Our friends at Buoyant, creators of Linkerd, have just launched the public beta of Buoyant Cloud, the best way to run Linkerd in mission-critical environments. We're happy to announce that Civo users are eligible for $100 in free Buoyant Cloud credits. Read on to learn more!
Microsoft has discovered a new large-scale attack targeting Kubeflow instances to deploy malicious TensorFlow pods, using them to mine Monero cryptocurrency in Kubernetes cluster environments. Kubeflow is a popular open-source framework often used for running machine learning tasks in Kubernetes. TensorFlow, on the other hand, is an open-source machine learning platform used for implementing machine learning in a Kubernetes environment.
For this article we’ll dig into some of the options for Local Kubernetes Clusters if you are developing on a Mac. When doing microservices development, eventually you will want to start to test integrated services together. And there are several options available to run these tests: Tests were conducted on a 2019 MacBook Pro (Big Sur). I’m not embarrassed to say that I cut my teeth on minikube. This is the recommended path for onboarding into Kubernetes and has a ton of benefits.
I recently had the opportunity to read the book “No Rules Rules: Netflix and the Culture of Reinvention” by Reed Hastings and Erin Meyer of Netflix, and it dawned on me that while this book wasn’t at all focused on Netflix’s technology, the global company-wide culture had a significant impact on its technology choices. The book focuses on the many times Netflix had to reinvent itself and transform its business in order to revolutionize the entertainment industry.
We are pleased to introduce the newest version of Kublr. Kublr 1.21 delivers major improvements to product functionality, security, reliability, and customization capabilities available to end users, Kubernetes operators, and administrators.
Kubernetes is an open source container orchestration system for automating computer application deployment, scaling, and management, and seems to have established itself as the de facto standard in this area these days. The shift from monolithic applications to microservices brought by Kubernetes has enabled faster deployment, where dynamic environments become commonplace. But on the other hand, this has made monitoring applications and their underpinning infrastructure more complex.
London, UK, June 29, 2021 – Despite high adoption rates of cloud native technologies in recent years, enterprises have yet to cross the chasm to full adoption, but they’re quickly moving in that direction, according to initial results of a first-of-its kind survey released today by Canonical, the publishers of Ubuntu.
GitOps has been getting traction as a cloud-native approach to continuous deployment, leveraging Git for version control. If executed well, GitOps can bring benefits such as automation of your continuous deployment pipeline, lower downtimes, consistency of workflows, and more.
Enterprise applications rely on large amounts of data that needs to be distributed, processed, and stored. Data platforms offer data management services via a combination of open source and commercially supported software stacks. These services enable accelerated development and deployment of data-hungry business applications. Building a containerized data analytics platform comprising different software stacks comes with several deployment challenges.
In order to stay competitive, enterprise organizations are engaged in an ongoing drive to optimize and scale the delivery of their products and services. Data has become a critical solution component of achieving these goals.
The Prometheus Blackbox exporter allows endpoints exploration over several protocols, such as HTTP(S), DNS, TCP, and ICMP. This exporter generates multiple metrics on your configured targets, like general endpoint status, response time, redirect information, or certificate expiration dates. The Blackbox Exporter works out-of-the-box, as it just focuses on external visibility details. To get more detailed metrics, you can instrument your applications.
When we were moving an app to Kubernetes, we encountered a peculiar situation where other services running on Kubernetes started throwing a ThreadError from time to time, saying that a resource is unavailable. We started investigating, and it turned out that you want to know where your AppSignal error has occurred. A short reminder - Kubernetes works on two levels: So, you want to know which pod and which node ran a particular AppSignal transaction.
There was a big announcement this year at GrafanaCon 2021 that performance testing tool k6 is being aquired by Grafana Labs. It was really exciting news for folks who cheer for open source because these are two giant projects. At time of this writing, k6 has over 12K stars and Grafana with a respectable 42K stars on Github as well. In full transparency, I have used both of those repos many times over the years and am a fellow stargazer.
We are happy to share the v0.3.0 release of Rancher Desktop. This release brings more stability, some new features, and a fresh look to the UI. This screenshot shows the preferences screen while in dark mode on Mac. In the lower left corner the status when performing an action is now displayed. This status will tell you when Rancher Desktop needs to download something, such as a version of Kubernetes you have now used before, or when another step is happening.
