Blog: Forensic container checkpointing in Kubernetes

Authors: Adrian Reber (Red Hat) Forensic container checkpointing is based on Checkpoint/Restore In Userspace (CRIU) and allows the creation of stateful copies of a running container without the container knowing that it is being checkpointed. The copy of the container can be analyzed and restored in a sandbox environment multiple times without the original container Read more about Blog: Forensic container checkpointing in Kubernetes[…]

Blog: Boosting Kubernetes container runtime observability with OpenTelemetry

Authors: Sascha Grunert When speaking about observability in the cloud native space, then probably everyone will mention OpenTelemetry (OTEL) at some point in the conversation. That’s great, because the community needs standards to rely on for developing all cluster components into the same direction. OpenTelemetry enables us to combine logs, metrics, traces and other contextual Read more about Blog: Boosting Kubernetes container runtime observability with OpenTelemetry[…]

Blog: Kubernetes Removals, Deprecations, and Major Changes in 1.26

Author: Frederico Muñoz (SAS) Change is an integral part of the Kubernetes life-cycle: as Kubernetes grows and matures, features may be deprecated, removed, or replaced with improvements for the health of the project. For Kubernetes v1.26 there are several planned: this article identifies and describes some of them, based on the information available at this Read more about Blog: Kubernetes Removals, Deprecations, and Major Changes in 1.26[…]

AWS Batch for Amazon Elastic Kubernetes Service

Today I’m pleased to announce AWS Batch for Amazon Elastic Kubernetes Service (Amazon EKS). AWS Batch for Amazon EKS is ideal for customers who no longer want to shoulder the burden of configuring, fine-tuning, and managing Kubernetes clusters and pods to use with their batch processing workflows. Furthermore, there is no charge for this service. Read more about AWS Batch for Amazon Elastic Kubernetes Service[…]

Blog: Current State: 2019 Third Party Security Audit of Kubernetes

Authors (in alphabetical order): Cailyn Edwards (Shopify), Pushkar Joglekar (VMware), Rey Lejano (SUSE) and Rory McCune (DataDog) We expect the brand new Third Party Security Audit of Kubernetes will be published later this month (Oct 2022). In preparation for that, let’s look at the state of findings that were made public as part of the Read more about Blog: Current State: 2019 Third Party Security Audit of Kubernetes[…]

Blog: Kubernetes 1.25: alpha support for running Pods with user namespaces

Authors: Rodrigo Campos (Microsoft), Giuseppe Scrivano (Red Hat) Kubernetes v1.25 introduces the support for user namespaces. This is a major improvement for running secure workloads in Kubernetes. Each pod will have access only to a limited subset of the available UIDs and GIDs on the system, thus adding a new security layer to protect from Read more about Blog: Kubernetes 1.25: alpha support for running Pods with user namespaces[…]

Blog: Kubernetes 1.25: Kubernetes In-Tree to CSI Volume Migration Status Update

Author: Jiawei Wang (Google) The Kubernetes in-tree storage plugin to Container Storage Interface (CSI) migration infrastructure has already been beta since v1.17. CSI migration was introduced as alpha in Kubernetes v1.14. Since then, SIG Storage and other Kubernetes special interest groups are working to ensure feature stability and compatibility in preparation for CSI Migration feature Read more about Blog: Kubernetes 1.25: Kubernetes In-Tree to CSI Volume Migration Status Update[…]

Blog: Kubernetes 1.25: CustomResourceDefinition Validation Rules Graduate to Beta

Authors: Joe Betz (Google), Cici Huang (Google), Kermit Alexander (Google) In Kubernetes 1.25, Validation rules for CustomResourceDefinitions (CRDs) have graduated to Beta! Validation rules make it possible to declare how custom resources are validated using the Common Expression Language (CEL). For example: apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition … openAPIV3Schema: type: object properties: spec: type: object x-kubernetes-validations: Read more about Blog: Kubernetes 1.25: CustomResourceDefinition Validation Rules Graduate to Beta[…]

Blog: Kubernetes 1.25: Use Secrets for Node-Driven Expansion of CSI Volumes

Author: Humble Chirammal (Red Hat), Louis Koo (deeproute.ai) Kubernetes v1.25, released earlier this month, introduced a new feature that lets your cluster expand storage volumes, even when access to those volumes requires a secret (for example: a credential for accessing a SAN fabric) to perform node expand operation. This new behavior is in alpha and Read more about Blog: Kubernetes 1.25: Use Secrets for Node-Driven Expansion of CSI Volumes[…]

Blog: Kubernetes 1.25: Local Storage Capacity Isolation Reaches GA

Author: Jing Xu (Google) Local ephemeral storage capacity isolation was introduced as a alpha feature in Kubernetes 1.7 and it went beta in 1.9. With Kubernetes 1.25 we are excited to announce general availability(GA) of this feature. Pods use ephemeral local storage for scratch space, caching, and logs. The lifetime of local ephemeral storage does Read more about Blog: Kubernetes 1.25: Local Storage Capacity Isolation Reaches GA[…]