Stop Writing Tedious Security Rules! Let Kubescape Do the Work

Discover how to enhance your Kubernetes security with Kubescape's Runtime Threat Detection! In this video, we dive into the Anomaly Detection Engine, which learns the normal behavior of your applications and alerts you to any deviations. We'll set up a demo environment, deploy Kubescape, and simulate both normal and malicious activities to see how it performs. Learn how to configure alerts, understand application profiles, and integrate with AlertManager for effective monitoring. Perfect for anyone looking to improve their Kubernetes security posture with open-source tools.

KubernetesSecurity #Kubescape #RuntimeThreatDetection #AnomalyDetection

Consider joining the channel: https://www.youtube.com/c/devopstoolkit/join

▬▬▬▬▬▬ 🔗 Additional Info 🔗 ▬▬▬▬▬▬ ➡ Transcript and commands: https://devopstoolkit.live/security/stop-writing-tedious-security-rules-let-kubescape-do-the-work 🔗 Kubescape Node Agent: https://kubescape.io 🎬 How to Secure Kubernetes Clusters with Kubescape and Armo: https://youtu.be/ZATGiDIDBQk

▬▬▬▬▬▬ 💰 Sponsorships 💰 ▬▬▬▬▬▬ If you are interested in sponsoring this channel, please visit https://devopstoolkit.live/sponsor for more information. Alternatively, feel free to contact me over Twitter or LinkedIn (see below).

▬▬▬▬▬▬ 👋 Contact me 👋 ▬▬▬▬▬▬ ➡ Twitter: https://twitter.com/vfarcic ➡ LinkedIn: https://www.linkedin.com/in/viktorfarcic/

▬▬▬▬▬▬ 🚀 Other Channels 🚀 ▬▬▬▬▬▬ 🎤 Podcast: https://www.devopsparadox.com/ 💬 Live streams: https://www.youtube.com/c/DevOpsParadox

▬▬▬▬▬▬ ⏱ Timecodes ⏱ ▬▬▬▬▬▬ 00:00 Introduction to Runtime Security 02:55 Kubescape Runtime Threat Detection 04:14 Kubescape Anomaly Detection Engine In Action 14:41 Kubescape Anomaly Detection Engine Pros and Cons

via YouTube https://www.youtube.com/watch?v=EYET9aXnv9c

Observability Metrics - Feat. Prometheus, Cortex, and Thanos (You Choose!, Ch. 4, Ep. 03)

Metrics - Choose Your Own Adventure: The Observability Odyssey

In this episode, we'll go through metrics. The contestants are Prometheus, Cortex, and Thanos.

Vote for your choice of a tool for signing artifacts at https://cloud-native.slack.com/archives/C05M2NFNVRN. If you have not already joined CNCF Slack, you can do so from https://slack.cncf.io.

This and all other episodes are available at https://www.youtube.com/playlist?list=PLyicRj904Z9-FzCPvGpVHgRQVYJpVmx3Z.

More information about the "Choose Your Own Adventure" project including the source code and links to all the videos can be found at https://github.com/vfarcic/cncf-demo.

٩( ᐛ )و Whitney's YouTube Channel → https://www.youtube.com/@wiggitywhitney

prometheus #cortex #thanos

▬▬▬▬▬▬ 🔗 Additional Info 🔗 ▬▬▬▬▬▬ 🔗 Open Standards: https://github.com/vfarcic/cncf-demo/tree/main/manuscript/metrics/README.md

via YouTube https://www.youtube.com/watch?v=UXC9w3R9k8M

Atkinson Hyperlegible Font - Braille Institute

HomeRead Easier With our Free Font Is this font easy for you to read? Good—that’s the idea. Our font, Atkinson Hyperlegible was carefully developed by the…

September 20, 2024 at 12:44PM

via Instapaper

Microsoft deal would reopen Three Mile Island nuclear plant to power AI

Pennsylvania’s dormant Three Mile Island nuclear plant would be brought back to life to feed the voracious energy needs of Microsoft under an unprecedented deal…

September 20, 2024 at 11:27AM

via Instapaper

The 2024 Tidelift state of the open source maintainer report

2024 TIDELIFT STATE OF THE OPEN SOURCE MAINTAINER REPORT September 2024 Top headlines from our annual survey of open source maintainers

