It has been five months since we announced project Harvester, open source hyperconverged infrastructure (HCI) software built using Kubernetes. Since then, we’ve received a lot of feedback from the early adopters. This feedback has encouraged us and helped in shaping Harvester’s roadmap. Today, I am excited to announce the Harvester v0.2.0 release, along with the Beta availability of the project!
ECS Anywhere allows you to use Amazon Web Services’ container service outside of the AWS cloud, and Canonical is proud to be a launch partner for this service. Using Ubuntu as the base OS for your ECS clusters on-prem or elsewhere will allow you to benefit from Ubuntu’s world-leading hardware support, professional services, and vast ecosystem, in turn allowing your ECS clusters to run with optimal performance everywhere you need it.
Amazon Elastic Container Service (ECS) is a managed compute platform for containers that was designed to be simple to configure, with opinionated defaults to help users get started quickly. ECS customers can run containerized workloads on either Amazon EC2 instances or the serverless Fargate platform without having to maintain a control plane—and can easily integrate ECS with other AWS resources, like Network Load Balancers, to architect their infrastructure.
Logz.io is always looking to improve the user experience when it comes to Kubernetes and monitoring your K8s architecture. We’ve taken another step with that, adding OpenTelemetry instrumentation with Helm charts. We have made Helm charts available before, previously with editions suitable for Metricbeat and for Prometheus operators.
In this article, you will find 10 practical Prometheus query examples for monitoring your Kubernetes cluster. So you are just getting started with Prometheus, and are figuring out how to write PromQL queries. At Sysdig, we’ve got you covered! A while ago, we created a PromQL getting started guide. Now we’ll jump in skipping the theory, directly with some PromQL examples.
Amazon Elastic Container Service (ECS) Anywhere enables you to simply run containers in whatever location makes the most sense for your business – including on-premises. Security is a key concern for organizations shifting to the cloud. Sysdig has validated our Secure DevOps platform with ECS Anywhere, giving AWS customers the security and visibility needed to run containers confidently on the new deployment model.
Manufacturing is more important than ever as governments, businesses, and individuals rely on the industry to drive innovation and economic prosperity through employment and exports, producing both essential and non-essential products that enhance our daily lives.
Argo Rollouts, part of the Argo project, recently released their 1.0 version. You can see the changelog and more details on the Github release page. If you are not familiar with Argo Rollouts, it is a Kubernetes Controller that deploys applications on your cluster. It replaces the default rolling-update strategy of Kubernetes with more advanced deployment methods such as blue/green and canary deployments.
Without a strategy in place, it will introduce a handful of challenges. Platform teams will be unable to do the following: As you’re defining policies for multi-tenant AKS, EKS, or GKE clusters, consider these tips: To help you get started on the right track, we created this cheatsheet for multi-tenancy success.
Welcome to another monthly update on what’s new from Sysdig. Eid Mubarak! Our team continues to work hard to bring great new features to all of our customers, automatically and for free! Most importantly, of course, was our recent funding round! I won’t repeat all the details as you can read more about what it means here. However, we are super excited about all the new feature improvements we can fund and bring to our customers!
Since Google first introduced Kubernetes, it’s become one of the most popular DevOps platforms on the market. Unfortunately, increasingly widespread usage has made Kubernetes a growing target for hackers. To illustrate the scale of the problem, a Stackrox report found that over 90% of respondents had experienced some form of security breach in 2020. These breaches were due primarily to poorly-implemented Kubernetes security.
Since the revolutionization of the concept by Docker in 2013, containers have become a mainstay in application development. Their speed and resource efficiency make them ideal for a DevOps environment as they allow developers to run software faster and more reliably, no matter where it is deployed. With containerization, it’s possible to move and scale several applications across clouds and data centers. However, this scalability can eventually become an operational challenge.
Kubernetes — a popular open source container orchestration system — enables you to easily deploy, monitor, and scale cloud-native application workloads in both private and public cloud environments. In other words, Kubernetes does the hard work of managing containerized applications, giving you more time to spend building it.
While Kubernetes is a very powerful and comprehensive application, it can also be very complicated and confusing to new users. Thankfully, the community is great at pulling together to try to tame the Kubernetes beasts, and as more users join the platform, more handy tools to help you manage your cluster are developed. Kubernetes Resources range from everyday helper tools to development tools to troubleshooting tools, and in this article we’ll discuss fifteen of the best ones.
