The latest News and Information on Containers, Kubernetes, Docker and related technologies.
When organizations think about the relationship between Kubernetes and cloud costs, they often focus on Kubernetes’ auto-scaling capabilities and what this means for optimizing compute resources. Kubernetes does allow organizations to provision compute resources more thinly, because the platform allows them to scale up automatically if there’s a demand spike in the middle of the night.
Kubernetes has become the de-facto industry standard for container orchestration. It provides the required abstraction for efficiently managing large-scale containerized applications with declarative configurations, an easy deployment mechanism, and both scaling and self-healing capabilities.
Azure Kubernetes Service, Microsoft's managed Kubernetes solution, allows you to quickly create a Kubernetes cluster in Microsoft Azure and provides features to help you manage and maintain your Kubernetes cluster in Azure. In this blog post we will go over some of the features of AKS and then walk through creating an AKS cluster.
The old security model, which followed the “trust but verify” method, is broken. That model granted excessive implicit trust that attackers abused, putting the organization at risk from malicious internal actors and allowing unauthorized outsiders wide-reaching access once inside. The new model, Zero Trust networking, presents an approach where the default posture is to deny access.
“Kubernetes vs. Docker” is a phrase that you hear more and more these days as Kubernetes becomes ever more popular as a container orchestration solution. However, “Kubernetes vs. Docker” is also a somewhat misleading phrase. When you break it down, these words don’t mean what many people intend them to mean, because Docker and Kubernetes aren’t direct competitors.
Kubernetes provides the freedom to rapidly build and ship applications while dramatically minimizing deployment and service update cycles. However, the velocity of application deployment requires a new approach that involves integrating tools as early as possible in the deployment pipeline and inspecting the code and configuration against Kubernetes security best practices. Kubernetes has many security knobs that address various aspects required to harden the cluster and applications running inside.
The “as a service” business model continues to grow rapidly, largely thanks to the rise of cloud computing. “As a service” offerings deliver IT products and technologies such as software, hardware, and data storage to consumers via the Internet, rather than having to install or manage them themselves. Serverless and containers are two such “as a service” technologies that have seen increasing adoption in recent years.
Compromising a pod in a Kubernetes cluster can have disastrous consequences on resources in an AWS Elastic Kubernetes Service (EKS) account if access to the Instance Metadata service is not explicitly blocked. The Instance Metadata service is an AWS API listening on a link-local IP address. Only accessible from EC2 instances, it enables the retrieval of metadata that is used to configure or manage an instance.
