Welcome to part 2 of a two-part series on security for cloud-native applications. In part 1, we highlighted three CNCF security projects — Falco, SPIRE, and Notary, which are CNCF incubating projects. In this article, we look at four other CNCF incubating projects. Together, they make a formidable list of security tools every DevOps team should have in their IT arsenal.
Joining the Cloud Native Computing Foundation (CNCF) as general manager has been an amazing journey. When I started as GM last year, my goal was to understand the needs of the community by listening and then build from there. However, as some of you may have heard, CNCF is a foundation of doers — which means I’ve done a lot of listening and a lot of doing in my time here.
Security has long been the biggest challenge for organizations adopting cloud-native technologies like Kubernetes. However, one look at the top CNCF projects shows a lack of security-only ventures. This was especially noticeable in 2019. However, in 2020, the CNCF took measures to include some very useful security-related projects, and the result is interesting. This article covers the top security projects featured on CNCF today and why they are relevant for your cloud-native applications.
The orchestration and management layer is the third layer in the Cloud Native Computing Foundation’s cloud native landscape. Before tackling tools in this category, engineers have presumably already automated infrastructure provisioning following security and compliance standards (provisioning layer) and set up the runtime for the application (runtime layer).
In November, the Cloud Native Computing Foundation released a whitepaper that focused on the security of cloud native applications. It was large in scope, covering everything from cloud native layers, to the full lifecycle of development, to compliance (and everything in between). This white paper should not only serve as a guiding light for any and all cloud native developers and admins (and the companies that hire them) but as a warning about the complex nature of security surrounding cloud native.
Envoy is likely the most important open-source project in the cloud-native networking space. Without it, we wouldn’t have a service mesh like Istio. The Envoy team recently announced Envoy Mobile, which looks to manage mobile applications with the same level of dedication as a datacenter. Another new project spawned by the Envoy project is Kuma. That’s the focus of this post. Kuma joins what is likely the hottest part of cloud-native computing — service meshes. This space is getting crowded of late, but Kuma believes they have something special that stands out compared with the available options. Let’s take a look at Kuma.
Want to have a really bad day? Make a security blunder that the whole world can see — Yes, we’re looking at you SolarWinds. No one wants that. That’s why even though Kubernetes isn’t the easiest system to lock down securely, you must do just that. Fortunately, programs like Falco can help.
This post is part of an ongoing series from CNCF Business Value Subcommittee co-chairs Catherine Paganini and Jason Morgan that focuses on explaining each category of the cloud native landscape to a non-technical audience as well as engineers just getting started with cloud native.
As we dive into studying for the Certified Kubernetes Security Specialist (CKS) program, make sure to understand the test and its structure. A full blog details the Cloud Native Computing Foundation’s (CNCF) announcement about the CKS and its exam structure.
The Kubernetes release cycle is back to its usual self, bringing version 1.20 to K8s aficionados young and old. The release includes stable volume snapshot operations, process ID limiting, advances in kubectl debug, and one less thing to worry about when it comes to exec probe timeouts.