Cloud Native Digest: Cloud Native Computing Foundation Announces Falco Graduation

Open source projects worth checking out

ldap-operator

A Kubernetes operator for deploying and managing LDAP directories.

Updatecli

Updatecli is a tool used to apply file update strategies. Designed to be used from everywhere, each application “run” detects if a value needs to be updated using a custom strategy then apply changes according to the strategy.

Alaz

Alaz is an open-source Ddosify eBPF agent that can inspect and collect Kubernetes (K8s) service traffic without the need for code instrumentation, sidecars, or service restarts.

Eraser

Eraser helps Kubernetes admins remove a list of non-running images from all Kubernetes nodes in a cluster.

Technical recommendations

How to inspect kubernetes networking

This article discusses tools and techniques for inspecting Kubernetes networking. It explains that Kubernetes, as a container orchestration system, requires advanced networking techniques to maintain network connectivity between containers in a cluster. The article is useful for debugging connectivity issues, investigating network throughput problems, or gaining a better understanding of how Kubernetes operates. The author provides guidance on getting started, including having a Kubernetes cluster with kubectl installed and configured. It covers finding a Pod’s cluster IP address using the “kubectl get pod” command and listing all services in all namespaces to find a Service’s IP address. The article provides a concise and informative overview of inspecting Kubernetes networking.

The Top 5 Kubernetes Security Mistakes You’re Probably Making

This article discusses the top five common security mistakes in Kubernetes, aiming to help readers avoid these errors. The author emphasizes the importance of properly configuring and managing Kubernetes clusters to ensure the security of applications and data. The article covers common mistakes such as unauthorized access, container vulnerabilities, insecure configurations, unencrypted communication, and improper permission management. It provides recommendations and best practices for addressing these issues. By reading this article, readers can learn how to mitigate security risks and enhance the security of their Kubernetes clusters.

What’s new in cloud native

Cloud Native Computing Foundation Announces Falco Graduation

SAN FRANCISCO, Calif. — February 29, 2024 — The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, today announced the graduation of Falco, a cloud native security tool designed for Linux systems and the de facto Kubernetes threat detection engine.

Falco was created and open sourced in 2016 by Sysdig and became the first runtime security project accepted into the CNCF Sandbox in 2018 and, subsequently, the Incubator in April 2020. Since then, Falco has added maintainers from Amazon, Apple, IBM, Red Hat, and more. The project has also seen a 400% increase in active contributors since moving to incubation and now has hundreds active code contributors.

Announcing Linkerd 2.15 with mesh expansion, native sidecars, and SPIFFE

Today we’re happy to announce the release of Linkerd 2.15, which adds support for workloads outside of Kubernetes. This new “mesh expansion” feature allows Linkerd users for the first time to bring applications running on VMs, physical machines, and other non-Kubernetes locations into the mesh, delivering Linkerd’s uniform layer of secure, reliable, and observable connectivity across both Kubernetes and non-Kubernetes workload alike.

The 2.15 release also introduces support for SPIFFE, a standard for workload identity which allows Linkerd to provide cryptographic identity and authentication to off-cluster workloads, and for native sidecar containers, a new Kubernetes feature that eases some of the long-standing annoyances of the sidecar model in Kubernetes, especially with Job workloads.

About KubeSphere

KubeSphere is an open source container platform built on top Kubernetes with applications at its core. It provides full-stack IT automated operation and streamlined DevOps workflows.

KubeSphere has been adopted by thousands of enterprises across the globe, such as Aqara, Sina, Benlai, China Taiping, Huaxia Bank, Sinopharm, WeBank, Geko Cloud, VNG Corporation and Radore. KubeSphere offers wizard interfaces and various enterprise-grade features for operation and maintenance, including Kubernetes resource management, DevOps (CI/CD), application lifecycle management, service mesh, multi-tenant management, monitoring, logging, alerting, notification, storage and network management, and GPU support. With KubeSphere, enterprises are able to quickly establish a strong and feature-rich container platform.

To stay updated, visit our official website or follow us on Twitter.