Language Selection

English French German Italian Portuguese Spanish

Server

Server: Kubernetes, Anchore, Octarine

Filed under
Server
  • Just Released: Kube-Scan Open Source Scanning Tool for Kubernetes

    A startup focused on Kubernetes security has released an open source risk assessment tool for the popular container orchestration platform. Cloud-native app security provider Octarine's Kube-Scan is a cluster risk assessment tool for developers that scans Kubernetes configurations and settings to identify and rank potential vulnerabilities in applications in minutes.

    The tool's risk score is based on Octarine's own Kubernetes Common Configuration Scoring System (KCCSS), a framework similar to the widely used Common Vulnerability Scoring System (CVSS). The KCCSS is similar to the CVSS, but it focuses on the configurations and security settings themselves.

  • Catalogic Software Debuts Open Source Backup Tool for Kubernetes

    Catalogic Software has made available the open source KubeDR utility for backing up and recovering Kubernetes cluster configuration, certificates and metadata residing in an etcd repository.

    Company COO Sathya Sankaran says Catalogic Software has been working to extend the reach of its backup and recovery software for Kubernetes and that KubeDR represents an effort to give back to the open source community. The company’s backup and recovery software already have been extended to support instances of Red Hat OpenShift, which is based on a distribution of Kubernetes, running in OpenStack environments.

    As part of that effort, Catalogic Software, which spun out of Syncsort in 2013, has created Catalogic Labs, committed to developing additional open source data protection technologies.

    KubeDR is designed to enable IT organizations to recover Kubernetes configuration, certificates and metadata stored in an S3-compatible object storage system. The idea is to make it easier for IT organizations to recover a Kubernetes cluster in the event of a failure. IT teams still need a separate tool to back and recover any application data that might have been lost as well.

  • Container software startup Anchore raises $20 million

    The open source software evolution that garnered a $150 million buyout by software giant RedHat in 2015 is fueling a second venture for return founder Saïd Ziouani, this time focused on securing the containers at the core of app development.

  • New open-source projects look to secure Kubernetes

    Kubernetes security company Octarine has announced two new open-source projects designed to protect against cloud-native security vulnerabilities. The Kubernetes Common Configuration Scoring System (KCCSS) is a framework for rating security risks, and kube-scan is a workload and assessment tool.

    “Our mission is to make the adoption of DevSecOps best practices simple, understandable, and achievable for any organization running Kubernetes,” said Julien Sobrier, head of product at Octarine. “One glaring blindspot is at the configuration level when building and deploying cloud native apps. We hope these two new projects benefit the Kubernetes practitioners industry-wide and look forward to collaborating with the community to make Kubernetes as secure and compliant as possible.”

SQLite Release 3.31.0 On 2020-01-22

Filed under
Server
OSS

The legacy_file_format pragma is deactivated. It is now a no-op. In its place, the SQLITE_DBCONFIG_LEGACY_FILE_FORMAT option to sqlite3_db_config() is provided. The legacy_file_format pragma is deactivated because (1) it is rarely useful and (2) it is incompatible with VACUUM in schemas that have tables with both generated columns and descending indexes.

Read more

Also: SQLite 3.31 Released With Support For Generated Columns

Server: Caddy, Jekyll, Containers and Kubernetes

Filed under
Server
  • How I moved from Nginx to Caddy

    Let me show you how complex an Nginx configuration can get for something as simple as serving two static websites with sane TLS configuration. If we have a look on the tls.conf, there are many things I would expect from a webserver to be default in the year 2020. First there are the ssl_protocols, second there are the ssl_ciphers and ssl_ecdh_curve, third there is ssl_stapling. I expect all of these to be enabled on default and neither Nginx nor Apache do this with standard settings.

  • Tempus Fugit, or moving from hubpress to Jekyll

    When I opened my blog, I realised I hadn’t updated the underlying hubpress code in quite a while. A long while. So long, in fact, that I couldn’t update hubpress anymore, because, much to my distress, the hubpress project had been archived by its author in the meantime. It had been archived months ago, and because I had not written a blog in over a year, I hadn’t even noticed.

    I think it’s safe to say I do not have a lucky hand in picking new open source projects to build my own stuff upon. But that’s part of the risk of running new tech sometimes, right?