In October 2020 we released the community-driven roadmap for 2021. It's time to revisit and see all the things we have completed from the list! I am very proud to say that at Civo we have taken the community suggestions and implemented most of them during the launch on May 4th 2021. Let's dive into each of the features listed in the original blog post and see where we are with the 2021 Civo Roadmap.
The CVE-2021-25737 low-level vulnerability has been found in Kubernetes kube-apiserver where an authorized user could redirect pod traffic to private networks on a Node. The kube-apiserver affected are: By exploiting the vulnerability, adversaries could be able to redirect pod traffic even though Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range.
In its mission to simplify building and running cloud-native applications for users, Amazon has announced the GA of AWS App Runner, a new purpose-built container application service. With security top of mind for most organizations shifting to the cloud, Sysdig has collaborated with AWS to enable threat detection for the new platform.
The Atlanta Startup Podcast is the briefing room for the innovation ecosystem, featuring the investors, founders and activators creating the fastest emerging venture capital ecosystem in the country. Ken Ahrens, founder and CEO of Speedscale sits down with Valor Investor, William Leonard in this episode.
Nobody wants to deal with annoying neighbors. Whether it’s the neighbor who always knows everyone’s business or the one who turns up their music late at night, both types of neighbors can have a negative impact on your living environment and daily life. Obnoxious neighbors aren't exclusive to just your physical living space, but in the public cloud where there are multiple Kubernetes clusters (EKS, AKS, or GKE) and multiple users (or tenants) with the need for cluster access.
When Kubernetes launches and schedules workloads in your cluster, such as during an update or scaling event, you can expect to see short-lived spikes in the number of Pending pods. As long as your cluster has sufficient resources, Pending pods usually transition to Running status on their own as the Kubernetes scheduler assigns them to suitable nodes. However, in some scenarios, Pending pods will fail to get scheduled until you fix the underlying problem.
Network Policy is a critical part of building a robust developer platform, but the learning curve to address complex real-world policies is not tiny. It is painful to get the YAML syntax right. There are many subtleties in the behavior of the network policy specification (e.g., default allow/deny, wildcarding, rules combination, etc.). Even an experienced Kubernetes YAML-wrangler can still easily tie their brain in knots working through an advanced network policy use case.
Today we’re excited to introduce the Kubernetes integration for Grafana Cloud, our composable observability platform bringing together metrics, logs, and traces with Grafana. Grafana Cloud users can now easily monitor and alert on core Kubernetes cluster metrics using the Grafana Agent, our lightweight observability data collector optimized for sending metric, log, and trace data to Grafana Cloud.
Spot by NetApp’s Ocean continuously optimizes Kubernetes clusters with a wide feature set tackling different aspects of running and managing Kubernetes containers in a cloud environment. To help users improve the efficiency and performance of their cloud environments, Ocean’s rightsizing capabilities provide recommendations that target over-provisioning and underutilization.
Observability is the key to solving problems quickly, and organizations use many tools to try to increase visibility in their environments so they don’t miss anything. Typical sources of observability include metrics, logs, and traces. The foundation of monitoring, metrics are predictable counts or measurements that are aggregated over a specific period of time. Timestamped records of discrete events that can store outputs from applications, systems, and services.
When you hear the word "Thanos," your first thought might be the Marvel Cinematic Universe villain from the Avengers: Infinity War film who seeks to collect the Infinity Stones and end half of all life in the universe. But if you mention the word to a data nerd, you're likely to get a very different response. Prometheus is a free and open-source platform for real-time systems and event monitoring and alerting.
What an exciting month, with PromCon Online 2021 and KubeCon EU 2021! These presentations were full of feature announcements, live demos, and inspiring use cases. Here are our highlights of the PromCon Online 2021!
Containers and Kubernetes have changed the way we operate applications. This has been a boon for Site Reliability Engineers (SREs) and DevOps professionals who handle infrastructure management. Yet, it has come at a cost to many who develop and operate applications. Their experience has become more complicated and cumbersome.
Whether you’re new to the cloud native space or an accomplished practitioner, you’re probably aware that there are many Kubernetes distributions to choose from. Maybe you’ve heard about the challenges of getting up and running with Kubernetes. Guess what? It doesn’t have to be hard. This blog provides an introduction to K3s, a lightweight CNCF-certified Kubernetes distribution. We’ll look at what makes K3s different from other Kubernetes distributions.
Security has always been a wide and complex topic. A recent survey from StackRox about the state of containers and Kubernetes security provides some interesting data on these topics. In this blog post, I’ll dive into some of the findings in that survey and introduce you to Kubewarden, an open source policy engine. A staggering 66 percent of the survey participants do not feel confident enough in the security measures they have in place.
Kubernetes capacity planning is one of the main challenges that infrastructure engineers have to face, as understanding Kubernetes limits and requests is not an easy thing. You might be reserving way more resources than you need to ensure your containers don’t run out of memory, or are CPU throttled. If you are in this situation, you’re going to be charged for those resources even if they aren’t being used, and it will also make deployments more difficult to schedule.
The container ecosystem is moving very fast and new tools designed specifically for Kubernetes clusters are introduced at a very fast pace. Even though several times a new tool is simply implementing a well-known mechanism (already present in the VM world) with a focus on containers, every once in a while we see tools that are designed from scratch rather than adapting a preexisting idea. One such tool is Komodor.
We are very excited to announce a key integration between VMware Tanzu and VMware Cloud on AWS that provides a significantly enhanced experience for our customers who want to deploy, run, and manage Kubernetes in VMware Cloud on AWS. With this integration, VMware Tanzu Mission Control now supports full lifecycle management—provisioning, upgrading, scaling, and deleting—of Tanzu Kubernetes clusters deployed on VMware Cloud on AWS.
To continuously innovate, many organizations are anchoring their infrastructure on container management solutions. The open source project Kubernetes is now the de facto standard for container management, and its popularity is growing in a number of ways. Here are some stats from a recent Cloud Native Computing Foundation (CNCF) survey.
I have recently seen quite a few articles and talks covering why organizations are aiming at implementing a developer platform to help speed up the adoption of microservices within their organizations but before we get started on discussing what a developer platform is, the developer experience and productivity on Kubernetes, and how different teams are working through it, let’s define some common ground.
Firstly, super excited to share that CloudHedge has successfully completed the IBM Cloud Paks certification, IBM has some stringent requirements for achieving this certification which includes having an Operator certified product listed on Red Hat Marketplace. CloudHedge’s intelligent App Modernization Platform enables enterprise customers to transform their legacy workloads to OpenShift container platform efficiently and effortlessly.
Fargate offers a great value proposition to AWS users: forget about virtual machines and just provision containers. Amazon will take care of the underlying hosts, so you will be able to focus on writing software instead of maintaining and upgrading a fleet of Linux instances. Fargate brings many benefits to the table, including small maintenance overhead, lower attack surface, and granular pricing. However, as any cloud asset, leaving your AWS Fargate tasks unattended can lead to nasty surprises.
Congratulations, you finally consider moving your apps to Kubernetes. It is a big day! Here is a checklist to ensure you did not forget anything essential to increase your chances of success using Kubernetes. We divided those points into three sections, from the most important to the least. Let’s go.
Speedscale was built primarily to provide engineering teams with better insight into their applications over time, replaying single transactions for root cause analysis that give developers and SREs confidence that tomorrow’s application code will work just as well in production as it did yesterday.
We’re excited to announce Calico v3.19.0! This release includes a number of cool new features as well as bug fixes. Thank you to each one of the contributors to this release! For detailed release notes, please go here. Here are some highlights from the release…
Spark is one of the most widely-used compute tools for big data analytics. It excels at real-time batch and stream processing, and powers machine learning, AI, NLP and data analysis applications. Thanks to its in-memory processing capabilities, Spark has risen in popularity. As Spark usage increases, the older Hadoop stack is on the decline with its various limitations that make it harder for data teams to realize business outcomes.
VMware Marketplace is a one stop-shop for VMware customers to discover, try, and deploy various third-party and open source solutions onto their VMware environments. All deployable assets on VMware Marketplace are pre-tested on their respective VMware environments, which empowers users to deploy them with confidence.
If technology applications are the building blocks of enterprises today, developers comprise the masonry team. At VMware, we seek to empower application developers, architects, platform and digital teams alike by giving them the ability to choose the right set of tools for their unique development needs and goals. We build deep, meaningful partnerships with industry peers to support our customers’ choices across their full technology stacks.
We are happy to announce that VMware Tanzu SQL with MySQL for Kubernetes 1.0 is generally available! Tanzu customers can easily run MySQL at scale on Kubernetes with this new release, which complements our existing Postgres engine for Kubernetes. Even better, with this new release Tanzu Advanced customers now have the two most popular open source operational databases included with their purchase.
