Operations | Monitoring | ITSM | DevOps | Cloud

Latest Videos

Master Class - PCI Compliance and Vulnerability Management for Kubernetes - 2020-05-05

This is the Rancher Master Class with NeuVector that was held on May 5, 2020. In it NeuVector talks about the challenges with PCI-DSS compliance when working with Kubernetes and presents strategies for securing containers and content, both using OSS tools and with their paid solutions.

Kubernetes Master Class - 2020-04-20 - Detecting Anomalous Kubernetes Activity with Falco

Even when processes are in place for vulnerability scanning and implementing pod security and network policies, not every risk will be addressed. You still need mechanisms to confirm these security barriers are effective and provide a last line of defense when they fail. In order to keep up with threats at runtime, an open-source based approach can help you stay up to date. In this Kubernetes Master Class, you will learn how to manage security risk at runtime in your RKE environments using Falco, a CNCF project for runtime security. Falco efficiently leverages Extended Berkeley Packet Filter (eBPF), a secure mechanism, to capture system calls and gain deep visibility. By adding Kubernetes application context and Kubernetes API audit events, teams can understand exactly who did what.

April 2020 Online Meetup: Hands On with Rancher 2 4 -- Take Hybrid Cloud Kubernetes to the Edge

Kubernetes enables a common compute platform across any infrastructure and a consistent set of infrastructure capabilities including improved reliability, enhanced security and increased operational efficiencies. But as organizations adopt Kubernetes, clusters are often deployed with limited access to shared tooling and services, inconsistent security policies and no centralized cluster operations. As a Kubernetes Management Platform, Rancher addresses the challenges of enterprises running multi-cluster Kubernetes on-premises, in the cloud and at the edge.

Kubernetes Master Class: Understanding and Implementing Service Mesh

Service mesh has developed a huge amount of excitement in the Kubernetes ecosystem. Istio is a service mesh tool built right into Rancher. Service mesh promises to add fault tolerance, canary rollouts, A/B testing, monitoring and metrics, tracing and observability, and authentication and authorization, eliminating the need for developers to instrument or write specific code to enable these capabilities. The goal is to let developers focus on their business logic and leave the rest to Kubernetes and Istio. But many users find it challenging to install, configure, monitor and manage their service mesh solution.

Kubernetes Master Class: Monitoring and Alerting with Prometheus & Grafana

Rancher users and operators can collect custom metrics, automate alerts, notifications, and actions, and create cluster and project-level dashboards. In this class, you'll learn how to setup alerts with Rancher and Prometheus Alert Manager to find problems in your clusters before there's an outage. You'll also learn to visualize metrics for Kubernetes and for your applications so you can gather new insights to your users' usage patterns and your applications' run-time behaviors.

Kubernetes Master Class: Deploy WordPress and MySQL without Data Loss

Applications such as WordPress or MySQL require the use of data persistence. It is common when deploying such applications to use a HostPath volume as it is agnostic from the platform. A HostPath volume shares the filesystem of the Host within the container making the data available between pod restarts. However, it ties the data to one node only, creating a single point of failure and restricting any kind of scalability. Kubernetes is not able to schedule the application in any other node even if it is unavailable. This leads to eventual data loss.

Kubernetes Master Class: Getting started with Pod Security Policies and best practices in Production

Kubernetes Pod Security Policies (PSPs) is an enforcement mechanism to ensure that Pods run only with the appropriate privileges and can solely access the appropriate resources. You can leverage them as a threat prevention mechanism by controlling Pod creation, and limiting the capabilities available to specific users, groups, or applications.