Kubernetes 1.24 is the first scheduled release of 2022. Running from Monday 10th January through our expected release date of Tuesday 19th April, it will represent months of work from all across the community to deliver new features to Kubernetes users. From quality-of-life improvements, to major new features, to the removal of major deprecations. Kubernetes is integral to our work at Jetstack. Our products are built on it, and as a Senior Solutions Engineer I work with Kubernetes day-to-day with our clients ..read more

A year after the SolarWinds Sunburst hack we have Log4Shell. Both of these incidents have affected a multitude of organisations, often in very serious ways. There are many lessons to learn from both incidents but this post focuses on three which concern how organisations consume open source software. Be more Unix When developing libraries or frameworks and considering what features to add, be more like Unix than Windows. In other words: do one thing and do it well ..read more

Public Key Infrastructure (PKI) is the unsung hero of cybersecurity. For most people, the term cybersecurity will immediately evoke images of holograms, retina scanners and multi-touch devices. A tech ensemble that wouldn’t look out of place in Q’s workshop, the Minority Report, or even the Pentagon. And to some degree that’s a somewhat valid view. There are many different types of cybersecurity, however, most would be surprised to learn that one of the most effective forms of cybersecurity isn’t remedatory, but is concerned with how digital entities establish secure connections in the first-p ..read more

Jetstack Secure now provides hardened FIPS 140-2 compliant versions of cert-manager and add-ons for deployment into secure environments to meet US Government agencies requirements for information security and processing using only FIPS validated cryptographic modules. Jetstack has closely followed these requirements and maintains compliant versions of cert-manager which is now available for Jetstack Secure customers. cert-manager FIPS compliant requirements FIPS (Federal Information Processing Standards) is a set of security standards issued by National Institute of Standards (NIST) aimed at r ..read more

So you (like myself) have been undergoing a perilous voyage through the landscape of cloud-native and container technologies. Mind boggling isn’t it? Maybe you’ve explored the world of ingress controllers with NGINX, or monitoring and observability with Prometheus and Grafana. You might have even become comfortable enough to deploy your own application as a Kubernetes deployment, and hook it up to a service and ingress for public access. Maybe you’ve done a couple of or none of these things, it doesn’t matter. You are here to get an answer to a question that has left you quaking in your boots ..read more

Kubernetes 1.22 was recently released and the steady march towards deprecating the docker shim progresses. On-premise cluster admins may be a bit daunted by the task of migrating to a new container runtime, but fear not! We recently helped a client through the process and wanted to share our findings to help make the migration easier for everyone. Preparations Before you start re-adding nodes to the cluster, it’d be wise to set the kubelet-config configmap to use the systemd cgroup driver ..read more

The Ingress API is a good example of the API standardization that Kubernetes offers. Many cloud-native components, such as ExternalDNS, Traefik and cert-manager, integrate with the Ingress API, leading to a consistent experience. Over time, the limitations of the Ingress API have led to the creation of various ad-hoc CRDs that aim at offering a better abstraction. Istio’s VirtualService CRD is one such example, and each proxy or service mesh creates its own ..read more

The cert-manager maintainers at Jetstack are proud to announce the release of cert-manager 1.5. This release coincides with the recent release of Kubernetes v1.22, and supports every version down to and including Kubernetes 1.16, which includes Openshift Container Platform 4.3 - 4.8 ..read more

In November last year we announced cert-manager integration with the new Google Certificate Authority Service (CAS) that was in public preview. Google has now announced General Availability (GA) of its CAS which provides: Private CAs “as a service” for internal workloads (as opposed to something like Let’s Encrypt where the certificates will be public) Automation and auditing Secure storage of CA keys, as Google CAS leverages HSMs that are FIPS 140-2 Level 3 validated The most recent announcement from Google on their CAS being fully available adds yet more capability to cert-manager and extend ..read more

We are very excited to announce the launch of Jetstack Secure for cert-manager on Google Cloud Marketplace. This is the easiest way for any organisation using GKE to deploy Jetstack Secure directly to their Kubernetes environment and build an instant view across all clusters, using cert-manager to manage certificate lifecycles with their preferred private or public CAs. Enterprises deploying cloud native infrastructure are increasingly using cert-manager as their preferred open source cloud-agnostic solution to automate X ..read more