With Kubernetes emerging as a strong choice for container orchestration for many organizations, monitoring in Kubernetes environments is essential to application performance. Poor application/infrastructure performance impact in the era of cloud computing, as-a-service delivery models is more significant than ever. How many of us today have more than two rideshare apps or more than three food delivery apps?

This release brings 56 enhancements, an increase from 50 in Kubernetes 1.21 and 43 in Kubernetes 1.20. Of those 56 enhancements, 13 are graduating to Stable, a whopping 24 are existing features that keep improving, and 16 are completely new. It’s great to see so many new features focusing on security, like the replacement for the Pod Security Policies, a rootless mode, and enabling Seccomp by default. Also, watch out for all the deprecations and removals in this version!

Recently, we released our new “Calico Certified Operator: AWS Expert” course. You can read more about why we created this course and how it can benefit your organization in the introductory blog post. This blog post is different; it’s an opportunity for you, the potential learner, to get a glimpse of just a few interesting parts of the course. You won’t learn all the answers here, but you’ll learn some of the questions!

Edge computing is gaining huge momentum lately, and with the onset of 5G, the opportunities are endless. Moreover, it ensures or brings computation and data storage closer to where the data is generated, further enables better control, reduces costs, provides faster and actionable insights, and supports continuous operations. In fact, by 2025, 75% of enterprise data will be processed at the edge, compared to only 10% today, as predicted by Gartner.

This week in the Civo DevOps bootcamp, we covered what is DevOps & why it matters. There are no prerequisites for this bootcamp. The only thing we require is your passion to learn and explore. This session was undertaken by mentors highly experienced in their respective fields. Read on to learn more about it!

In any case, by using the MITRE ATT&CK framework to model and implement your cloud IaaS security, you will have a head start on any compliance standard since it guides your cybersecurity and risk teams to follow the best security practices. As it does for all platforms and environments, MITRE came up with an IaaS Matrix to map the specific Tactics, Techniques, and Procedures (TTPs) that advanced threat actors could possibly use in their attacks on Cloud environments.

The CVE-2021-33909, named Sequoia, is a new privilege escalation vulnerability that affects Linux’s file system. It was disclosed in July, 2021, and it was introduced in 2014 on many Linux distros; among which we have Ubuntu (20.04, 20.10 and 21.04), Debian 11, Fedora 34 Workstation and some Red Hat products, too. This vulnerability is caused by an out-of-bounds write found in the Linux kernel’s seq_file in the Filesystem layer.

In my previous blog post, I demonstrated how to use Prometheus and Fluentd with the Elastic Stack to monitor Kubernetes. That’s a good option if you’re already using those open source-based monitoring tools in your organization. But, if you’re new to Kubernetes monitoring, or want to take full advantage of Elastic Observability, there is an easier and more comprehensive way. In this blog, we will explore how to monitor Kubernetes the Elastic way: using Filebeat and Metricbeat.

Kubeflow is the open-source machine learning toolkit on top of Kubernetes. Kubeflow translates steps in your data science workflow into Kubernetes jobs, providing the cloud-native interface for your ML libraries, frameworks, pipelines and notebooks. Read more about Kubeflow

Welcome to another monthly update on what’s new from Sysdig! Happy 4th of July to our American audience, and bonne Bastille to our French friends. It’s been heating up in the northern hemisphere, so we hope you’ve all been managing to stay cool and safe. Our team continues to work hard to bring great new features to all of our customers, automatically and for free! The big news this month is our intent to acquire Apolicy, which has everyone full of excitement.

The challenges involved in deploying and managing microservices have led to the creation of the service mesh, a tool for adding observability, security, and traffic management capabilities at the application layer. While a service mesh is intended to help developers and SREs with a number of use cases related to service-to-service communication within Kubernetes clusters, a service mesh also adds operational complexity and introduces an additional control plane for security teams to manage.

Building successful machine learning (ML) production systems requires a specialized re-interpretation of the traditional DevOps culture and methodologies. MLOps, short for machine learning operations, is a relatively new engineering discipline and a set of practices meant to improve the collaboration and communication between the various roles and teams that together manage the end-to-end lifecycle of machine learning projects.

Dual ToR (top of rack) peering provides a redundant path for customers with cluster applications that cannot tolerate service downtime or failure and require a high-availability solution. While Calico ToR connectivity has existed for some time, Calico Enterprise now supports connectivity with dual ToR switches.

Back in March, during our Cloud Transformation event, we released the public beta of Cloud Native Runtimes for VMware Tanzu, which is based on Knative serving and eventing technology. Today, we have a couple of new, exciting announcements to make about Cloud Native Runtimes.

As we start to see big moves from monolith deployments to microservices, the adoption of Kubernetes has become top of mind for many SREs. Organizations can leverage the open-source system to automate deployments, scale, and manage containers, making Kubernetes one of the primary solutions for delivering workloads. However, maintaining the system can be difficult and, in some cases, overwhelming.

