Posts for: #devops

K3s Unveils New Version v1.28.2+k3s1

K3s, the lightweight Kubernetes distribution, has released version v1.28.2+k3s1. This update brings several improvements and bug fixes to the platform.

One of the key changes in this release is the update of Kubernetes to version v1.28.2. Some other notable changes in this release include the update of Kine to version v0.10.3, as well as updates to embedded components like containerd, stargz-snapshotter plugin, and more.

For a full list of changes and details on what’s new, users can refer to the Kubernetes release notes.

For more information, see release notes K3s.

Introducing OpenTofu: The Linux Foundation’s Open Source Alternative to Terraform

The Linux Foundation has announced the launch of OpenTofu, an open-source alternative to Terraform’s infrastructure as code provisioning tool. OpenTofu was created in response to Terraform’s recent license change, which raised concerns within the open-source community. OpenTofu is community-driven, impartial, layered, modular, and backward-compatible. It has received support from industry leaders and has formal pledges from over 140 organizations and 600 individuals. The Linux Foundation emphasizes the importance of open collaboration and innovation in the infrastructure as code field.

OpenTofu aims to be a reliable, accessible, and truly open-source solution.

Source: Linux Foundation.

Kubernetes 1.28: Enhancing Security

Kubernetes 1.28 introduces several security enhancements to improve the user experience and address the evolving needs of its users. The enhancements include the use of CEL-based admission policies and webhook match conditions, reduction of secret-based service account tokens, ensuring secure image pulling, container image signature handling based on sigstore, KMS v2 improvements, and an Auth API to get self-user attributes. These enhancements provide better security, performance, and management of Kubernetes clusters, ensuring that only verified and secure images are used and that sensitive data remains encrypted. As Kubernetes becomes more essential, these enhancements play a critical role in ensuring the security and reliability of container orchestration platforms.

Source: CNCF Blog.

Secure Your Container and Other Deployments with Ubuntu Server Hardening

The New Stack has posted a guide on how to harden n Ubuntu server. Ubuntu is a popular choice for container deployments, but many admins and DevOps teams overlook the importance of securing the operating system itself. The article provides a guide to hardening Ubuntu to ensure a secure foundation for deployments. The steps include:

  1. Schedule regular upgrades to ensure the server is patched against the latest threats.

  2. Change sudo and SSH settings.

  3. Install and configure fail2ban to automatically ban IP addresses that attempt to compromise the server via SSH.

  4. Secure shared memory by mounting /run/shm with certain privileges.

  5. Enable and configure the Uncomplicated Firewall (UFW) and allow SSH connections.

By following these steps, admins and DevOps teams can significantly enhance the security of their Ubuntu Server deployments. Head over to The New Stack and read the guide!

Source: The New Stack.