Author: Sascha Grunert The Kubernetes Special
Interest Group (SIG) Release is proud to announce that we are
digitally signing all release artifacts, and that this aspect of
Kubernetes has now reached beta. Signing artifacts
provides end users a chance to verify the integrity of the
downloaded resource.It allows to mitigate man-in-the-middle attacks
directly on the client side and therefore ensures the trustfulness
of the remote serving the artifacts.The overall goal of out past
work was to define the used tooling for signing all Kubernetes
related artifacts as well as
Authors:Kubernetes 1.26 Release Team It's with immense
joy that we announce the release of Kubernetes v1.26! This release
includes a total of 37 enhancements:eleven of them are graduating
to Stable, ten are graduating to Beta, and sixteen of them are
entering Alpha.We also have twelve features being deprecated or
removed, three of which we better detail in this announcement.
Release theme and logo
Kubernetes 1.26:Electrifying
The theme for Kubernetes v1.26 is Electrifying.
Authors: Adrian Reber (Red Hat) Forensic container
checkpointing is based on Checkpoint/Restore In
Userspace (CRIU) and allows the creation of stateful copies of
a running container without the container knowing that it is being
checkpointed.The copy of the container can be analyzed and restored
in a sandbox environment multiple times without the original
container being aware of it.Forensic container checkpointing was
introduced as an alpha feature in Kubernetes v1.25.
How does it work?
With the help of CRIU it is possible to checkpoint and restore
containers.CRIU is integrated
Authors: Sascha Grunert Debugging software in
production is one of the biggest challenges we have to face in our
containerized environments.Being able to understand the impact of
the available security options, especially when it comes to
configuring our deployments, is one of the key aspects to make the
default security in Kubernetes stronger.We have all those logging,
tracing and metrics data already at hand, but how do we assemble
the information they provide into something human readable and
actionable? Seccomp
is one of the standard mechanisms to protect a Linux
Authors: Sascha Grunert When speaking about
observability in the cloud native space, then probably everyone
will mention OpenTelemetry (OTEL) at some point in the
conversation.That's great, because the community needs standards to
rely on for developing all cluster components into the same
direction.OpenTelemetry enables us to combine logs, metrics, traces
and other contextual information (called baggage) into a single
resource.Cluster administrators or software engineers can use this
resource to get a viewport about what is going on in the cluster
over a defined period of time.But how can Kubernetes
