VSHN.timer #97: Who Let The Pods Out?
Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.
This week we’re going to talk about useful tools to keep an eye on those thousands of pods running wild and free inside your clusters.
1. Outdated images are one of the most important sources of security issues in Kubernetes clusters. How can you make sure you’re always using the latest versions? Outdated is a kubectl
plugin that performs precisely this check for you.
2. Another common source for trouble in Kubernetes clusters comes from configuration errors. Popeye is a read-only scanner for running clusters, ensuring that you are applying all known best practices, and even reporting on resource under- and overuse.
Defense in depth against configuration errors is just as important as defense in depth from attacks.
— Phil Venables (@philvenables) June 13, 2021
3. Let us not stop at checking for outdated images or configuration errors; suspicious-pods also prints a list of pods in your Kubernetes cluster that might not be working correctly, together with the possible reason.
https://github.com/edrevo/suspicious-pods
4. Today’s Infrastructure as Code demands more static checks against configuration errors, to increase security, and make sure we’re using the best practices available. KICS does exactly that for Terraform, Kubernetes, Docker, Ansible, and many other systems.
5. To ensure high availability, load balancers inside clusters distribute requests among pods. But k8gb load balances traffic across geographically dispersed Kubernetes clusters, providing unprecedented reliability.
How many Kubernetes clusters do you manage? How do you make sure that you are always running with the latest security patches? Would you like to share some DevOps expert secrets with the community? Get in touch with us, and see you next week for another edition of VSHN.timer.
PS: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.
PS2: check out our previous VSHN.timer editions about Kubernetes: #4, #8, #11, #14, #16, #19, #23, #37, #46, #49, #59, #64, #74, and #82.