[Podcast] PodCTL #45 – Container Registries

[Podcast] PodCTL #45 - Container Registries

This week is the One Year Anniversary of the PodCTL podcast! We’ve now got a few teeth coming in and we’re ready for the terrible twos. This week we dug into the role of Container Registries and how they interact with both Kubernetes, but also CI/CD pipelines and security systems (e.g. scanning, image signing, etc.). […]

Read More...

Aporeto Security and Red Hat OpenShift in Action

In our last blog, we discussed why cloud-native security requires strong application identity. In this short video, we demonstrate how Aporeto integrates with Red Hat OpenShift and leverages the platform’s native capabilities to extract application identity metadata to enforce security. Aporeto enforces security uniformly in hybrid and multi-cloud environments and abstracts away the complexities of […]

Read More...

Promoting container images between registries with skopeo

OpenShift admins choose different architectures for their installations, but many use two discrete clusters to physically divide development and testing workloads from production deployments. We recommend having some Continuous Integration (CI) process in nearly every development scenario, to orchestrate the lifecycle of applications from the initial commit all the way into production. Continuous Integration can […]

Read More...

[Podcast] PodCTL #44 – Looking at 3yrs of Kubernetes

[Podcast] PodCTL #44 - Looking at 3yrs of Kubernetes

With Kubernetes recently celebrating it’s 3rd anniversary, we thought it would be a good idea to look back at what has made the project successful, the growth of the ecosystem, the adoption by companies around the world, as well as areas where the market feels that there is still room for improvement. The show will […]

Read More...

Why Cloud-Native Security Requires Strong Application Identity

Why Cloud-Native Security Requires Strong Application Identity

Cloud-native applications are designed to take advantage of cloud frameworks and are composed of loosely-coupled services. Because of their architecture, they can run anywhere. All good, but how do you secure them? One may attempt to extend existing infrastructure security and segmentation techniques to the evolving cloud and microservices space, but this attempt simply ignores […]

Read More...

[Podcast] PodCTL #43 – Istio, Knative, and GoogleNEXT announcements

[Podcast] PodCTL #43 - Istio, Knative, and GoogleNEXT announcements

There are four main events each year where Kubernetes is front and center – KubeCon, OpenShift Commons Gathering, Red Hat Summit and GoogleNEXT. This past week Google and the open source communities made a number of Kubernetes-related announcements, which we reviewed and discussed on this week’s show. Those announcements included the GA of Istio 1.0, […]

Read More...

Challenges and Requirements for Container-Based Applications and Application Services

Challenges and Requirements for Container-Based Applications and Application Services

Enterprises using container-based applications require a scalable, battle-tested, and robust services fabric to deploy business-critical workloads in production environments. Services such as traffic management (load balancing within a cluster and across clusters/regions), service discovery, monitoring/analytics, and security are a critical component of an application deployment framework. This blog post provides an overview of the challenges […]

Read More...

Crictl Vs Podman

As people continue to adopt CRI-O as a new container runtime for Kubernetes I am hearing questions from administrators who are confused whether they should use Crictl or Podman to diagnose and understand what is going on in a Kubernetes node. This is not one or the other — these tools are complementary, and this […]

Read More...

[Podcast] PodCTL #42 – Kubernetes 1.11 Released

[Podcast] PodCTL #42 - Kubernetes 1.11 Released

Like clockwork, the Kubernetes community continues to release quarterly updates to the rapidly expanding project. With the 1.11 release, we see a number of new capabilities being added across a number of different domains – infrastructure services, scheduling services, routing services, storage services, and broader CRD versioning capabilities that will improve the ability to not […]

Read More...