Security News

Trilio announced the availability of TrilioVault for Kubernetes 2.1, the latest release of its cloud-native backup and recovery platform that enables restoration and mobility of entire Kubernetes workloads on-demand. TrilioVault for Kubernetes 2.1 features new Kubernetes management functionality including visibility and insights into Velero-based backups as well as enhanced disaster recovery capabilities for multi-cloud infrastructure deployments.

DataStax announced that K8ssandra, an open-source distribution of Apache Cassandra on Kubernetes, is available on any Kubernetes environment including distro-specific integrations for Amazon Elastic Kubernetes Service, Google Kubernetes Engine, and Azure Kubernetes Service. "Apache Cassandra is a highly scalable, fast and reliable database and running it on Kubernetes removes many of the operation hurdles around installation, customization and maintenance."

As Kubecon Europe gets under way, Red Hat has pushed out StackRox, the Kubernetes security product it acquired earlier this year, as an open-source project which will be the upstream for its Advanced Cluster Security for OpenShift. The StackRox product is itself deployed as a Kubernetes application and has several components, aiming to pick up vulnerabilities in both container images and in Kubernetes, look for misconfigurations such as unnecessarily elevated privileges, perform rule-based threat detection, and more.

Kubestriker is an open-source, platform-agnostic tool for identifying security misconfigurations in Kubernetes clusters. It performs a variety of checks on a range of services and open ports on the Kubernetes platform, helps safeguard against potential attacks on Kubernetes clusters by continuously scanning, monitoring and alerting of any anomalies, allows users to see components of the Kubernetes infrastructure, and visualizes attack paths.

Mirantis announced a new version of Lens - the Kubernetes IDE. Lens 5 unlocks teamwork and collaboration, eliminating the pain of accessing Kubernetes clusters while providing a unique way for accessing clusters, services, tools, pipelines, automations, and any other related resources in one click, regardless of where or how they are running. Lens 5 introduces Lens Spaces, a centralized cloud-based service - integrated with Lens IDE - that lets teams create collaborative spaces for their cloud-native development needs.

With these additions, StackPulse gives organizations running Kubernetes a powerful set of capabilities to augment their existing incident response practices, helping Site Reliability Engineers understand and investigate issues faster, and deploy well-tested outage mitigation strategies, helping prevent customer-facing downtime. Since Kubernetes is the de-facto standard for running containerized applications, StackPulse wanted to create a set of code-based tools engineers could use to operationalize incident response for production Kubernetes-based applications.

The TL;DR version of the Infoworld article went something like this: "Companies are shying away from managing their own Kubernetes clusters and more and more, turning to managed Kubernetes solutions" - and I was not surprised. Even though Kubernetes adoption seems to be at an all-time high, security awareness for teams working on Kubernetes projects at their workplaces and running mission-critical workloads on Kubernetes is surprisingly low.

Scality introduced ARTESCA, the lightweight, true enterprise-grade, cloud-native object storage solution designed for the needs of the Kubernetes era. Supported immediately on a broad portfolio of HPE all-flash and hybrid intelligent data storage servers, ARTESCA addresses multiple use cases, from the edge to the core to the cloud, especially in cloud-native, AI/ML, big data analytics and in-memory applications.

Loft Labs announced that vcluster, a virtual cluster technology for Kubernetes, is now freely available on GitHub. "Vcluster is the first actually working virtualization technology for Kubernetes," said Fabian Kramm, CTO of Loft Labs.

A vulnerability in one of the Go libraries that Kubernetes is based on could lead to denial of service for the CRI-O and Podman container engines. "Through this vulnerability, malicious actors could jeopardize any containerized infrastructure that relies on these vulnerable container engines, including Kubernetes and OpenShift," Sasson said in a Wednesday posting.