We are pleased to announce the general availability of D2iQ Kaptain 1.1, the new version of our end-to-end platform for Machine Learning on Kubernetes. D2iQ Kaptain 1.1 builds on the Four Awesome Things from Kaptain 1.0.
By implementing these vulnerability assessment and vulnerability management best practices you will reduce the attack surface of your infrastructure. We’re human, and many things we build aren’t perfect. That’s why we take our cars for a periodic inspection, or why we have organizations certifying that products are safe to use. Software is no different.
Microsoft has begun working with the Docker team and community so Docker can be used for the following: If you would like to run an ASP.NET Core web app in a Docker container and learn how to create images, we will explain all the steps on how to do the following: A Docker container image is a standalone, lightweight package that can be executed and contains all the requirements you need to run an application, such as: code, runtime, libraries, and settings.
For those of us who need to get applications running in Kubernetes, having Kubernetes on the desktop is incredibly useful. When we want to focus on our applications, it’s especially useful when Kubernetes is easy to use. This is where Rancher Desktop comes in. Rancher Desktop provides easy-to-use Kubernetes and container management (something we’ll look at in a moment) for Mac and Windows. Having Kubernetes isn’t enough.
Welcome to another monthly update on what’s new from Sysdig! Happy Pride month! We hope you are celebrating safely, in whatever manner you choose. It’s been over 50 years since the Stonewall riots, but we continue to fight for equality and justice. Love is love, and we’re sending you all of ours! Thank you to Marsha P. Johnson, Brenda Howard, and countless others for fighting for the freedom that many of us today enjoy.
AWS CloudFormation provides an easy way to model and set up AWS resources to help you save time in deploying the stack you need to run your applications. Today, AWS announced the launch of AWS CloudFormation Public Registry. CloudFormation Public Registry is a searchable collection of extensions that allows you to easily discover, provision, and manage resource types and modules published and maintained by AWS Partner Network (APN) partners like Sysdig.
At Moogsoft we use Jenkins to implement our CICD Pipelines. We run Jenkins where we run most everything else; Kubernetes, but you don’t need to have Jenkins running on Kubernetes to use this plugin. This is made possible by the community maintained Kubernetes plugin. Recently we had the need to not only run agents local to the same cluster that Jenkins runs in, but in other clusters across different regions.
In our first post we went over setting up the Kubernetes Plugin. This described the basic setup of getting the plugin configured, and set with the proper perms to function. In this post we will go over how to leverage the plugin to generate agent pods. At Moogsoft most of our pipelines are scripted and are built inside of, or from parts of, Jenkins shared functions library we maintain.
Kubernetes workloads are highly dynamic, ephemeral, and are deployed on a distributed and agile infrastructure. Application developers, DevOps teams, and site reliability engineers (SREs) often require better visibility of their different microservices, what their dependencies are, how they are interconnected, and which other clients and applications access them. This makes Kubernetes observability challenges unique.
Thinking of migrating applications to cloud through a lift and shift approach? It could be a time to rethink your plan and take control of your migration journey, in a secure way. According to Markets and Markets, the global application modernization services market size is expected to grow from USD 11.4 billion in 2020 to USD 24.8 billion by 2025, at a Compound Annual Growth Rate (CAGR) of 16.8% during the forecast period. And the numbers are not stopping there!
In a previous post, we described how we envision cloud-native initiatives reaching the 2.0 phase, where phase 1 was centered around providing clusters and running its underlying infrastructure effectively. Now that teams are starting to move some of their existing services to a microservices architecture, developers and platform engineers are being tasked with implementing the right policies and governance controls to ensure applications are running as securely as possible.
It has been 6 months since our engineering team started to work on what we decided to call Qovery v2. But what makes this next release so cool? Here are the top 4 features that make this release so appealing.
Microsoft recently reported two widespread cryptomining attacks targeting Kubeflow, a popular cloud-native platform for machine learning (ML) workloads on Kubernetes. Attackers targeted Kubeflow installations using either the Kubeflow central dashboard interface or Kubeflow Pipelines interface for scheduling crypto-mining workloads.
