Language Selection

English French German Italian Portuguese Spanish

Kubernetes News

Filed under
Server
OSS
  • Kubernetes Graduates CNCF Incubator, Debuts New Sandbox

    Though the Kubernetes container orchestration system has been widely deployed at scale in production around the world, it wasn't until March 6 that the project graduated from the Cloud Native Computing Foundation's (CNCF) incubator.

    The CNCF's process brings projects in as incubated projects and then aims to move them through to graduation, which implies a level of process and technology maturity. Kubernetes was the founding project for the CNCF, which was launched back in July 2015.

    Google contributed Kubernetes to the CNCF in an effort to help build a more diverse community of contributors and to spur adoption.

  • Kubernetes Ingress: NodePort, Load Balancers, and Ingress Controllers

    A fundamental requirement for cloud applications is some way to expose that application to your end users. This article will introduce the three general strategies in Kubernetes for exposing your application to your end users, and cover the various tradeoffs of each approach. I’ll then explore some of the more sophisticated requirements of an ingress strategy. Finally, I’ll give some guidelines on how to pick your Kubernetes ingress strategy.

  • Aqua Expands Container Security Platform With MicroEnforcer

    Aqua Security launched version 3.0 of its namesake container security platform on March 7, refocusing the product on providing Kubernetes cloud-native enterprise security controls.

    Aqua originally focused on just Docker container deployments, but with the new 3.0 update it is providing a series of capabilities that are aligned with Kubernetes deployments. Kubernetes provides container orchestration capabilities and has also been embraced by Docker Inc., which now also integrates Kubernetes as an option for its users.

    Looking beyond just Kubernetes, Aqua 3.0 also has a new capability called the MicroEnforcer, which is aimed at emerging forms of lightweight container deployments, such as the AWS Fargate service.

  • You got your VM in my container

    Containers and Kubernetes have been widely promoted as "disruptive" technologies that will replace everything that preceded them, most notably virtual machine (VM) management platforms such as vSphere and OpenStack. Instead, as with most platform innovations, Kubernetes is more often used to add a layer to (or complement) VMs. In this article, and in a presentation at SCALE16x, we'll be exploring two relatively new projects that aim to assist users in combining Kubernetes with virtualization: KubeVirt and Kata Containers.

    Most organizations still have large existing investments in applications that run on virtualized hosts, infrastructure that runs them, and tools to manage them. We can envision this being true for a long time to come, just as remnants of previous generations of technology remain in place now. Additionally, VM technology still offers a level of isolation that container-enablement features, like user namespaces, have yet to meet. However, those same organizations want the ease-of-use, scalability, and developer appeal of Kubernetes, as well as a way to gradually transition from virtualized workloads to containerized ones.

More in Tux Machines

GSConnect v13 Alpha Includes Do Not Disturb Feature, Experimental Bluetooth And SMS/Contacts Sync

The v13 alpha release is a rewrite with changes to the architecture, settings and default behavior, and it includes new features like Do Not Disturb, experimental Bluetooth and SMS/Contacts sync, and more. GSConnect is a Gnome Shell implementation of KDE Connect, which integrates Android devices with the Gnome desktop. Using it you can mirror notifications from your phone to your desktop (and the other way around), control a desktop music player from your phone, browse your phone wirelessly from your desktop, synchronize the clipboard between Android devices and your desktop, and much more. GSConnect v13 alpha requires Gnome Shell version 3.28 or newer, and one of the most interesting changes for users is probably the new Do Not Disturb button which lets users silence mobile device notifications: Read more

Introducing Red Hat Quay

Embracing container orchestration has many implications for an enterprises’ technology stack. An image registry becomes a critical component of the deployment pipeline. Red Hat Quay is a mature enterprise-centric container image registry which has a rich history of meeting the needs of cloud native technologists. When Red Hat acquired CoreOS earlier this year, we were looking to amplify our leadership in enterprise container-based solutions. CoreOS at the time had two primary products, Tectonic and Quay. Quay was added directly into Red Hat’s portfolio of products and renamed Red Hat Quay. Read more Also: FPgM report: 2018–38

Security: Windows/NSA Back Doors and Exploits (EternalBlue), Rust Flaw, Roughtime, DDOS Hype and "The Lucy Gang"

