There are many opinions out there about what your organization must do — or buy — to make sure container environments are secure. View in browser »

ISSUE 190: Integrating Kubernetes

“The bad part of this is that you now must choose: performance or security. And that is not a good option anybody wants to make.”

___
Linux kernel maintainer Greg Kroah-Hartman, about the fixes for the recent proliferation of hardware-based vulnerabilities.

Survey Shows How Developers and Their Employers Measure Good Open Source Citizenship. Is a company a good citizen of open source communities or guilty of “openwashing”? The question gets asked almost anytime a corporation markets a product as open source or announces that software has been open sourced. Along with The Linux Foundation’s TODO Group and VMware, The New Stack has conducted research about open source in the enterprise that provides data and a framework to answer the question.

The study identifies corporate contributions, collaboration with others, and leadership as key metrics of open source citizenship. It then gauges how the community views 11 companies’ open source citizenship, according to these metrics. With this data in hand, we show how respondents’ own employers measure up to these benchmarks. Below are several key findings and the complete analysis is available on The New Stack’s website.

Google’s open source brand is stronger than its peers.
Compared to all respondents, the most active upstream contributors view Microsoft and Intel more positively; the opposite is true for AWS.
Companies deeply involved with the community make buying decisions that are significantly influenced by a vendor’s open source citizenship.
Large tech companies are most likely to be actively involved in open source ecosystems; 75% contribute to projects upstream, compared to 41% for the overall study.

There are many opinions out there about what your organization must do — or buy — to make sure container environments are secure. But taking a step back, containers stand on the shoulders of open source, and the security and compliance processes that teams have learned during the past decades remain applicable in many instances.

At the same time, container security has its own set of rules and best practices that are often less than apparent. Worse still, much of the confusion around open source security remains, further compounding the challenges.

“If I look at the container environment, we’re kind of back in the bad old days where the container Docker file may have a license, but almost always it is not the license for all of the software that is included in the container, which usually contains many components,” Dirk Hohndel, vice president and chief open source officer at VMware, said. The quintessential question, Hohndel says, is how do you find secure containers and “ensure that the one that you have is actually secure?”

In this latest episode of The New Stack Makers podcast, host Alex Williams discusses the status of compliance and security now that containers are becoming such a core part of open infrastructure. He is joined by VMware’s Hohndel and Andrew Wilson, a long-time chief open source compliance officer at Intel.

Integrating Kubernetes

What are the next steps for Kubernetes? That is the big question for the Cloud Native Computing Foundation. The technology has caught the minds of our brightest computer engineers, but it is a platform, some say a platform of platforms, in fact. So to get the most from this open source technology, an organization should plan on system-wide buy in.

Not surprisingly, one of the themes for this year’s KubeCon + CloudNativeCon will be how the enterprise can adopt Kubernetes. In our thinking, at any rate, this means integration. It’d be pretty safe to say at this point there isn’t a company in the world that is not using any software in the world. Which means everyone has system software of some sort, and much of it could even be termed “legacy software.” The question is how do you put this legacy software in a cloud native environment. That’s the question on the table. On the Kubernetes table.

This week, we’ve done a lot of coverage around two projects that tackle this very issue of integration with Kubernetes. One project is the Open Application Model (OAM), which aims to allow developers to build out microservices in a uniform repeatable fashion. What does this have to do with Kubernetes? Well, the first implementation of OAM is Rudr, which is built for Kubernetes. If you want to see OAM and Rudr in action, check out Janakiram MSV’s awesome tutorial on mapping an existing application (such as the one in your office) to Rudr so it can be run on Kubernetes.

Over the next few months, we’ll be closely examining such Kubernetes integrations, and if you have any tools or lessons along these lines, be sure to track us down, either here at TheNewStack.io or at KubeCon + CloudNativeCon.

New Cryptojacking Worm Found in Docker Containers

A new cryptojacking worm, named Graboid, has been spread into more than 2,000 Docker hosts, according to the Unit 42 researchers from Palo Alto Networks. This is the first time such a piece of malware has spread via containers within the Docker Engine — specifically docker-ce.

How to Create and Destroy ZFS Snapshots on Ubuntu 19.10

Ubuntu 19.10 has officially arrived and it brings along with it a number of really exciting features. Although the majority of those new options target desktop users, there is one particularly exciting feature that will benefit both desktop and server users. That feature is ZFS support. First developed by Sun Microsystems for its Solaris Unix distro, ZFS is a combination 128-bit file system and logical volume manager.

Party Circuit: Pivotal SpringOne Platform Finds Harmony in Austin

In case you haven’t noticed, we’ve been sending our ace photographer Norris Deajon out to cover the parties to all the conferences we’ve been attending, as a record of the good times and new friendships from such events. If you see him at the next gig we are at, say hello and get your own posse recorded for posterity on thenewstack.io. Here, we have all the beautiful tech people who were at SpringOne Platform conference in Austin last month.

The Pivotal team at All Things Open, including (left to right) Michael Krumpe, Tom McDonald and Shishir Amin, spoke to how they’re tying open source to the enterprise.

NOV. 19-20, // SAN DIEGO, CALIFORNIA @ SAN DIEGO CONVENTION CENTER

KubeCon + CloudNativeCon

The New Stack is bringing back the microphones and the cameras to interview the engineering talent of the cloud native world. Let’s talk at-scale development and deployment — KubeCon style. Register now!

The New Stack Makers podcast is available on:

SoundCloud — Fireside.fm — Pocket Casts — Stitcher — Apple Podcasts — Overcast — Spotify — TuneIn

Technologists building and managing new stack architectures join us for short conversations at conferences out on the tech conference circuit. These are the people defining how applications are developed and managed at scale.

How should developers connect cloud native workloads to storage? The New Stack’s ebook on cloud native storage takes this question to industry experts who are approaching the problem from three different perspectives: cloud native storage vendors, traditional storage vendors and the big-three cloud providers.

In this 48-page ebook, developers and DevOps professionals will learn:

Best practices and patterns for handling state in cloud native applications.
The storage attributes and data needs you should consider up front.
Storage options for containerized applications running in a microservices architecture on Kubernetes.
How operations roles change as developers gain the ability to provision storage.
And more.

Download Ebook

We are grateful for the support of our exclusive ebook sponsor: