchains. Platform teams have since come to rely on Healthwatch’s curated indicators, alerts, and visualizations.

When running AKS clusters, ideally you want the compute infrastructure to adapt to your Kubernetes workload and not the other way around. VMs should automatically match your application requirements all the time without labor-intensive, hands-on management, and of course, your Azure bill should be as low-cost as possible. However, in trying to achieve this ideal, AKS and Kubernetes users in general, still face significant operational challenges.

It’s been six years since Kubernetes v1.0 was released in 2015, and since then it’s become a critical technology foundation to deploy modern, cloud native applications with speed, develop them with agility and scale them with flexibility. With a fast-maturing ecosystem, advancements in tooling are making it possible for a new wave of applications to be deployed on Kubernetes.

The use of honeypots in an IT network is a well-known technique to detect bad actors within your network and gain insight into what they are doing. By exposing simulated or intentionally vulnerable applications in your network and monitoring for access, they act as a canary to notify the blue team of the intrusion and stall the attacker’s progress from reaching actual sensitive applications and data.

We are excited to share that technology research and analysis provider GigaOm has named VMware Tanzu Observability as a fast-moving leader in its forward-looking assessment of the cloud observability vendor space in 2021. Its cloud observability report considered solution connections; data integration and processing; performance management; root cause analysis; and full-stack observability.

AWS Fargate is a technology that you can use with Amazon ECS to run containers without having to manage servers or clusters of Amazon EC2 instances. With AWS Fargate, you no longer have to provision, configure, or scale clusters of virtual machines to run containers. This removes the need to choose server types, decide when to scale your clusters, or optimize cluster packing. In short, users offload the virtual machines management to AWS while focusing on task management.

The rapid pace of updates and upgrades to operating systems, software frameworks, libraries, programming language versions – a boon to the future of fast-paced software development, has also come to slightly bite us in the back because of having to manage these very many dependencies with their different versions across different environments.

App Modernization is the way forward, especially when you have hundreds of enterprise WebSphere applications nesting on AIX. These applications are age-old, heavy, and expensive to manage and modernize. This causes a huge roadblock especially when your business is growing and your apps need to be scalable, cost-efficient to run and should be highly available. CloudHedge removes the major barrier to AIX WebSphere containerization using the Automated Application Modernization Platform.

Kubernetes is hard, but lets make monitoring and alerting for Kubernetes simple! At iLert we are creating architectures composed of microservices and serverless functions that scale massively and seamlessly to guarantee our customers uninterrupted access to our services. As many others in the industry we are relying on Kubernetes when it comes to the orchestration of our services.

Today, AWS announced the general availability of Amazon ECS Exec, a powerful feature to allow developers to run commands inside their ECS containers. Amazon Elastic Container Service (ECS) is a fully managed container orchestration service by Amazon Web Services. ECS allows you to organize and operate container resources on the AWS cloud, and allows you to mix Amazon EC2 and AWS Fargate workloads for high scalability.

If your organization is planning to use AWS for deploying new releases, the deployment process can be tricky for teams outside of operations to learn and use, especially for those who don’t have expertise in the tooling to automate deployment. And, because there are several ways to deploy Kubernetes on AWS, including Amazon’s own EKS, understanding the different deployment options can be tough to navigate.

Kubernetes can bring a wide collection of advantages to a development organization, but efficiently deploying applications to Kubernetes is something many organizations are still working to perfect. Properly using Kubernetes can significantly improve productivity, empower you to better utilize your cloud spend, and improve application stability and reliability. On the flip side, if you are not properly leveraging Kubernetes, your would-be benefits become drawbacks.

One of the major considerations when modernizing applications is how and where they’re going to be hosted—what we call landing zones. Today, you have a wide variety of options that includes, at least, some combination of on-prem, public cloud(s), Kubernetes, VMs, PaaS, and bare metal. Because of the dynamic nature of applications and the complexities of enterprise IT budgets, choosing is rarely as simple as just identifying the least expensive option.

During the next nine weeks, our team will work to improve the overall experience of Qovery. We gathered all your feedback (thank you to our wonderful community 🙏), and we decided to make significant changes to make Qovery a better place to deploy and manage your apps. This series will reveal all the changes and features you will get in the next major release of Qovery. Let's go!