Today, the Kubernetes community made the 1.22 release candidate available, a few weeks ahead of general availability, planned for August the 4th. We invite developers, platform engineers and cloud tech enthusiasts to experiment with the new features, report back findings and bugs. MicroK8s is the easiest way to get up and running with the latest version of K8s for testing and experimentation.

Today, we announced that Sysdig is acquiring Apolicy to enable our customers to secure their infrastructure as code. I could not be more excited because the innovation that Apolicy brings to bear is unique and highly differentiated, allowing customers to strengthen their Kubernetes and cloud security and compliance by leveraging policy as code and automated remediation workflows that close the gap from source to production.

Mattermost’s Kubernetes Operator spins up and manages Mattermost instances running on Kubernetes based on a ClusterInstallation Custom Resource (CR). Mattermost Operator 1.0 has evolved a lot since its release, along with the ClusterInstallation CR in the v1alpha version. As time went by — as with any software — the Operator gained more features, configuration options, functionalities, and technical debt.

Troubleshooting is the understanding of changes within the system and their impact on its health, behavior, and functionality. However, as dev environments grow exponentially more complex, the definition of “the system” itself also constantly expands. To keep pace, we constantly work to evolve Komodor’s platform and enrich it with new capabilities and integrational options.

Kubernetes allowed us to manage application deployments and infrastructure components using declarative configuration files (yes, those YAMLs that you may not be a fan of ). While dealing with a myriad of YAML files may be loved by some and hated by others, it enables us to host all these files into a Git repository, hook it up to a pipeline (Jenkins, GitLab, etc.), and have a tool apply those changes to a cluster—and voilà, you have GitOps.

Welcome to the Civo update for July 2021. In this edition we unveil some of the data from our Kubernetes in 2021 developer survey, a sneak peek at GitHub Copilot, and a case study on how Civo and StorageOS combine to provide cloud native storage for our Kubernetes platform.

When we launched Qovery in January 2020, our product was only supporting app deployment on Amazon Web Services (AWS). 20 months later, 5534 developers from more than 120 countries use Qovery to deploy their apps on AWS and Digital Ocean. Today, more and more European companies would love to benefits from the excellent user experience of Qovery on a European cloud service provider 🇪🇺.

We’re constantly told to “Shift Left” and that Secure DevOps is the only way to have confidence in your cloud native applications. But speaking to end-users and industry colleagues, it’s clear that there are some major challenges in adopting Secure DevOps. If we read our history books, we know that DevOps wasn’t successfully adopted by buying tools, and a true cultural movement towards DevOps wasn’t established by having a small dedicated team of DevOps specialists.

Every developer knows there are some utilities that are completely indispensable from their workflows. The programmer’s toolbelt, if you will. These toolbelts are usually different from person to person, but if there is one tool that everyone should use or at least know how to use, it is tcpdump. If you are unfamiliar, tcpdump is a tool that allows you to dump and inspect live network traffic being observed on a network interface.

Sometimes the best way to understand something is to take it apart and see how it works. This blog post will help you take the lid off your Calico eBPF data plane based Kubernetes cluster and see how the forwarding is actually happening. The bonus is, unlike home repairs, you don’t even have to try to figure out how to put it back together again! The target audience for this post is users who are already running a cluster with the eBPF data plane, either as a proof-of-concept or in production.

Current observability practice is largely based on manual instrumentation, which requires adding code in relevant points in the user’s business logic code to generate telemetry data. This can become quite burdensome and create a barrier to entry for many wishing to implement observability in their environment. This is especially true in Kubernetes environments and microservices architecture.

The evolution of Spot’s products has always been tightly aligned with our customers. Over the years, we’ve added integrations across the cloud stack, and developed new features that bring even more efficiency, automation and optimization to cloud infrastructure operations.

In this blog post, I will be looking at 10 best practices for Kubernetes security policy design. Application modernization is a strategic initiative that changes the way enterprises are doing business. The journey requires a significant investment in people, processes, and technology in order to achieve the desired business outcomes of accelerating the pace of innovation, optimizing cost, and improving an enterprise’s overall security posture.

Ever since Google made Kubernetes open-source in 2014, it has enjoyed incredible growth, helping businesses of all sizes to successfully manage their containers and ultimately make the most of all that our cloud native world has to offer. Individual users certainly initially led the charge with Kubernetes, identifying issues, and generally exploring the best ways to intelligently test, manage, and deploy workloads.

A couple of days ago, I was pleasantly surprised to suddenly see a tweet come in from Viktor Farcic. Viktor now works at upbound.io who developed Crossplane, and he also runs his own popular YouTube channel and co-hosts DevOps Paradox podcast. He’s well respected in the cloud native community. When I saw the tweet and noticed that Viktor had recorded a review of Civo on YouTube, I was just hoping he was kind to us...and I am pleased to say he was!

As organizations look to adopt Kubernetes, they are being confronted with a growing number of Kubernetes distributions, services, and products to choose from. Navigating the Kubernetes landscape can be incredibly challenging, especially because there is no “one size fits all” solution. To help streamline the process, we compare Red Hat OpenShift and D2iQ Kubernetes Platform (DKP) across the top production-grade capabilities to consider while evaluating an enterprise Kubernetes solution.

