Kubernetes pods are the basic building blocks of Kubernetes. It's managing one or more tightly coupled application containers allowing them to share resources and networks. Pods are hosted on nodes, which are either physical or virtual machines. When defining a Pod we need to think not only about how much CPU or memory we want to assign to it but also about what would be the interaction between it and the underlying infrastructure.

Integrating Kubescape with 3rd party projects and DevOps tools is a strategic mission for us to enable you to extract more value out of Kubescape throughout the CI/CD pipeline, SDLC, and monitoring phases. We are happy to announce two significant integrations of Kubescape to leading Kubernetes open-source CI/CD tools.

One of the most used buzzwords in our industry is "single pane of glass". But what does it really mean? In most cases, it means a single dimension – either cross-infrastructure or cross-functionality or cross-organization. It usually never AND. Most likely, it's OR. So you will need to use multiple single-pane-of-glass products This led to an interesting discussion between us. Is it a single-pane for all the K8s clusters? Or single-pane for all the K8s security capabilities/functionalities?

ARMO's Kubescape is an open, transparent, single pane of glass for Kubernetes security, used by tens of thousands Tel Aviv - April 27, 2022 - ARMO, creators of the fast-growing Kubernetes open-source security project Kubescape, today announced $30M in funding for the first end-to-end open source Kubernetes security platform.

The first Kubernetes release of 2022 will be released on May 3rd. The new release, version 1.24, is full of enhancements, new features, and bug fixes. We’ve written this post so you can adjust your Kubernetes resources, update infrastructure, and smoothly migrate to the new version. We’ve also grouped the changes with their respective Special Interest Groups (SIGs), so that you can focus on the interrelated topics at once.

Security is crucial ‌for containerized applications that run on a shared infrastructure. With more and more organizations moving their container workloads to Kubernetes, K8s has become the go-to platform for container orchestration. And with this trend comes a growing number of ‌threats and new ways of attack that necessitate strengthening all layers of security. In Kubernetes, there are two aspects to security: cluster security and application security.

The ARMO Kubescape team has been busy lately… we have several new and improved features for you that we are very excited about. Based on the feedback and ideas we got from the amazing community, we worked hard to enhance Kubescape with better and deeper scanning capabilities, UI improvements, and a more friendly CLI version. We invite everyone to shape the Kubescape roadmap by giving us feedback and suggestions using git, discord, or mail.

Recently discovered vulnerability - CVE-2022-23648 - in containerd, a popular container runtime, allows especially containers to gain read-only access to files from the host machine. While general container isolation is expected to prevent such access, in Kubernetes, it is especially dangerous because well-known and highly sensitive files are stored in known locations on the host.

Kubernetes Ingress is one of today’s most important Kubernetes resources. First introduced in 2015, it achieved GA status in 2020. Its goal is to simplify and secure the routing mechanism of incoming traffic to your defined services. Ingress allows you to expose HTTP and HTTPS from outside the cluster to your services within the cluster by leveraging traffic routing rules you define while creating the Ingress.

In March 2022, NSA & CISA has issued a new version of the Kubernetes Hardening Guide – version 1.1. It updates the previous version that was released in August 2021. Kubernetes evolves fast, and Kubernetes adoption grows even quicker. Kubernetes has become a very popular target and therefore requires continuous enhancement of the protection measures.