Three months ago, we launched VMWare Tanzu RabbitMQ for Kubernetes to automate high-performance messaging on demand with our cluster Operator.* Since then, customers have approached us with higher-level needs that inspired us to extend and improve Tanzu RabbitMQ. In other words, you’ve spoken, and we’ve listened. And so now, in version 1.1, we go well beyond automating cluster operations to orchestrating complex topologies, adding alerts, and previewing active-passive replication.
From zero to hero - here is a short video to show how to deploy an app from scratch on AWS with Qovery v2 - this video is linked to https://www.qovery.com/blog/one-week-before-the-launch-of-qovery-v2-beta-whats-new
We’re happy to debut our new website, highlighting our newest features! We’ve been busy updating our product UI and decided to showcase some of the work on the site. All of our case studies, whitepapers, and datasheets are now in the Resources page. We’ve also been featured on a variety of news sites, podcasts and blogs. We linked all of them in the “Speedscale in the Media” section.
In order to run Kubernetes in production, you need more than just the base Kubernetes, but a variety of other necessary add-on services, such as monitoring, security, disaster recovery, and more. However, navigating the cloud-native ecosystem is complex and rapidly changing, making it difficult to build a robust production platform required to run mission critical business services.
Run your HAProxy Kubernetes Ingress Controller in External mode to reduce network hops and latency. Traditionally, you would run the HAProxy Kubernetes Ingress Controller as a pod inside your Kubernetes cluster. As a pod, it has access to other pods because they share the same pod-level network. That allows it to route and load balance traffic to applications running inside pods, but the challenge is how to connect traffic from outside the cluster to the ingress controller in the first place.
The Azure container registry is Microsoft’s own hosting platform for Docker images. It is a private registry where you can store and manage private docker container images and other related artifacts. These images can then be pulled and run locally or used for container-based deployments to hosting platforms. In this tutorial, you will learn how to create a custom docker image and continuously deploy it to an Azure container registry.
At this point, it’s fair to say that containers and Kubernetes changed the dynamics of infrastructure and platforms. It’s no secret that even though managing Kubernetes clusters is still somewhat complex, in the early days, it was even harder, which is when we saw solutions such as Rancher come up to help us address those challenges. You will inevitably run into cluster-related challenges when adopting Kubernetes.
When did our infrastructure get so complicated? For many of my clients, the number of resources their applications are built on seems to have snowballed overnight. It was, of course, a gradual progression, and usually a conscious one, but complexity can feel like it grows geometrically with each new resource element. And that complexity can create problems.
Enterprise adoption of containers has surged. According to the 2020 CNCF survey, the number of organizations running in excess of 5,000 containers in production has more than doubled, to 23 percent from 11 percent in 2016. But in a world of rapidly scaling container usage, the container build systems that were designed to work well for individual developers tend to break down.
Let’s see how the Qovery billing is working as we are about launching the v2 in less than two weeks. Since we launched Qovery in January 2020, our product was free of charge for our “community” and “business” plans - even if on the pricing page it was mentioned the opposite. Making Qovery free was the perfect way to get product feedback and iterate with our users without the cost constraint.
Speedscale is one of the finalists of the 2021 Atlanta Business Chronicle’s Fire Award! This award is Atlanta Inno’s premier recognition program, honoring the companies and organizations setting the local Atlanta innovation economy ablaze. Fire Awards, presented by Atlanta Inno in partnership with the Atlanta Business Chronicle, is a celebration of the early-stage businesses, enterprises and innovators who are doing special work to set Atlanta ablaze.
If you are trying to learn your way around Continuous Integration/Delivery/Deployment, you might notice that there are mostly two categories of resources: We believe that there is a gap between those two extremes. We are missing a proper guide that sits between those two categories by talking about best practices, but not in an abstract way.
This is the second part in our “Enterprise CI/CD best practices” series. See also part 1 for for the previous part and part 3 for the next part. You can also download all 3 parts in a PDF ebook.
This is the third and last part in our “Enterprise CI/CD best practices” series. See also part 1 and part 2 for the previous best practices. You can also download all 3 parts in a PDF ebook.
Containerization has evolved from the early days of Linux control groups to out-of-the-box solutions offered by cloud providers. Market analysts expect a rise to more than 70% of global organizations using one or more containers by 2023, a huge uptick from less than 20% of them running containers for their applications in 2019.