It’s no secret that the software development community is starting to embrace GitOps. With the complexity of engineering modern software today, it is becoming a necessity for many companies to reassess their software development and delivery practices. When Codefresh first released GitOps 2.0 late last year, we had already planned to make it a core pillar of our platform.

I am super excited to announce that we released the support of Environment Variables and Secrets. Watch the video to see those features in action. Environment Variables and Secrets are similar. The main difference is that the Secrets are encrypted and the value can’t be revealed. Both are injected at the build and runtime of your applications. Give it a try now! Resources: I am eager to have your feedback. Put a comment here. ‍

The growing adoption of microservices and Kubernetes gave rise to the need to efficiently manage, schedule, and control Kubernetes clusters, where tools like Terraform are helping many organizations address those challenges today. Terraform is a popular choice among DevOps and Platform Engineering teams as engineers can use the tool to quickly spin up and edit environments directly from their CI/CD pipelines.

In our big series of Kubernetes anti-patterns, we briefly explained that static test environments are no longer needed if you are using Kubernetes. They are expensive, hard to maintain, and hard to clean up. Instead, we suggested the adoption of temporary environments that are created on demand when a pull request is opened. In this article, we will see the practical explanations on how to achieve unlimited temporary environments using Kubernetes namespaces.

ASP.NET Core is an open source web development framework that enables you to develop .NET applications on macOS, Linux, and Windows machines. The introduction of .NET Core in 2016 dramatically increased the number of ways to build and deploy .NET applications. This means that you need the ability to easily monitor application performance across a wide variety of platforms, such as Docker containers.

Adoption of service meshes like Istio is increasing. As a result, Speedscale has developed a webassembly plugin. We extended Envoy using Rust, and no changes are required to your Istio configuration. This allows us to leverage the same sidecars that you have deployed throughout your environment to inspect API traffic. Once we are listening through Istio, the typical Speedscale magic can take place. We can use the data to build integration/performance test suites and autogenerate service mocks.

As our enterprise customers build out large, multi-cluster Kubernetes environments, they are encountering an entirely new set of complex security, observability, and networking challenges, requiring solutions that operate at scale and can be deployed both on-premises and across multiple clouds. New features in our latest release add to the already formidable capabilities of Calico Enterprise.

In a relatively short amount of time, Kubernetes has evolved from an internal container orchestration tool at Google to the most important cloud-native technology across the world. Its rise in popularity has made Kubernetes the preferred way to build new software experiences and modernize existing applications at scale and across clouds.

In a previous post, we discussed what an Internal Developer Platform (IDP) is and some drivers behind IDP initiatives. If we go through our interactions with different organizations, we see teams embarking on the journey to build their IDPs mainly driven by the following requirements: While building an IDP may seem like an obvious choice and initiative, it is definitely not an easy task to accomplish. Building an IDP involves dealing with many moving components.

As more enterprises shift towards cloud-native, containers are proving their worth in providing developers with a flexible way to quickly get applications up and running in the cloud. Kubernetes is an integral part of this journey, offering an industry leading container orchestration platform to automate the deployment, scaling and management of containers.

A service mesh is a software infrastructure layer for controlling communication between services and usually tasked with handling all the network logic required to make microservice applications work seamlessly in a cloud-native environment. It’s the perfect solution to your communications problems.

Though it has been around for some years now, Docker is still one of the most flexible, efficient, and nimble technologies for rapidly building environments to host software of all kinds—especially web-based applications.

If you’re not already familiar with it, Grafana Cloud is the easiest way to get started observing metrics (Prometheus and Graphite), logs (Grafana Loki), traces (Grafana Tempo), and dashboards. Here are the latest features you should know about!

Calico was designed from the ground up with a pluggable data plane architecture. The Enterprise 3.6 release introduces an exciting new eBPF (extended Berkeley Packet Filter) data plane that provides multiple benefits to users.

Kubernetes is a central part of modern IT infrastructure. Like any critical system, it is becoming a valuable target for attackers. In order to identify and respond to security threats, teams need metrics that indicate anomalous activity and can indicate a direction for investigation.

AWS is undoubtedly one of the best Cloud service providers to run serious business out there. Reliable and cost-effective. No doubt here. But something utterly wrong with AWS is the experience on their web management console. It is so bad that thousands of developers come using Qovery every month with the only promise of - a better developer experience on top of AWS. Here are the 7 reasons why Qovery is an excellent choice for SaaS startups.

Finally, after 7 months of hard work - the Qovery team is proud to announce that the Qovery v2 beta is out and available for everyone. Take a look at our Community Call to get a complete overview of this new release. Here are the slides used during the Community Call.

Chances are if you’re a developer or part of a DevOps team you’ve had a polarizing conversation or two about containers versus serverless. In this post we recap a debate hosted by NetApp on this topic. Arguing for containers is Kevin McGrath, Chief Technology Officer, Spot by NetApp. On the side of serverless is Forrest Brazeal, Director of Content and Community at A Cloud Guru. In this post we will cover the key arguments on both sides. YouTube An error occurred.