Operations | Monitoring | ITSM | DevOps | Cloud

Kubernetes resource limits are always a tricky setting to tweak, since you have to find the sweet spot between having the limits too tight or too loose. In this article, which is a continuation of the Kubernetes capacity planning series, you’ll learn how to set the right Kubernetes resource limits: from detecting the containers without any limit, to finding the right Kubernetes resource limits you should set in your cluster.

Since it first appeared in June 2014, Kubernetes has become something of a household name, at least in houses developers live in. The open source container orchestration platform makes challenges like load balancing, secret management, and portability a cinch and makes it easy to orchestrate large, highly scalable and distributed systems.

Calico is the industry standard for Kubernetes networking and security. It offers a proven platform for your workloads across a huge range of environments, including cloud, hybrid, and on-premises. Given this incredibly wide support, why did we decide to create a course specifically about AWS?

Introduction Since its introduction in 2014, Kubernetes has become the de-facto standard for deploying and scaling containers for cloud deployments and on-premises environments. Initially, it required a DevOps/SRE team to build, deploy, and maintain the Kubernetes deployment in the cloud. Now, all major cloud vendors provide a managed Kubernetes offering, freeing up teams to focus on managing and scaling the application instead of the infrastructure.

Elastic Cloud on Kubernetes (ECK) is an easy way to get the Elastic Stack up and running on top of Kubernetes. That’s because ECK automates the deployment, provisioning, management, and setup of Elasticsearch, Kibana, Beats, and more. As logging and metric data — or time series data — has a predictable lifespan, you can use hot, warm, and cold architecture to easily manage your data over time as it ages and becomes less relevant.

Yesterday, my morning started much like most Tuesday mornings do for me... my kids (6 and 4) were up way too early again at around 6am! Both were demanding I play with them before they head to school. I did my usual and said "give me five minutes" as I tried to wake up after another night of going to sleep after midnight... one day I should really learn to go to bed earlier, now that I have kids! But this morning was different. I started to wake from my dazed state and reached for my phone.

We recently released the automated Falco rule tuning feature in Sysdig Secure. Out-of-the-box security rules are a double-edged sword. On one side, they allow you to get started right away. On the other, it can take many working hours to learn the technology, configuration, and syntax to be able to customize the rules to fit your applications. Falco’s default security rules are no different.

In a recent post by ZDI, researchers found an out-of-bounds access flaw (CVE-2021-31440) in the Linux kernel’s (5.11.15) implementation of the eBPF code verifier: an incorrect register bounds calculation occurs while checking unsigned 32-bit instructions in an eBPF program. The flaw can be leveraged to escalate privileges and execute arbitrary code in the context of the kernel.

Kubernetes just turned 7 years old, and over the last couple of years, it has risen in popularity to be the key platform for microservices management consistently. The ecosystem around it is also growing rapidly.