Welcome to part 3 of the blog series where we go through how to forward container logs from Amazon ECS and Fargate to Splunk. In part 1, Splunking AWS ECS Part 1: Setting Up AWS And Splunk, we focused on understanding what ECS and Fargate are, along with how to get AWS and Splunk ready for log routing to Splunk’s Data-to-Everything Platform.

Getting started with PromQL can be challenging when you first arrive in the fascinating world of Prometheus. Since Prometheus stores data in a time-series data model, queries in a Prometheus server are radically different from good old SQL. Understanding how data is managed in Prometheus is key to learning how to write good, performant PromQL queries. This article will introduce you to the PromQL basics and provide a cheat sheet you can download to dig deeper into Prometheus and PromQL.

Today’s enterprise organizations are using some form of multi-cloud infrastructure, and the numbers don’t lie. According to Flexera’s 2020 State of the Cloud report, an average of 2.2 public clouds are being used per enterprise company. And in a different report from the Everest Group, 58% of enterprise workloads are on hybrid or private cloud. The sheer increase in multi-cloud usage illustrates it’s growing popularity across enterprises.

In this episode of ShipTalk, Jim Shilts, Developer Advocate at Shipa and the Founder and President of North American DevOps Group (NADOG), chats with Ravi Lachhman, Evangelist at Harness on the “Shifting Complexities in DevOps.” Jim has been working on solving engineering efficiency problems for over 20 years, working at firms such as Build Forge and Electric Cloud, pre-dating the inception of Hudson/Jenkins.

Every business is looking for ways to win new customers and retain existing ones. To that end, they need to provide a compelling user experience and consistently push new business ideas into the market before their competitors do by running software in production in a way that is fast, secure, and scalable.

CVE-2020-13942 is a critical vulnerability that affects the Apache open source application Unomi, and allows a remote attacker to execute arbitrary code. In the versions prior to 1.5.1, Apache Unomi allowed remote attackers to send malicious requests with MVEL and OGNL expressions that could contain arbitrary code, resulting in Remote Code Execution (RCE) with the privileges of the Unomi application.

Each day, more and more companies consider opting for cloud-based solutions, and they almost always end up adopting them to some extent. While the increasing popularity of cloud services may be a significant factor in accelerating the adoption rate of cloud-based solutions, some individuals remain skeptical of migrating their applications to the cloud due to unfamiliar territory.

Learn how to prevent security issues and optimize containerized applications by applying a quick set of Dockerfile best practices in your image builds. If you are familiar with containerized applications and microservices, you might have realized that your services might be micro; but detecting vulnerabilities, investigating security issues, and reporting and fixing them after the deployment is making your management overhead macro.

This blog will take you on a step-by-step journey to show you how you can leverage your Kubernetes cluster resources to run your CI/CD workflows using the Codefresh hybrid solution. What Is the Codefresh Hybrid Solution and How Does It Work? The Codefresh hybrid solution provides you with a way of running the platform’s workflows on your Kubernetes resources, keeping your private resources safe while enjoying the benefits of a SaaS solution.

Kubernetes can bring a wide collection of advantages to a development organization. Properly using Kubernetes can significantly improve productivity, empower you to better utilize your cloud spend, and improve application stability and reliability. On the flip side, if you are not properly leverag Kubernetes, your would-be benefits become drawbacks. As a developer, this can become incredibly frustrating when your focus is on delivering quality code fast.

If you feel intimidated by Kubernetes’ complexity but still need to modernize your business applications with containers, rest assured you’re not the only one. The container orchestration platform solves many problems but also creates new ones, so read on to find out about a new approach that can help you get just the benefits.

With the recent release of the VMware Customer Reliability Engineering (CRE) team’s Reliability Scanner, we wanted to take some time to expand on the namespace label check, including how labelling can be used for alert routing. The Reliability Scanner is a Sonobuoy plugin that allows an end user to include and configure a suggestive set of checks to be executed against a cluster.

vSphere with Tanzu brings together an integrated Kubernetes experience for VI admins and developers. Using vSphere as the infrastructure platform, managing the Kubernetes lifecycle becomes easier than ever. New features in vSphere with Tanzu U2 add more capabilities that make Kubernetes operations even more seamless. Let’s check it out. VMware NSX Advanced Load Balancer (formerly Avi Networks) provides a highly available and scalable load balancer and container ingress services.

Keep track of various tasks and services of containers running within ECS instances.

5G is in the process of transforming communications technology, enabling never-before-seen data transfer speeds and high-performance remote computing capabilities.

During the next ten weeks, our team will work to improve the overall experience of Qovery. We gathered all your feedback (thank you to our wonderful community 🙏), and we decided to make significant changes to make Qovery a better place to deploy and manage your apps. This series will reveal all the changes and features you will get in the next major release of Qovery. Let's go!

Windows containers have a Kubernetes home, but there’s a missing piece — end-to-end monitoring across the full stack. Learn how AppDynamics addresses this gap.

We are announcing the new PromQL Explorer for Sysdig Monitor that will help you easily understand your monitor data. The new PromQL Explorer allows you to write PromQL queries faster by automatically identifying the common labels among different metrics. It also allows you to interactively modify the PromQL results by using the visual label filtering

AWS Lambda is a serverless compute service that lets you run code without provisioning or managing servers. It is great if you want to create a cost-effective, on-demand service. You can use it as part of a bigger project where you have multiple services or as a standalone service to do a certain task like controlling Alexa Skill.

In this blog post, we’re going to talk about k3d, a tool that allows you to run throwaway Kubernetes clusters anywhere you have Docker installed. I’ve anticipated your questions…so let’s go!

The privilege escalation category inside MITRE ATT&CK covers quite a few techniques an adversary can use to escalate privileges inside a system. Familiarizing yourself with these techniques will help secure your infrastructure. MITRE ATT&CK is a comprehensive knowledge base that analyzes all of the tactics, techniques, and procedures (TTPs) that advanced threat actors could possibly use in their attacks.

Troubleshooting an application running on Google Kubernetes Engine (GKE) often means poking around various tools to find the key bit of information in your logs that leads to the root cause. With Cloud Operations, our integrated management suite, we’re working hard to provide the information that you need right where and when you need it. Today, we’re bringing GKE logs closer to where you are—in the Cloud Console—with a new logs tab in your GKE resource details pages.

Tigera, in collaboration with Microsoft, is thrilled to announce the public preview of Calico for Windows on Azure Kubernetes Service (AKS). While Calico has been available for self-managed Kubernetes workloads on Azure since 2018, many organizations are migrating their .NET and Windows workloads to the managed Kubernetes environment offered by AKS.

CEO and Founder, Shipa Corp We see people talking more and more about Kubernetes these days, and if I have to guess, these conversations will continue to grow. Still, the reality is that most enterprise companies are just starting to explore Kubernetes, or they are at the very early stages of scaling it. As you deploy production-grade apps on Kubernetes, both developers and DevOps teams realize that operationalizing applications on Kubernetes can be way more complicated than expected.

AWS Fargate provides a way to use AWS container orchestration services—Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS)—without needing to provision and maintain the infrastructure that runs your containers. Fargate is similar to serverless container platforms from Google (Cloud Run) and Microsoft (AKS virtual nodes).

In Part 1 of this series, we showed you the key metrics you can monitor to understand the health of your Amazon ECS and Amazon EKS clusters running on AWS Fargate. In this post, we’ll show you how you can: You can use Amazon CloudWatch and related AWS services to gain visibility into your ECS clusters and the Fargate infrastructure that runs them.

In Part 1 of this series, we looked at the important metrics to monitor when you’re running ECS or EKS on AWS Fargate. In Part 2 we showed you how to use Amazon CloudWatch and other tools to collect those metrics plus logs from your application containers. Fargate’s serverless container platform helps users deploy and manage ECS and EKS applications, but the dynamic nature of containers makes them challenging to monitor.

First of all what is appfleet? appfleet is an edge compute platform that allows people to deploy their web applications globally. Instead of running your code in a single centralized location you can now run it everywhere, at the same time. In simpler terms appfleet is a next-gen CDN, instead of being limited to only serving static content closer to your users you can now do the same thing for your whole codebase. Run the whole thing where just your cache used to be.

Putting it simply, it is how you do DevOps in Git. You store and manage your deployments using Git repositories as the version control system for tracking changes in your applications or, as everyone likes to say, “Git as a single source of truth.”