Kubernetes resource limits are always a tricky setting to tweak, since you have to find the sweet spot between having the limits too tight or too loose. In this article, which is a continuation of the Kubernetes capacity planning series, you’ll learn how to set the right Kubernetes resource limits: from detecting the containers without any limit, to finding the right Kubernetes resource limits you should set in your cluster.
Since it first appeared in June 2014, Kubernetes has become something of a household name, at least in houses developers live in. The open source container orchestration platform makes challenges like load balancing, secret management, and portability a cinch and makes it easy to orchestrate large, highly scalable and distributed systems.
Calico is the industry standard for Kubernetes networking and security. It offers a proven platform for your workloads across a huge range of environments, including cloud, hybrid, and on-premises. Given this incredibly wide support, why did we decide to create a course specifically about AWS?
Elastic Cloud on Kubernetes (ECK) is an easy way to get the Elastic Stack up and running on top of Kubernetes. That’s because ECK automates the deployment, provisioning, management, and setup of Elasticsearch, Kibana, Beats, and more. As logging and metric data — or time series data — has a predictable lifespan, you can use hot, warm, and cold architecture to easily manage your data over time as it ages and becomes less relevant.
Last year, VMware Tanzu Mission Control introduced data protection capabilities to help enterprises safely and confidently run critical workloads on Kubernetes. With this unique feature, enterprises can centrally manage data protection on their clusters across multiple environments, easily backing up and restoring their Kubernetes clusters and namespaces.
Yesterday, my morning started much like most Tuesday mornings do for me... my kids (6 and 4) were up way too early again at around 6am! Both were demanding I play with them before they head to school. I did my usual and said "give me five minutes" as I tried to wake up after another night of going to sleep after midnight... one day I should really learn to go to bed earlier, now that I have kids! But this morning was different. I started to wake from my dazed state and reached for my phone.
We recently released the automated Falco rule tuning feature in Sysdig Secure. Out-of-the-box security rules are a double-edged sword. On one side, they allow you to get started right away. On the other, it can take many working hours to learn the technology, configuration, and syntax to be able to customize the rules to fit your applications. Falco’s default security rules are no different.
In a recent post by ZDI, researchers found an out-of-bounds access flaw (CVE-2021-31440) in the Linux kernel’s (5.11.15) implementation of the eBPF code verifier: an incorrect register bounds calculation occurs while checking unsigned 32-bit instructions in an eBPF program. The flaw can be leveraged to escalate privileges and execute arbitrary code in the context of the kernel.
Kubernetes just turned 7 years old, and over the last couple of years, it has risen in popularity to be the key platform for microservices management consistently. The ecosystem around it is also growing rapidly.
Nowadays APIs are the de facto method of communication between services. With all the connections points, setting up environments to efficiently build and test can be difficult. Also, in lower environments, 3rd party APIs can be unreliable, incorrect or non-existent.
The way we architect and build applications has changed over the last decade or so. Where monoliths (or single, large codebases) used to be the standard, modern applications are now built using a combination of new architecture patterns, operational models, and software delivery services.
In a relatively short amount of time, Kubernetes has evolved from an internal container orchestration tool at Google to the most important cloud-native technology across the world. Its rise in popularity has made Kubernetes the preferred way to build new software experiences and modernize existing applications at scale and across clouds. With Kubernetes, companies can host workloads running on a single cloud, as well as workloads across multiple clouds.
Docker containers have revolutionized the cloud industry. While Docker containers already present remarkable benefits and plus-points over other virtualization methods, there are significant performance gains that developers can further squeeze out of Docker to get the most out of the technology. This guide will cover different methods of optimizing Docker performance and answer some frequently asked questions about the technology.
For the last several years, GitLab has run a major survey about the trends facing the DevSecOps community. This year over 4,000 people responded to the survey, 40% who identified as a Software Developer / Software Engineer. Also about half the survey participants are based in Asia, a major region for Software Developers. One of the biggest trends you will find throughout the survey is how much developers value speed and efficiency.
In a previous post, we discussed the rise of the developer platform and how developer productivity is one of the main reasons why many organizations are either looking for or building an internal developer platform (IDP). According to a recent global survey done by Stripe, on a scale of 0 – 100%, developers responded that only 68.4% of their time is productive, which means that developers could be nearly 50% more productive than today: (100% — 68.4%) / 68.4% = 46%