In order to manage complex containerized applications, modern devops teams need to have deep visibility into the status of their Kubernetes resources. By listening directly to the Kubernetes API, the open source kube-state-metrics service generates key metrics about your Kubernetes objects, including pods, nodes, and deployments, which are essential for understanding the status and performance of your clusters.
One of the greatest challenges you may face when creating Kubernetes dashboards is getting the full picture of your cluster. Kubernetes is the de-facto standard for container orchestration, but it also has a very steep learning curve. We, at Sysdig, use Kubernetes ourselves, and also help hundreds of customers dealing with their clusters every day. We are happy to share all that expertise with you in the Kubernetes Dashboards.
When we launched Qovery in January 2020, our product was still a prototype, and we onboarded 53 developers to help them deploy their apps in the cloud. At the time, we were only 2 on the team, and our first employee (Patryk Jeziorowski) decided to join us after being one of our first users. 18 months later, 3004 developers from more than 110 countries use Qovery to deploy their apps on their AWS and Digital Ocean account.
In August 2020, Amazon announced Bottlerocket OS, a new open source Linux distribution that is built specifically for running container workloads. It comes out of the box with security hardening and support for transactional updates, allowing for greater ease in automating operating system updates, maintaining security compliance and reducing operational costs. Bottlerocket is designed to be able to run anywhere and, at launch, has a pre-built variant for Amazon EKS.
Testing in production simply means testing new code changes in production, with live traffic, in order to test the system’s reliability, resiliency, and stability. It helps teams solve bugs and other issues faster, as well as effectively analyze the performance of newly released changes. Its overall purpose is to expose problems that can’t be identified in non-production environments for reasons that may include not being able to mimic the concurrency, load, or user behavior.
Kubernetes enables teams to deploy and manage their own services, but this can lead to gaps in visibility as different teams create systems with varying configurations and resources. Without an established method for provisioning infrastructure, keeping track of these services becomes more challenging. Implementing infrastructure as code solves this problem by optimizing the process for provisioning and updating production-ready resources.
Infrastructure monitoring was difficult enough when entire businesses ran off a few bare metal servers in a dusty, forgotten closet. Other IT infrastructure monitoring tools fell short, unable to provide complete and granular-enough metrics in real time, even when we were only dealing with a handful of systems responsible for running every part of the application stack.
It’s that time again: the latest versions of D2iQ Konvoy and D2iQ Kommander have just been made generally available and the D2iQ Kubernetes Platform (DKP) has some powerful new features. As noted with our last update, DKP is the leading independent Kubernetes platform for enterprise grade production at scale and Konvoy and Kommander are the reason why. You can learn more about Konvoy here, Kommander here, and our general approach here.
Securing AWS Fargate serverless workloads can be tricky as AWS does not provide much detail about the internal workings. After all… it’s not your business, AWS manages the scaling of underlying resources for you. :) While the security and stability of Fargate’s system is an inherent feature, Fargate follows a shared responsibility model, where you still have to take care of securing those parts specific to your application..
Kubernetes is one of the current leading technologies. Its adoption has seen tremendous growth in the past few years. The concept of containers is a paradigm that appears to be the predominant medium of software development and deployment in the coming future. Containers help maintain consistency across various platforms, as they pack an application with its dependencies to help move it from one platform to another.
Argo CD has been skyrocketing in popularity with the CNCF China survey naming Argo as a top CI/CD tool for its power as a deployment automation tool. And it’s no wonder, GitOps is a faster, safer, and more scalable way to do continuous delivery. Most of our own users are embracing GitOps to manage infrastructure and applications at scale in gaming, finance, defense, media, and other industries.
We are happy to announce that the latest release of Calico Enterprise delivers unprecedented levels of Kubernetes observability! Calico Enterprise 3.5 provides full-stack observability across the entire Kubernetes environment, from application layer to networking layer. With this new release, developers, DevOps, SREs, and platform owners get: For more information, see our official press release.
Secret management is one of the most critical areas in deploying and running applications. Codefresh already had native support for native Kubernetes secrets or custom secrets on the Codefresh Runner, but more and more customers have asked us for native support for Hashicorp Vault. Today we are pleased to announce our native integration with Hashicorp vault as another secret provider for Codefresh pipelines.