  • Navigating Docker for Windows versions

    Windows though has a couple of gotchas, the behavior of docker on windows can vastly vary depending on which binary and/or configuration you use.

    Containers on windows are dependent on the server version of the Host. For example, your server 2016 (1607) containers can only be executed on a server 2016 host. Currently there are 2 popular base versions that docker supports, Server 2016, and 2019. Gitlab-runner only supports server 2019, so we will go with that.

  • Here’s How To Tackle K8’s Security Challenge…
  • Two New Open Source Projects for Kubernetes Security by Octarine
  • Octarine Adds 2 Open Source Projects to Secure Kubernetes

    Octarine announced today it has launched two open source projects intended to enhance Kubernetes security.

    The first project is kube-scan, a workload and assessment tool that scans Kubernetes configurations and settings to identify and rank potential vulnerabilities in applications in minutes. The second project is a Kubernetes Common Configuration Scoring System (KCCSS), a framework for rating security risks involving misconfigurations.

    Julian Sobrier, head of product for Octarine, said the projects are extensions of the namesake cybersecurity framework the company created based on a service mesh for Kubernetes clusters. The Octarine service mesh not only segments network and application traffic all the way up through Layer 7 running on Kubernetes clusters, but it also acts as an inspection engine that employs machine learning algorithms to identify anomalous traffic, Sobrier says.

  • Octarine Open Sources New Security Scanning Tools

    To enhance Kubernetes security, Octarine has released two new open source security scanning tools.

    The first tool is called Kubernetes Common Configuration Scoring System (KCCSS). It is said to be a new framework for rating security risks associated with misconfigurations. Kube-scan, the second open-sourced tool, is a workload and assessment tool to scan Kubernetes configurations and settings to identify and rank potential vulnerabilities in applications within minutes.

Kubernetes: KubeInvaders, CSI Ephemeral Inline Volumes and Reviewing 2019 in Docs

Filed under
Server
OSS
  • KubeInvaders - Gamified Chaos Engineering Tool for Kubernetes

    Some months ago, I released my latest project called KubeInvaders. The first time I shared it with the community was during an Openshift Commons Briefing session. Kubenvaders is a Gamified Chaos Engineering tool for Kubernetes and Openshift and helps test how resilient your Kubernetes cluster is, in a fun way.

  • CSI Ephemeral Inline Volumes

    Typically, volumes provided by an external storage driver in Kubernetes are persistent, with a lifecycle that is completely independent of pods or (as a special case) loosely coupled to the first pod which uses a volume (late binding mode). The mechanism for requesting and defining such volumes in Kubernetes are Persistent Volume Claim (PVC) and Persistent Volume (PV) objects. Originally, volumes that are backed by a Container Storage Interface (CSI) driver could only be used via this PVC/PV mechanism.

    But there are also use cases for data volumes whose content and lifecycle is tied to a pod. For example, a driver might populate a volume with dynamically created secrets that are specific to the application running in the pod. Such volumes need to be created together with a pod and can be deleted as part of pod termination (ephemeral). They get defined as part of the pod spec (inline).

    Since Kubernetes 1.15, CSI drivers can also be used for such ephemeral inline volumes. The CSIInlineVolume feature gate had to be set to enable it in 1.15 because support was still in alpha state. In 1.16, the feature reached beta state, which typically means that it is enabled in clusters by default.

    CSI drivers have to be adapted to support this because although two existing CSI gRPC calls are used (NodePublishVolume and NodeUnpublishVolume), the way how they are used is different and not covered by the CSI spec: for ephemeral volumes, only NodePublishVolume is invoked by kubelet when asking the CSI driver for a volume. All other calls (like CreateVolume, NodeStageVolume, etc.) are skipped. The volume parameters are provided in the pod spec and from there copied into the NodePublishVolumeRequest.volume_context field. There are currently no standardized parameters; even common ones like size must be provided in a format that is defined by the CSI driver. Likewise, only NodeUnpublishVolume gets called after the pod has terminated and the volume needs to be removed.

  • Reviewing 2019 in Docs

    Hi, folks! I’m one of the co-chairs for the Kubernetes documentation special interest group (SIG Docs). This blog post is a review of SIG Docs in 2019. Our contributors did amazing work last year, and I want to highlight their successes.

