Posts in 2023

  • Spotlight on SIG CLI

    By Arpit Agrawal | Thursday, July 20, 2023 in Blog

    In the world of Kubernetes, managing containerized applications at scale requires powerful and efficient tools. The command-line interface (CLI) is an integral part of any developer or operator’s toolkit, offering a convenient and flexible way to …

    Read more

  • Confidential Kubernetes: Use Confidential Virtual Machines and Enclaves to improve your cluster security

    By Fabian Kammel (Edgeless Systems), Mikko Ylinen (Intel), Tobin Feldman-Fitzthum (IBM) | Thursday, July 06, 2023 in Blog

    In this blog post, we will introduce the concept of Confidential Computing (CC) to improve any computing environment's security and privacy properties. Further, we will show how the Cloud-Native ecosystem, particularly Kubernetes, can benefit from …

    Read more

  • Verifying Container Image Signatures Within CRI Runtimes

    By Sascha Grunert | Thursday, June 29, 2023 in Blog

    The Kubernetes community has been signing their container image-based artifacts since release v1.24. While the graduation of the corresponding enhancement from alpha to beta in v1.26 introduced signatures for the binary artifacts, other projects …

    Read more

  • dl.k8s.io to adopt a Content Delivery Network

    By Arnaud Meukam (VMware), Hannah Aubry (Fastly), Frederico Muñoz (SAS Institute) | Friday, June 09, 2023 in Blog

    We're happy to announce that dl.k8s.io, home of the official Kubernetes binaries, will soon be powered by Fastly. Fastly is known for its high-performance content delivery network (CDN) designed to deliver content quickly and reliably around the …

    Read more

  • Using OCI artifacts to distribute security profiles for seccomp, SELinux and AppArmor

    By Sascha Grunert | Wednesday, May 24, 2023 in Blog

    The Security Profiles Operator (SPO) makes managing seccomp, SELinux and AppArmor profiles within Kubernetes easier than ever. It allows cluster administrators to define the profiles in a predefined custom resource YAML, which then gets distributed …

    Read more

  • Having fun with seccomp profiles on the edge

    By Sascha Grunert | Thursday, May 18, 2023 in Blog

    The Security Profiles Operator (SPO) is a feature-rich operator for Kubernetes to make managing seccomp, SELinux and AppArmor profiles easier than ever. Recording those profiles from scratch is one of the key features of this operator, which usually …

    Read more

  • Kubernetes 1.27: KMS V2 Moves to Beta

    By Anish Ramasekar, Mo Khan, Rita Zhang (Microsoft) | Tuesday, May 16, 2023 in Blog

    With Kubernetes 1.27, we (SIG Auth) are moving Key Management Service (KMS) v2 API to beta. What is KMS? One of the first things to consider when securing a Kubernetes cluster is encrypting etcd data at rest. KMS provides an interface for a provider …

    Read more

  • Kubernetes 1.27: updates on speeding up Pod startup

    By Paco Xu (DaoCloud), Sergey Kanzhelev (Google), Ruiwen Zhao (Google) | Monday, May 15, 2023 in Blog

    How can Pod start-up be accelerated on nodes in large clusters? This is a common issue that cluster administrators may face. This blog post focuses on methods to speed up pod start-up from the kubelet side. It does not involve the creation time of …

    Read more

  • Kubernetes 1.27: In-place Resource Resize for Kubernetes Pods (alpha)

    By Vinay Kulkarni (Kubescaler Labs) | Friday, May 12, 2023 in Blog

    If you have deployed Kubernetes pods with CPU and/or memory resources specified, you may have noticed that changing the resource values involves restarting the pod. This has been a disruptive operation for running workloads... until now. In …

    Read more

  • Kubernetes 1.27: Avoid Collisions Assigning Ports to NodePort Services

    By Xu Zhenglun (Alibaba) | Thursday, May 11, 2023 in Blog

    In Kubernetes, a Service can be used to provide a unified traffic endpoint for applications running on a set of Pods. Clients can use the virtual IP address (or VIP) provided by the Service for access, and Kubernetes provides load balancing for …

    Read more