September 20, 2024 at 09:25AM

via Instapaper

Open source maintainers underpaid and going gray

The majority of open source project maintainers are not being paid for their work, spend three times as much time on security than they did three years ago, and…

September 20, 2024 at 09:25AM

via Instapaper

Disney to stop using Salesforce-owned Slack after hack exposed company data, report says

September 20, 2024 at 09:24AM

via Instapaper

OPEN SOURCE OBSERVABILITY DAY

OPEN SOURCE OBSERVABILITY DAY October 24, 2024 Event starts in: 34 days 3 hours 32 sec + Add to Calendar 600+ Attendees 15+ Key Industry Experts 20+ Talks…

September 19, 2024 at 04:16PM

via Instapaper

Week Ending September 15, 2024

https://lwkd.info/2024/20240918

Developer News

You have nine days left to vote for the Steering Committee, and five days left to request an eligibility exception.

The first New Contributor Orientation in Europe/Asia time zones has been rescheduled to Thursday September 19th, 2024, at 1:30 PT / 8:30 UTC / 10:30 CET / 14:00 IST.

Cailyn Edwards is joining SIG-Security as co-Chair.

If you’re interested in sharing an unconference topic at the Kubernetes Contributor Summit, it’s time to add yours to the list

Release Schedule

Next Deadline: Production Readiness Freeze, October 3

The release team is collecting Enhancements for tracking in 1.32. They will need to be ready for PRR on October 3 and Enhancements freeze a week later.

KEP of the Week

KEP 3960: Introducing Sleep Action for PreStop Hook

This KEP proposes to add a “sleep” action for the Pod Lifecycle’s PreStop and PostStart hooks. Before this KEP, for achieving the same result, users had to use the exec action and run the sleep command inside it. This required you to have a binary for the sleep command inside your image. Since this is a common usecase, this KEP proposed adding the sleep action as a first class citizen.

This KEP is targeting stable in the upcoming v1.32 release.

Other Merges

Allow Relaxed DNS search string validation per KEP-4427, a first-time feature contribution from Adrian Moisey

Contextually log client-go request and response with code locations

kubelet: add log and event for cgroup v2 with kernel older than 5.8

Proper request context for accessing the RBAC etcd registry replacing context.TODO()

Speed up Job controller, cutting response times by 99%, and double the speed of the event delete handler

Update CEL and its tests to be current for 1.32

Evaluate allow-metrics-labels while initializing metrics; can cause some to show up as “unexpected”

Keep the ImageVolume source for existing pods even if the feature gate is disabled while updating

kubeadm: handle bad subcommands more consistently, add activeDeadlineSeconds

Reregister kubelet plugins successfully on Windows

Add a couple new metrics to measure Event handling and a test case

Fix a bug that prevented reconciling large groups of Endpoints

Test Improvements: StorageFactory cohabiting

Deprecated

Remove some deprecated upgrade flags from kubeadm 1.32

GA Feature Gates removal: NodeOutOfServiceVolumeDetach, MinDomainsInPodTopologySpread, NewVolumeManagerReconstruction

Replace old json newSerializers with current NewSerializerWithOptions()

Version Updates

go.mod to go 1.23

etcd client to 3.5.16

via Last Week in Kubernetes Development https://lwkd.info/

September 18, 2024 at 06:00PM

Valkey 8.0 rides high at Open Source Summit in Vienna

The Linux Foundation put Valkey centre stage at the Open Source Summit Europe this week, as the Redis fork hit its first full-digit release. Redis switched the…

September 18, 2024 at 01:47PM

via Instapaper

Open Source Summit Vienna 2024 | Notes In The Margin

This week I’ve been in Vienna for Open Source Summit EU. I’ve been attending this event for many years, and it’s always valuable in many ways. A lot of that…

September 18, 2024 at 10:46AM

via Instapaper

Stargazers · opencost/opencost

OpenCost — your favorite open source cost monitoring tool for Kubernetes and cloud spend OpenCost give teams visibility into current and historical Kubernetes…

September 17, 2024 at 01:27PM

via Instapaper

Configure ArgoCD, Prometheus, Grafana & AWS Load Balancer Controller on EKS Cluster using Terraform

Demonstration GitHub Repository used in this demonstration- https://github.com/AmanPathak-DevOps/EKS-ArgoCD-AWS-LB-Controller-Terraform/tree/master So, I have…

