Hybrid cloud infrastructures run critical business resources and are subject to some of the strictest network security controls. Irrespective of the industry and resource types, these controls broadly fall into three categories. Workloads (pods) running on Kubernetes are ephemeral in nature, and IP-based controls are no longer effective. The challenge is to enforce the organizational security controls on the workloads and Kubernetes nodes themselves.

You’re deploying Kubernetes, congratulations! This is an important first step toward a faster path to production. Your next step should be to download the new beta of VMware Tanzu Application Service. Better software does not add value unless it furthers an organization’s business goals, and regardless of what your organization’s business goals are, Kubernetes in combination with Tanzu Application Service will help you reach them.

The Kubernetes 1.19 release candidate is now available for download and experimentation ahead of general availability later this month. You can try it now with MicroK8s. To get the latest Kubernetes on your machine, install MicroK8s and get a lightweight, zero-ops K8s cluster in no time: Or install from https://snapcraft.io/microk8s and select 1.19/candidate You can install MicroK8s on Ubuntu and all major Linux distributions or on Windows and macOS using native installers.

In the world of containers and Kubernetes, observability is crucial. Cluster administrators need visibility into the infrastructure and cluster operators need to know the status of their workloads at any given time. And in both cases, they need observability into moving objects. This is where Metricbeat and its autodiscover feature do the hard part for you.

In the pre-Kubernetes, pre-container world, backup and recovery solutions were generally implemented at the virtual machine (VM) level. That works for traditional applications when an application runs on a single VM. But when applications are containerized and managed with an orchestrator like Kubernetes, this system falls apart. That means effective disaster recovery (DR) plans for Kubernetes must be designed for containerized architectures and natively understand the way Kubernetes functions.

Discover what registry scanning is, how it helps with shifting security left, and how you can implement it using Harbor and Sysdig. Shifting security left is all about moving security to the earliest possible moment in the development process, dramatically improving “time to fix” and security impact. In this article, we’re going to show you how to shift left with Harbor registry and Sysdig Secure.

For our second community meetup we focussed on using Civo for CI/CD through GitOps and Github actions for cloud native application development This installment featured talks from our CTO Andy, our Developer Advocate Kai, and guest talks from community members Sam Weston and Johannes Tegnér. The talks touched on a wide variety of topics within CI/CD, from automating builds to monitoring and observability. Here's what was on the agenda...

During my career, I’ve taken part in many on-call rotations and post-mortems. The longest on-call rotation I’ve ever had — no breaks, vacations, or holidays — lasted for a whopping 2.5 years at Lucid Software. I’m jaded. I strongly prefer stability to tinkering with shiny new toys. Very few software engineers start this way, but enough of them make the transition after having been bit enough times by a bad release.

Logs, metrics and traces are the three pillars of the Observability world. The distributed tracing world, in particular, has seen a lot of innovation in recent months, with OpenTelemetry standardization and with Jaeger open source project graduating from the CNCF incubation. According to the recent DevOps Pulse report, Jaeger is used by over 30% of those practicing distributed tracing.

Microsegmentation is a security technique that is used to isolate workloads from one another. Microsegmentation limits the blast radius of a data breach by making network security more granular. Should a breach occur, the damage is confined to the affected segment. Application workloads have evolved over time – starting from bare metal, to a mix of on-prem and cloud virtual machines and containers.