The CVE-2021-33909, named Sequoia, is a new privilege escalation vulnerability that affects Linux’s file system. It was disclosed in July, 2021, and it was introduced in 2014 on many Linux distros; among which we have Ubuntu (20.04, 20.10 and 21.04), Debian 11, Fedora 34 Workstation and some Red Hat products, too. This vulnerability is caused by an out-of-bounds write found in the Linux kernel’s seq_file in the Filesystem layer.
Kubeflow is the open-source machine learning toolkit on top of Kubernetes. Kubeflow translates steps in your data science workflow into Kubernetes jobs, providing the cloud-native interface for your ML libraries, frameworks, pipelines and notebooks. Read more about Kubeflow
Today, the Kubernetes community made the 1.22 release candidate available, a few weeks ahead of general availability, planned for August the 4th. We invite developers, platform engineers and cloud tech enthusiasts to experiment with the new features, report back findings and bugs. MicroK8s is the easiest way to get up and running with the latest version of K8s for testing and experimentation.
Sometimes the best way to understand something is to take it apart and see how it works. This blog post will help you take the lid off your Calico eBPF data plane based Kubernetes cluster and see how the forwarding is actually happening. The bonus is, unlike home repairs, you don’t even have to try to figure out how to put it back together again! The target audience for this post is users who are already running a cluster with the eBPF data plane, either as a proof-of-concept or in production.
Current observability practice is largely based on manual instrumentation, which requires adding code in relevant points in the user’s business logic code to generate telemetry data. This can become quite burdensome and create a barrier to entry for many wishing to implement observability in their environment. This is especially true in Kubernetes environments and microservices architecture.
One of the core values of Canonical, that we all identify with, is the mission of bringing the power of open source to everyone on the planet. From developing to developed countries. From individuals to big enterprises. From engineers to CEOs. And there is only one way to find out if we are efficient in what we do. This is community feedback. It is no different this time.
Canonical livepatch is the service and the software that enables organizations to quickly patch vulnerabilities on the Ubuntu Linux kernels. Livepatch provides uninterrupted service while reducing fire drills during high and critical severity kernel vulnerabilities. It is a complex technology and the details can be confusing, so in this post we provide a high level introduction to Ubuntu Linux kernel livepatching and the processes around it.