September 17, 2024 at 12:33PM

via Instapaper

Prometheus 3.0 Beta Released | Prometheus

The Prometheus Team is proud to announce the availability of Prometheus Version 3.0-beta! You can download it here. As is traditional with a beta release, we do…

September 17, 2024 at 12:29PM

via Instapaper

Tortoise: outpacing the optimization challenges in Kubernetes, with Kensei Nakada

https://kube.fm/tortoise-kensei

In this KubeFM episode, Kensei Kanada discusses Tortoise, an open-source project he developed at Mercari to tackle Kubernetes resource optimization challenges. He explains the limitations of existing solutions like Horizontal Pod Autoscaler (HPA) and Vertical Pod Autoscaler (VPA), and how Tortoise aims to provide a more comprehensive and automated approach to resource management in Kubernetes clusters.

You will learn:

The complexities of resource optimization in Kubernetes, including the challenges of managing HPA, VPA, and manual tuning of resource requests and limits

How Tortoise automates resource optimization by replacing HPA and VPA, reducing the need for manual intervention and continuous tuning

The technical implementation of Tortoise, including its use of Custom Resource Definitions (CRDs) and how it interacts with existing Kubernetes components

Strategies for adopting and migrating to new tools like Tortoise in a large-scale Kubernetes environment

Sponsor

This episode is sponsored by Learnk8s — estimate the perfect cluster node with the Kubernetes Instance Calculator

More info

Find all the links and info for this episode here: https://kube.fm/tortoise-kensei

Interested in sponsoring an episode? Learn more.

via KubeFM https://kube.fm

September 17, 2024 at 06:00AM

AWS brings OpenSearch under the Linux Foundation umbrella | TechCrunch

Enterprise 12:01 AM PDT • September 16, 2024 Image Credits: Derick Hudson / Getty Images AWS today announced that it is transitioning OpenSearch, its open…

September 16, 2024 at 03:39PM

via Instapaper

Local sheriff: ‘Write down all the addresses’ of Kamala supporters

PORTAGE COUNTY, Ohio (WJW) – A local sheriff is making headlines after a controversial social media post. In a post on Saturday from the sheriff’s Facebook…

September 16, 2024 at 03:07PM

via Instapaper

Stop Losing Requests! Learn Graceful Shutdown Techniques

In this video, we dive into the importance of graceful shutdowns for applications, whether running locally, in Docker containers, or Kubernetes clusters. Learn how to handle SIGTERM and SIGINT signals to ensure your app completes ongoing requests before shutting down. We'll show step-by-step how to implement signal handling for smooth shutdowns. Perfect for developers looking to enhance their app's reliability and user experience during upgrades or failures. Watch now to master graceful shutdowns across different environments!

GracefulShutdown #SignalHandling #Docker #Kubernetes

Consider joining the channel: https://www.youtube.com/c/devopstoolkit/join

▬▬▬▬▬▬ 🔗 Additional Info 🔗 ▬▬▬▬▬▬ ➡ Transcript and commands: https://devopstoolkit.live/containers/stop-losing-requests-learn-graceful-shutdown-techniques 🎬 Master Terminal Multiplexing with Zellij in Minutes!: https://youtu.be/ZndhImXIGlg 🎬 Is Timoni With CUE a Helm Replacement?: https://youtu.be/bbE1BFCs548

▬▬▬▬▬▬ 💰 Sponsorships 💰 ▬▬▬▬▬▬ If you are interested in sponsoring this channel, please visit https://devopstoolkit.live/sponsor for more information. Alternatively, feel free to contact me over Twitter or LinkedIn (see below).

▬▬▬▬▬▬ 👋 Contact me 👋 ▬▬▬▬▬▬ ➡ Twitter: https://twitter.com/vfarcic ➡ LinkedIn: https://www.linkedin.com/in/viktorfarcic/

▬▬▬▬▬▬ 🚀 Other Channels 🚀 ▬▬▬▬▬▬ 🎤 Podcast: https://www.devopsparadox.com/ 💬 Live streams: https://www.youtube.com/c/DevOpsParadox

▬▬▬▬▬▬ ⏱ Timecodes ⏱ ▬▬▬▬▬▬ 00:00 Introduction to Graceful Shutdown 02:45 Graceful Shut Down of Applications Running Locally 07:43 Graceful Shut Down of Docker Containers 11:13 Graceful Shut Down of Kubernetes Pods

via YouTube https://www.youtube.com/watch?v=eQPYsGrZW_E