Operations | Monitoring | ITSM | DevOps | Cloud

A recent CNCF-sponsored Kubernetes security audit uncovered CVE-2019-11246, a high-severity vulnerability affecting the command-line kubectl tool. If exploited, it could lead to a directory traversal, allowing a malicious container to replace or create files on a user’s workstation. This vulnerability stemmed from an incomplete fix of a previously disclosed vulnerability (CVE-2019-1002101). Are you vulnerable?

We are very excited to announce Calico v3.8. Here are some highlights from the release. You can now view IP address usage for each IP pool using calicoctl. This allows you to more easily manage the IP space in your cluster, providing a simple way to see which IP pools have addresses available and which are running low. See the calicoctl reference documentation for more detailed information on how to use this feature.

Kubernetes is the de facto industry standard for container management and orchestration. Not surprisingly, it has also become common to use Kubernetes in tandem with compatible Continuous Integration (CI) and Continuous Deployment (CD) tools. As a container orchestrator, Kubernetes expects deployments to spin up software throughout a cluster. Those deployments are created using files or command lines that can be generated manually or using properly configured CI/CD software.

Cycle aims to give you maximum flexibility with how you architect your application. By marking a container as ‘stateful’, you’re declaring that the container and its instances should be treated more like pets than cattle, but more on that analogy below. The need to maintain state should never be a deciding factor when considering whether or not to containerize as containers are simply portable code packages.

In a Kubernetes cluster, the machines are divided into two main groups: worker nodes and master nodes. Worker nodes run your pods and the applications within them, whereas the master node runs the Kubernetes Control Plane, which is responsible for the management of the worker nodes. The Control Plane makes scheduling decisions, monitors the cluster, and implements changes to get the cluster to a desired state.

This article originated from http://leebriggs.co.uk///blog/2018/11/07/kr8-kubernetes-config-mgmt.html Previous visitors to this blog will remember I wrote about configuration mgmt for Kubernetes clusters, and how the space was lacking. For those not familiar, the problem statement is this: it’s really hard to maintain and manage configuration for components of multiple Kubernetes clusters.

Logging your Kubernetes clusters to LogDNA is already a breeze, and now the LogDNA Kubernetes agent Helm chart makes it even easier. Helm is the official package manager for Kubernetes. With Helm, deploying and managing Kubernetes applications is as simple as typing a single command. This makes deploying the LogDNA agent across your cluster absolutely effortless.

At this point in our series, you’re likely quite familiar with the many opportunities and challenges that Kubernetes presents (especially when it comes to monitoring!). The last couple of posts take at a look at Prometheus for monitoring Kubernetes, with a side-by-side comparison with Sensu, and illustrate how they work in tandem.