- runC exploit CVE. Step one, read up on it here. I would read up on the Kubernetes implications here. If you’re a PKS customer – it’s already fixed (keep those pipelines cranking!). I don’t know if it’s just me (someone has to have empirical data on this), but it seems like container/k8s serious CVEs are coming faster. If anyone has data – share it. I don’t think more CVEs are intrinsically bad – it may be a reflection of the ever-increasing use of containers and K8s. Even more generally, CVEs are not bad… unless updating is hard for you. This is why making platform updates easy is such an important north star for the PKS efforts at VMware/Pivotal. Its also notable that using PSPs to harden K8s vs. defaults is something we do, and one of the biggest items in the PKS 1.4 backlog is a more comprehensive enterprise-ready (read policy controlled, enforceable, and that exposes telemetry) way of handling PSPs via the admission controller. The other place that I think it’s interesting how our philosophy about “secure by default” platform models is on Pivotal Application Service. It is one of the most widely used platforms in the enterprise FT500 that has a container engine in it’s bowels. @dbbaskette did a great post on this runC CVE and PAS here. Strongly suggested reading!
- PKS 1.2.x and 1.3.x updates. PKS 1.2.9 and 1.3.2 are now posted (here). We needed to fix a problem where the components sharing a common CA could represent a vulnerability. Upgrading is recommended (1.3.2 that also closes the runC CVE). Did I mention how important it is to think of continuous delivery and platform updates as an imperative?
- VMware PKS Competency is now live! This is a freakin’ big deal. It will take time to fully ramp – but the VMware parnter ecosystem is MASSIVE. They are trusted by their customers at Software Defined infrastructure and much more. They provide reach, and local love and touch to their customers in turn. PKS is now ready for more scale – it’s only 12 months old (birthday party next week!). If you’re a VMware partner – start here. If you’re a Pivotal partner (often also VMware partners) that is not only building developer-ready infrastructure, but tackling the challenges of modern software patterns ON K8s – start here. I think partners have ~one year – no more – to lead here before everyone and all partners pile in. It’s a great opportunity to not only help their customers – but differentiate above the noise.
- Prometheus and Graphana PKS visibility into PKS clusters. The frequency where our customers are using the CNCF ecosystem on PKS is nearly a 1.0 correlation, and that certainly applies here. There’s some code here to help you get visibility into PKS using Prometheus and Graphana here. Of course, there’s amazing integration with VMware vRealize Suite and Wavefront out of the box – but we are, and always will be open!
- Making great things more things more simple.
- We’re furiously working to curate and harden developer value on top of K8s. I think we all need to agree, when someone says “developers want containers, and developers want K8s” – we need to step away from that someone slowly. They are a better infra abstraction than any other infra-layer abstraction for modern applications – but they are NOT what developers want. They want platforms, and in the immortal words of @kelseyhightower – Kubernetes is a platform for building platforms – it’s not the end game, it’s the start. Expect a TON from us this year. Knative is but ONE area (work on open buildpacks, the open service broker, deeper Spring integration, and much more). Some GREAT code examples so you can start to hack and learn here. If you want a great perspective on why the journey starts, but doesn’t end with K8s, there’s a great post on this from @rseroter here.
- Updated VMware Validated Design for PKS on VMware Cloud Foundation here. VVD work on PAS and PKS is always ongoing. We’ll keep these cranking – and it’s
- Updated Pivotal Validated Design for PCF (PAS+PKS) on VxRail. You can get this here: https://pivotal.io/pivotal-ready-architecture This reference architecture will ALWAYS be in lock step with our Dell Tech level Hybrid Cloud strategy and product roadmap. BTW – this is linked work to #2.
- PKS CLI autocomplete (a “hello world” for @tybritten – welcome to the team Tyler!): https://github.com/tybritten/pks-zsh-autocomplete-pluin
Have fun, keep learning, and keep sharing!!