    Although I review 2019 in this post, my goal is to point forward to 2020. I observe some trends in SIG Docs–some good, others troubling. I want to raise visibility before those challenges increase in severity.

What Must be Considered Before Choosing a Container Platform?

Filed under
Server
OSS

An increasing number of IT groups are incorporating development tools, such as containers, in order to create cloud-native apps that operate in a constant manner across public, private, and hybrid clouds.

However, the trickiest part is to find the best container platforms for the organization. It is hard to make the correct decisions regarding container orchestration for managing lifecycles of the containers in order to function at scale and accelerate innovation.

Containers can be Linux

It is vital for every application to run on Linux since the containers are always running on a Linux host.

Containers that are used for managing their lifecycles, work best with Linux. However, these days, Kubernetes is the popular container orchestration platform that was built on Linux concepts and make use of Linux tooling and application programming interfaces (APIs) for managing the containers.

The companies are advised to opt for a Linux distribution that they know and trust before taking any decision on the OS for their container platform. Red Hat Enterprise Linux (RHEL), an OS platform, suits well for operating company’s containers as it provides stability and security features simultaneously, allowing developers to be agile.

Read more

Kubernetes: KubeDR, Elastic and Bug Bounty

Filed under
Server
OSS
  • Catalogic Software Announces KubeDR – Open Source Kubernetes Disaster Recovery

    Catalogic Software, a developer of innovative data protection solutions, today announced the introduction of its Catalogic open source utility, KubeDR, built to provide backup and disaster recovery for Kubernetes cluster configuration, certificates and metadata. Kubernetes is the fastest growing and most popular platform for managing containerized workloads in hybrid cloud environments. Catalogic is also launching cLabs to support new products, open source initiatives and innovations, such as KubeDR.

    Kubernetes stores cluster data in etcd, an interface that collects configuration data for distributed systems. While there are solutions focused on protecting persistent volumes, the cluster configuration data is often forgotten in existing industry solutions. There is a market need to provide the specific requirements of backup and support for Kubernetes cluster data stored in etcd. Catalogic’s new KubeDR is a user-friendly, secure, scalable and an open source solution for backup and disaster recovery designed specifically for Kubernetes applications.

  • Elastic Brings Observability Platform to Kubernetes

    Elastic N.V. announced this week that Elastic Cloud, a subscription instance of an observability platform based on the open source Elasticsearch engine, is generally available on Kubernetes.

    Anurag Gupta, principal product manager for Elastic Cloud, deploying Elastic Cloud for Kubernetes (ECK) eliminates the need to invoke an instance of the platform running outside their Kubernetes environment.

  • Kubernetes Launches Bug Bounty

    Kubernetes, the open-source container management system, has opened up its formerly private bug bounty program and is asking hackers to look for bugs not just in the core Kubernetes code, but also in the supply chain that feeds into the project.

    The new bounty program is supported by Google, which originally wrote Kubernetes, and it’s an extension of what had until now been an invitation-only program. Google has lent financial support and security expertise to other bug bounty programs for open source projects. The range of rewards is from $100 to $10,000 and the scope of what’s considered a valid target is unusual.

  • Google Partners With CNCF, HackerOne on Kubernetes Bug Bounty
  • CNCF, Google, and HackerOne launch Kubernetes bug bounty program

    Bug bounty programs motivate individuals and hacker groups to not only find flaws but disclose them properly, instead of using them maliciously or selling them to parties that will. Originally designed by Google and now run by the CNCF, Kubernetes is an open source container orchestration system for automating application deployment, scaling, and management. Given the hundreds of startups and enterprises that use Kubernetes in their tech stacks, it’s significantly cheaper to proactively plug security holes than to deal with the aftermath of breaches.

Enterprise Insights: Red Hat And The Public Cloud

Filed under
Red Hat
Server

Open source projects are the epicenter of technology innovation today. Docker and Kubernetes are revolutionizing cloud-native computing, along with data-focused projects like Mongo and Redis and many others. Even as open source projects drive innovation, however, sponsoring companies face a growing existential threat from hyper-scale cloud providers.

Red Hat is the recognized leader in enterprise open source support. It's a successful public company with a track record of growth, so it was somewhat puzzling to understand why the Red Hat board decided to sell to IBM this past year.

