Recently-Added

Today Sysdig announced a new update to their Cloud Native Visibility and Security Platform, with the release of Sysdig Secure 2.4. The new version of the Secure product includes some pretty nifty enhancements. Runtime profiling with machine learning - New containers will be profiled after deployment to give insights into the processes, file system activity, networking and system calls. Once the profiling is complete, these profiles can be used to create policy sets for the expected behavior. Sysdig also offers a confidence level of the profile. Consistent behavior generating a higher confidence level whereas variable behavior would have a lower level. ...

One of the best things about Kubernetes, is that I don’t have to think about which piece of hardware my container will run on when I deploy it. The Kubernetes scheduler can make that decision for me. This is great until I actually DO care about what node my container runs on. This post will examine one solution to pod placement, through taints and tolerations. Taints - The Theory Suppose we had a Kubernetes cluster where we didn’t want any pods to run on a specific node. You might need to do this for a variety of reasons, such as: ...

Any system that’s going to be deployed for the enterprise needs to have at least a basic level of monitoring in place to manage it. Kubernetes is no exception to this rule. When we, as a community, underwent the shift from physical servers to virtual infrastructure, we didn’t ignore the new VMs and just keep monitoring the hardware, we had to come up with new products to monitor our infrastructure. Sysdig is building these new solutions for the Kubernetes world. ...

The Kubernetes series has now ventured into some non-native k8s discussions. Helm is a relatively common tool used in the industry and it makes sense to talk about why that is. This post covers the basics of Helm so we can make our own evaluations about its use in our Kubernetes environment. Helm - The Theory So what is Helm? In the most simplest terms its a package manager for Kubernetes. Think of Helm this way, Helm is to Kubernetes as yum/apt is to Linux. Yeah, sounds pretty neat now doesn’t it? ...

As with all systems, we need to be able to secure a Kubernetes cluster so that everyone doesn’t have administrator privileges on it. I know this is a serious drag because no one wants to deal with a permission denied error when we try to get some work done, but permissions are important to ensure the safety of the system. Especially when you have multiple groups accessing the same resources. We might need a way to keep those groups from stepping on each other’s work, and we can do that through role based access controls. ...

Whenever I talk cloud with a customer, there is inevitably a discussion around how much the cloud costs vs what is in the data center. The conversation usually starts with one of several declarations. “The Cloud is more expensive than on-premises but we want the capabilities anyway.” “We need the Cloud so we can drive down our costs.” Well yes, if you’ve paid attention, those are two different arguments about why you need cloud, and both of them came to different conclusions about whether or not the public cloud is more expensive or less expensive than running your own data center. ...

If you’ve been following the series, you may be thinking that we’ve built ourselves a problem. You’ll recall that we’ve now learned about Deployments so that we can roll out new pods when we do upgrades, and replica sets can spin up new pods when one dies. Sounds great, but remember that each of those containers has a different IP address. Now, I know we haven’t accessed any of those pods yet, but you can imagine that it would be a real pain to have to go lookup an IP Address every time a pod was replaced, wouldn’t it? This post covers Kubernetes Services and how they are used to address this problem, and at the end of this post, we’ll access one of our pods … finally. ...

After following the previous posts, we should feel pretty good about deploying our pods and ensuring they are highly available. We’ve learned about naked pods and then replica sets to make those pods more HA, but what about when we need to create a new version of our pods? We don’t want to have an outage when our pods are replaced with a new version do we? This is where “Deployments” comes into play. ...

In a previous post we covered the use of pods and deployed some “naked pods” in our Kubernetes cluster. In this post we’ll expand our use of pods with Replica Sets. Replica Sets - The Theory One of the biggest reasons that we don’t deploy naked pods in production is that they are not trustworthy. By this I mean that we can’t count on them to always be running. Kubernetes doesn’t ensure that a pod will continue running if it crashes. A pod could die for all kinds of reasons such as a node that it was running on had failed, it ran out of resources, it was stopped for some reason, etc. If the pod dies, it stays dead until someone fixes it which is not ideal, but with containers we should expect them to be short lived anyway, so let’s plan for it. ...

Amazon Web Services has released yet another service designed to improve the lives of people administering an AWS environment. There is a new backup service, cleverly named, AWS Backup. This new service allows you to create a backup plan for Elastic Block Store (EBS) volumes, Elastic File System (EFS), DynamoDB, Relational Database Services (RDS), and Storage Gateway. Now we can build plans to automatically backup, tier and expire old backups automatically based on our own criteria. ...