Operations | Monitoring | ITSM | DevOps | Cloud

Like pretty much every company in 2020, Civo has had to deal with some unexpected world events! To wrap up the year, I thought I'd put together some of the most significant developments in our company from a CTO's perspective, and how they will affect us looking forward into the next year.

CVE-2020-8554 is a vulnerability that particularly affects multi-tenant Kubernetes clusters. If a potential attacker can create or edit services and pods, then they may be able to intercept traffic from other pods or nodes in the cluster. An attacker that is able to create a ClusterIP service and set the spec.externalIPs field can intercept traffic to that IP. In addition, an attacker that can patch the status of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.

Welcome to another monthly update on what’s new from Sysdig. Our team continues to work hard to bring great new features to all of our customers, automatically and for free!

A few weeks ago a solution engineer discovered a critical flaw in Kubernetes architecture and design, and announced that a “security issue was discovered with Kubernetes affecting multi-tenant clusters. If a potential attacker can already create or edit services and pods, then they may be able to intercept traffic from other pods (or nodes) in the cluster.” If a hostile user can create a ClusterIP service and set the spec.externalIP field, they can intercept traffic to that IP.

Service Mesh is an emerging architecture pattern gaining traction today. Along with Kubernetes, Service Mesh can form a powerful platform which addresses the technical requirements that arise in a highly distributed environment typically found on a microservices cluster and/or service infrastructure. A Service Mesh is a dedicated infrastructure layer for facilitating service-to-service communications between microservices.

Have you ever wanted to try K3s high availability cluster “mode,” and you either did not have the minimum three “spare nodes” or the time required to set up the same amount of VMs? Then you are in for a good treat: meet k3d! If you’re not familiar with k3d, its name gives you a hint to what it’s all about: K3s in Docker.

Kubernetes has become the de-facto standard for deploying microservices and containerized applications. Still, there is a learning curve for a developer to get familiar with Kubernetes concepts and objects, how to write and manage the required YAML files, etc. While there is undoubtedly value in learning these concepts and tasks, I believe there is even greater value in getting your applications deployed faster and spending more time on your application code than on infrastructure-related objects.

This part 2 of a 3-part series on running ELK on Kubernetes with ECK. If you’re just getting started, make sure to checkout Part 1.