Read more

16 Open Source Cloud Storage Software for Linux in 2020

Filed under
Server
OSS

The cloud by the name indicates something which is very huge and present over a large area. Going by the name, in a technical field, Cloud is something that is virtual and provides services to end-users in the form of storage, hosting of apps or virtualizing any physical space. Nowadays, Cloud computing is used by small as well as large organizations for data storage or providing customers with its advantages which are listed above.

Mainly, three types of Services come associated with Cloud which are: SaaS (Software as a Service) for allowing users to access other publically available clouds of large organizations for storing their data like Gmail, PaaS (Platform as a Service) for hosting of apps or software on Others public cloud ex: Google App Engine which hosts apps of users, IaaS (Infrastructure as a Service) for virtualizing any physical machine and availing it to customers to make them get feel of a real machine.

Read more

Edge AI server packs in a 16-core Cortex-A72 CPU plus up to 32 i.MX8M SoCs and 128 NPUs

Filed under
GNU
Linux
Server
Hardware

SolidRun’s “Janux GS31 AI Inference Server” runs Linux on its CEx7 LX2160A Type 7 module equipped with NXP’s 16-core Cortex-A72 LX2160A. The system also supplies up to 32 i.MX8M SoCs for video and up to 128 Grylfalcon Lightspeeur 2803 NPUs via multiple “Snowball” modules.

When people talk about edge AI servers, they might be referring to some of the high-end embedded systems we regularly cover here at LinuxGizmos or perhaps something more server-like such as SolidRun’s rackmount form factor Janux GS31 AI Inference Server. The system would generally exceed the upper limits of our product coverage, but it’s a particularly intriguing beastie. The Janux GS31 is based on a SolidRun CEx7 LX2160A COM Express Type 7 module, which also powers the SolidRun HoneyComb LX2K networking board that we covered in June.

Read more

Also: Google Cloud Now Offering IBM Power SystemsGoogle Cloud Now Offering IBM Power Systems

Kubernetes on MIPS

Filed under
Server
Hardware
OSS

Background

MIPS (Microprocessor without Interlocked Pipelined Stages) is a reduced instruction set computer (RISC) instruction set architecture (ISA), appeared in 1981 and developed by MIPS Technologies. Now MIPS architecture is widely used in many electronic products.

Kubernetes has officially supported a variety of CPU architectures such as x86, arm/arm64, ppc64le, s390x. However, it’s a pity that Kubernetes doesn’t support MIPS. With the widespread use of cloud native technology, users under MIPS architecture also have an urgent demand for Kubernetes on MIPS.

Achievements

For many years, to enrich the ecology of the open-source community, we have been working on adjusting MIPS architecture for Kubernetes use cases. With the continuous iterative optimization and the performance improvement of the MIPS CPU, we have made some breakthrough progresses on the mips64el platform.

Over the years, we have been actively participating in the Kubernetes community and have rich experience in the using and optimization of Kubernetes technology. Recently, we tried to adapt the MIPS architecture platform for Kubernetes and achieved a new a stage on that journey. The team has completed migration and adaptation of Kubernetes and related components, built not only a stable and highly available MIPS cluster but also completed the conformance test for Kubernetes v1.16.2.

Read more

Syndicate content

More in Tux Machines

Type Title Author Replies Last Postsort icon
Story Debian Etch: Solid, Crufty, Some Assembly Required srlinuxx
Story This months Cosmo srlinuxx 06/02/2005 - 4:03am
Story 50 gmail invites? srlinuxx 1 06/02/2005 - 4:10am
Story Moooore Spam! srlinuxx 1 06/02/2005 - 4:12am
Story Vin Diesel going soft on us? srlinuxx 2 06/02/2005 - 4:25pm
Poll How's the new site? srlinuxx 2 06/02/2005 - 9:01pm
Story Hackers homing in on Cellular Phones srlinuxx 5 07/02/2005 - 2:20pm
Story M$ Claims Safer than Linux srlinuxx 1 11/02/2005 - 5:34am
Story This Week At the Movies: Boogeyman & Alone in the Dark & Hide and Seek srlinuxx 1 11/02/2005 - 5:41am
Story Forbes Wants to Know srlinuxx 2 11/02/2005 - 6:13am