Servers are expensive. And in single-application installations, most servers spend the majority of their time waiting. Making the most of these expensive assets led to virtualization, and making the most of virtualization has led to multiple options for virtualizing applications. VMware and Docker offer competing methods for virtualizing applications. Both technologies work to make the most of limited hardware resources, but they do so in significantly different ways.

Containers are fast becoming the defacto standard as a building block for creating and deploying applications. Containerization allows development teams to have consistent environments, cost optimizations, isolation, and versatility, in general. The open-source Containerd project is a critical component for the modern cloud-native containerized landscape, providing a runtime that is widely used in millions of applications every day.

In an attempt to jump on the Kubernetes bandwagon, more and more managed Kubernetes services are being introduced. In a previous post, we explored how to deploy a Kubernetes cluster on Amazon EKS. This time, we will cover the steps for performing a similar process, this time on Google’s Kubernetes Engine.

What an amazing first week! I’ve been marketing open source technologies for over 15 years. During that time, I’ve been involved in many new product releases. Nothing comes close to the response we’ve had from k3s – http://k3s.io. Judging by the incredible feedback (including over 4,500 GitHub stars in one week), the release of k3s appears to have landed at exactly the right time.

Just to recap, so far our ongoing series about the Istio service mesh we’ve talked about the benefits of using a service mesh, using Istio for application deployments and traffic management, and how Istio helps you achieve your security goals. In today’s installment, we’re going to dig further into monitoring, tracing, and service-level objectives.

Usually, when you hear us going on about labels here at Tigera, we are mentioning them as targets for selectors for network policies. As a review, you might have a policy that says, “things labeled customerDB=server should allow traffic on 6443 from things labeled customerDB=client” In this example, the labels identify a resource being produced or consumed.

Today we are very excited to announce our latest release — Sysdig Secure 2.3! In this version of Sysdig Secure, we have invested heavily in hardening the compliance posture of Kubernetes, Docker configurations, and container images. We have released a set of features that provide compliance focused image scanning, guided remediation, compliance dashboards, and more.