Security News

KubeSphere Community announced the general availability of KubeSphere 3.1.0. KubeSphere, as an app-centric distributed operating system running on top of Kubernetes, has further expanded its portfolio to deliver more robust experiences for users across the globe, enabling DevOps teams to run Kubernetes workloads where and when they want with ease and security.

This article talks about label standard and best practices for Kubernetes security, a common area where I see organizations struggle to define the set of labels required to meet their security requirements. My advice is to always start with a hierarchical security design that can achieve your enterprise security and compliance requirements, then define your label standard in alignment with your design.

Confluent for Kubernetes brings cloud-native capabilities to data streams in private infrastructures
Confluent announced Confluent for Kubernetes, a platform purpose-built to bring cloud-native capabilities to data streams in private infrastructures. To make it easier and faster to harness the value of data in motion across an entire organization, Confluent drew on its expertise managing thousands of Apache Kafka clusters in Confluent Cloud to offer the same cloud-native experience for on-premises environments.

A session on how to hack into a Kubernetes cluster was among the highlights of a Kubecon where the main events were generally bland and corporate affairs, perhaps indicative of the technology now being a de facto infrastructure standard among enterprises. Kubernetes is huge, and if there was an underlying theme at the event it was that Kubernetes is becoming the standard runtime platform.

Portworx released findings from its survey which assesses the mass adoption and evolution of Kubernetes usage among enterprise users in the last 12 months, in addition to the impact of the pandemic on IT users' attitudes towards their jobs. The survey found that 68 percent of IT professionals said they increased their usage of Kubernetes as a result of the pandemic, primarily to accelerate their deployment of new applications and increase their use of automation - both of which are critical to meeting customers and employees where they are today.

Trilio announced the availability of TrilioVault for Kubernetes 2.1, the latest release of its cloud-native backup and recovery platform that enables restoration and mobility of entire Kubernetes workloads on-demand. TrilioVault for Kubernetes 2.1 features new Kubernetes management functionality including visibility and insights into Velero-based backups as well as enhanced disaster recovery capabilities for multi-cloud infrastructure deployments.

DataStax announced that K8ssandra, an open-source distribution of Apache Cassandra on Kubernetes, is available on any Kubernetes environment including distro-specific integrations for Amazon Elastic Kubernetes Service, Google Kubernetes Engine, and Azure Kubernetes Service. "Apache Cassandra is a highly scalable, fast and reliable database and running it on Kubernetes removes many of the operation hurdles around installation, customization and maintenance."

As Kubecon Europe gets under way, Red Hat has pushed out StackRox, the Kubernetes security product it acquired earlier this year, as an open-source project which will be the upstream for its Advanced Cluster Security for OpenShift. The StackRox product is itself deployed as a Kubernetes application and has several components, aiming to pick up vulnerabilities in both container images and in Kubernetes, look for misconfigurations such as unnecessarily elevated privileges, perform rule-based threat detection, and more.

Kubestriker is an open-source, platform-agnostic tool for identifying security misconfigurations in Kubernetes clusters. It performs a variety of checks on a range of services and open ports on the Kubernetes platform, helps safeguard against potential attacks on Kubernetes clusters by continuously scanning, monitoring and alerting of any anomalies, allows users to see components of the Kubernetes infrastructure, and visualizes attack paths.

Mirantis announced a new version of Lens - the Kubernetes IDE. Lens 5 unlocks teamwork and collaboration, eliminating the pain of accessing Kubernetes clusters while providing a unique way for accessing clusters, services, tools, pipelines, automations, and any other related resources in one click, regardless of where or how they are running. Lens 5 introduces Lens Spaces, a centralized cloud-based service - integrated with Lens IDE - that lets teams create collaborative spaces for their cloud-native development needs.