Kyverno — verify Kubernetes control plane images
Guest post originally published on Medium by Charles-Edouard Brétéché In this story we are going to deploy a local Kubernetes cluster using kind, then we will deploy Kyverno and use it to verify Kubernetes control plane images signature. What is Kyverno ? Kyverno is an open-source policy engine for Kubernetes that allows you to…
New Kubernetes security audit complete and open sourced
By Chris Aniszczyk (@cra) and Rey Lejano In 2018, the Cloud Native Computing Foundation (CNCF) started performing and open sourcing third-party security audits with the goal of improving the overall security practices of our ecosystem. Since then, Argo,…
CNCF fuzzing open source projects for security and reliability
By Chris Aniszczyk, Adam Korczynski, David Korczynski Introduction In this blog post we will present an overview of the state of fuzzing CNCF projects. We published a blog post on this in June 2022 titled Improving Security by…
Stability and scalability assessment of KubeVela
Guest post by Da Yin, infra engineer at Alibaba Cloud and KubeVela maintainer Background With the release of v1.8, KubeVela, the OAM-based application delivery project, has been continuously evolving for over 3 years. It is now being adopted…
Super bot for Kubernetes clusters
Guest post by: One stop shop messaging bot for monitoring, notifying and debugging anywhere, anytime. Bots have been around humans for a while now and used for variety of purposes. The most common ones are notification receivers through…
KubeGateway: A customized seven-layer Load Balancer for kube-apiserver
Guest post originally published on ByteDance’s blog by Jun Zhang KubeGateway is a seven-layer load balancer specially customized by ByteDance for kube-apiserver traffic characteristics. It completely solves the problem of kube-apiserver load imbalance. For the first time in…
2022 Kubernetes vulnerabilities – Main takeaways
Guest post originally published on ARMO’s blog by Ben Hirschberg All the main K8s vulnerabilities from 2022 consolidated into one article. Put together by Ben Hirschberg, CTO & co-founder of ARMO. During 2022, Kubernetes continued to cement itself as a…
Support for 100 Large-Scale Clusters: Test Report on Karmada
Guest post by Kevin Wang TL;DR Cloud native implementations, growing in scale and complexity, are challenging organizations on how to efficiently, reliably manage large-scale resource pools to meet growing demands. Players in the cloud field attempted to scale…
Demonstrating your K8s scheduler with kube-scheduler-simulator in a real cluster
Guest post originally published on the Miraxia blog by Takuma Kawai In the previous post, I wrote how we can develop our own scheduler with kube-scheduler-simulator. If you could implemented your new scheduler, you may want to try it in…
Securing Kubernetes cluster using Kubescape and kube-bench
Guest post originally published on InfraCloud’s blog by Amar Chand With businesses adopting cloud native technology, Kubernetes has emerged as a primary tool of choice for container orchestration. Deploying and managing applications has never been easier. However, securing…