Not rendering correctly? View this email as a web page here.

🚨Kubernetes Vulnerabilities! 🚨(And Going Deep on Deployments)

Hey there,

This week we bring you a breakdown of the recently discovered K8s security vulnerabilities, what caused them, and what to do to fix it. Check it out and let us know what you think (after you fix it of course!). 

We have a BIG announcement in the works - look for it in next week's newsletter!

Check Out our latest article

deployment

Kubernetes Deployments 101

Why use a Kubernetes Deployment? In another article, we discussed Kubernetes ReplicaSets. ReplicaSets, however, have one major drawback: once you select the pods that are managed by a ReplicaSet, you cannot change their pod templates. So for example, if you are using a ReplicaSet to deploy four pods with NodeJS running and you want to change the NodeJS image to a newer version, you need to delete the ReplicaSet and recreate it. Restarting the pods causes downtime till the images are available and the pods are running again.

kubernetes statefulsets illustration-1

Kubernetes StatefulSets 101

The difference between a Statefulset and a Deployment. A Statefulset is a Kubernetes controller that is used to manage and maintain one or more Pods. However, so do other controllers like ReplicaSets and, the more robust, Deployments. So what does Kubernetes use StatefulSets for? To answer this question, we need to discuss stateless versus stateful applications.

 

From the Community


As always, a selection of cool stuff we've found in the larger K8s community - exciting news, updates, releases, vulnerabilities and more. If there is something you want us to include in a newsletter please send it to weekly@magalix.com


Weighing the Cost of Improper DevSecOps

Not adapting security automation and vulnerability scanning into development pipelines could have a drastic effect not only on cost but workload efficiency and team morale. With these sorts of headaches, it’s vital to consider the repercussions for not adopting secure (and lean) armaments and auditing procedures.

Can organizations adopt DevSecOps beyond the buzzword it has become? In this article, we’ll uncover some startling evidence on the state of Kubernetes vulnerabilities and discuss what companies can do to rectify.

Read more...


Non-root containers, Kubernetes CVE-2019-11245 and why you should care

On May 31st, the Kubernetes Product Security Committee announced a security regression in Kubernetes for which they had assigned CVE-2019-11245. The problem caused containers that use images which are supposed to run with a non root user to run as root, on the second time they are used or upon restart of the container.
Before elaborating on this particular security issue, let’s first clarify why running a program as root in a container is even a concern at all.

Read more...


Sysdig Injects More AI into Container Security

At the Black Hat USA conference, Sysdig today announced it has extended the capabilities of Sysdig Secure to include runtime profiling and anomaly detection enabled by machine learning algorithms with Kubernetes environments.
At the same time, Sysdig unveiled Falco Rule Builder, a more flexible user interface (UI) for creating runtime security policies, which integrates tightly with Sysdig Secure.

Read more...


How AI Solves the Kubernetes Complexity Conundrum

Kubernetes has certainly earned its reputation as a pivotal part in enterprise IT’s shift from yesterday’s monoliths to today’s more dynamic microservices, containers and multi-cloud infrastructures.

Read more...


For more details about magalix agent:

Magalix agent repo github_PNG58

Magalix agent at GCP Marketplace Untitled-2