In this article, we will dive into Kubernetes network monitoring and metrics, examining these concepts in detail and exploring how metrics in an application can be transformed into tangible, human-readable reports. The article will also include a step-by-step tutorial on how to enable Calico’s integration with Prometheus, a free and open-source CNCF project created for monitoring the cloud. By the end of the article, you will be able to create customized reports and graphical dashboards from the metrics that Calico publishes to get better insight into the inner workings of your cluster and its various components. In addition, you will have the fundamental knowledge of how these pieces can fit together to establish Kubernetes network monitoring for any environment.
The benefits offered by cloud computing and infrastructure as code, including scalability, easy distribution, and quick and flexible deployment, have caused cloud service adoption to skyrocket. But this rapid adoption requires checks and balances to ensure that cloud services are secure and running in their desired state. Furthermore, any security events and problems should be logged and reported for future examination.
Read our guide on Kubernetes logging: Approaches and best practices
In the past, traditional monitoring solutions such as Nagios Continue reading
There’s a lot of hype around both Kubernetes and edge computing, so it shouldn’t be a surprise that vendors and cloud providers are offering products and services that combine the two. But what is edge computing? And can you run Kubernetes at the edge?
The post Kubernetes At The Edge – Is It Really A Thing? appeared first on Packet Pushers.
USER namespaces power the functionality of our favorite tools such as docker, podman, and kubernetes. We wrote about Linux namespaces back in June and explained them like this:
Most of the namespaces are uncontroversial, like the UTS namespace which allows the host system to hide its hostname and time. Others are complex but straightforward - NET and NS (mount) namespaces are known to be hard to wrap your head around. Finally, there is this very special, very curious USER namespace. USER namespace is special since it allows the - typically unprivileged owner to operate as "root" inside it. It's a foundation to having tools like Docker to not operate as true root, and things like rootless containers.
Due to its nature, allowing unprivileged users access to USER namespace always carried a great security risk. With its help the unprivileged user can in fact run code that typically requires root. This code is often under-tested and buggy. Today we will look into one such case where USER namespaces are leveraged to exploit a kernel bug that can result in an unprivileged denial of service attack.
In 2019, we were exploring leveraging Linux Traffic Control's queue Continue reading
I decided to stop caring about IPv6 when the protocol became old enough to buy its own beer (now even in US), but its second-system effects keep coming back to haunt us. Here’s a question I got for the February 2023 ipSpace.net Design Clinic:
How can we do IPv6 networking in a small/medium enterprise if we’re using multiple ISPs and don’t have our own IPv6 Provider Independent IPv6 allocation. I’ve brainstormed this with people far more knowledgeable than me on IPv6, and listened to IPv6 Buzz episodes discussing it, but I still can’t figure it out.
I decided to stop caring about IPv6 when the protocol became old enough to buy its own beer (now even in US), but its second-system effects keep coming back to haunt us. Here’s a question I got for the February 2023 ipSpace.net Design Clinic:
How can we do IPv6 networking in a small/medium enterprise if we’re using multiple ISPs and don’t have our own IPv6 Provider Independent IPv6 allocation. I’ve brainstormed this with people far more knowledgeable than me on IPv6, and listened to IPv6 Buzz episodes discussing it, but I still can’t figure it out.
On today's Tech Bytes podcast we discuss security reconnaissance with sponsor Fortinet. We drill into FortiRecon, a service that can provide critical information, personalized for your organization, about potential threats to company assets, employees, and customers.
The post Tech Bytes: Fortinet’s FortiRecon Customizes Digital Risk Protection (Sponsored) appeared first on Packet Pushers.
If you recently updated your Mac to Ventura 13.1 or 13.2, and you had installed Wireshark previously, then you may be having some trouble. If you open Wireshark, you will likey see the message “You don’t have permission to capture on local interfaces” and “You can fix this by installing ChmodBPF“. Even after installing this […]
The post MacOS Ventura 13.1 Breaks Wireshark appeared first on Packet Pushers.
Take a Network Break! This week we discuss new capabilities in Juniper's Astra data center automation software; a major Microsoft outage that affected Outlook, Teams, and more; reports that Intel will discontinue selling the Tofino programmable ASIC; a heap of financial results; and more.
The post Network Break 415: WAN Update Severs Microsoft Cloud Services; Intel To Wind Down Network ASIC Biz appeared first on Packet Pushers.