  • Leaked NSA Exploits Shifting From Ransomware To Cryptocurrency Mining
    This report, from Zack Whittaker at TechCrunch, says there's really no endpoint in sight for the unintended consequences of exploit hoarding. But at this point, it's really no longer the NSA or Microsoft to blame for the continued rampage. Stats from Shodan show more than 300,000 unpatched machines in the United States alone. EternalBlue-based malware still runs rampant, but the focus has shifted from ransom to cryptocurrency. An unnamed company recently watched the NSA's exploit turn its computers into CPU ATMs. [...] There will never be a full accounting of the damage done. Yes, the NSA never thought its secret stash would go public, but that doesn't excuse its informal policy of never disclosing massive vulnerabilities until it's able to wring every last piece of intel from their deployment. And there's a chance this will happen again in the future if the agency isn't more proactive on the disclosure front. It was foolhardy to believe its tools would remain secret indefinitely. It's especially insane to believe this now.
  • The Rust Programming Language Blog: Security advisory for the standard library
    The Rust team was recently notified of a security vulnerability affecting the standard library’s str::repeat function. When passed a large number this function has an integer overflow which can lead to an out of bounds write. If you are not using str::repeat, you are not affected. We’re in the process of applying for a CVE number for this vulnerability. Fixes for this issue have landed in the Rust repository for the stable/beta/master branches. Nightlies and betas with the fix will be produced tonight, and 1.29.1 will be released on 2018-09-25 with the fix for stable Rust.
  • Cloudflare Secures Time With Roughtime Protocol Service
    If time is money, then how important is it to secure the integrity of time itself? Time across many computing devices is often synchronized via the Network Time Protocol (NTP), which isn't a secure approach, but there is another option. On Sept. 21, Cloudflare announced that it is deploying a new authenticated time service called Roughtime, in an effort to secure certain timekeeping efforts. The publicly available service is based on an open-source project of the same name that was started by Google. "NTP is the dominant protocol used for time synchronisation and, although recent versions provide for the possibility of authentication, in practice that‘s not used," Google's project page for Roughtime states. " Most computers will trust an unauthenticated NTP reply to set the system clock meaning that a MITM [man-in-the-middle] attacker can control a victim’s clock and, probably, violate the security properties of some of the protocols listed above."
  • DDoS Vulnerability Can Disrupt The Whole Bitcoin Infrastructure [Ed: Latest FUD about Bitcoin. A DDOS attack can disrupt anything at sufficient capacity levels, including Wall Street and ANY financial market.]
  • Crippling DDoS vulnerability put the entire Bitcoin market at risk
  • This Russian botnet mimics your click to prevent Android device factory resets
    According to researchers from Check Point, the botnet has been developed by a group of Russian-speaking hackers known as "The Lucy Gang," and demos have already been provided to potential subscribers to the system looking for Malware-as-a-Service (MaaS) solutions. Botnets are a thorn in the side for cybersecurity firms, hosting providers, and everyday businesses alike. The systems are made up of enslaved devices including mobile devices, Internet of Things (IoT) gadgets, and PCs.

Games: The Gardens Between and More to Come From Feral Interactive

  • The beautiful puzzle adventure 'The Gardens Between' is now out with native Linux support
    The Gardens Between from The Voxel Agents looks like a fantastic puzzle adventure and it's now available with native Linux support.
  • Feral Interactive are teasing ANOTHER new Linux port
    As a reminder, Feral Interactive have only recently release Life is Strange: Before the Storm and Total War: Warhammer II is confirmed to be coming this autumn. On top of that, last month they also put up another teaser that we're still guessing. I wouldn't be surprised if they do try to get more ports out earlier now, especially with Steam Play which would eat into their Linux port sales. Anyway…looks like 2018 really will be another great year for Linux gaming! The amount of Linux games Feral has ported now is kind of ridiculous: XCOM, XCOM 2, Tomb Raider, Rise of the Tomb Raider, Mad Max, Shadow of Mordor, HITMAN, F1 2017, Life is Strange, Life is Strange: Before the Storm, Dawn of War II, Dawn of War III, DiRT Rally and the list goes on.