Introducing ReShifter for Kubernetes: Backup, Restore, Migrate, Upgrade
Using Kubernetes in production? You likely need a strategy for restoring & upgrading clusters. Meet ReShifter, a tool and library to handle cluster backups.
Quelle: OpenShift
AWS Greengrass Available in EU (Frankfurt) and Asia Pacific (Sydney) Regions
AWS Greengrass is software that lets you run local compute, messaging, data and state synchronization for connected devices in a secure way. With AWS Greengrass, connected devices can run AWS Lambda functions, keep device data in sync, and communicate with other devices securely – even when not connected to the Internet. Using AWS Lambda, Greengrass ensures your IoT devices can respond quickly to local events, operate with intermittent connections, and minimize the cost of transmitting IoT data to the cloud.
Quelle: aws.amazon.com
ZeroKit End-to-End Encryption SDK launches in Azure Marketplace today!
We’re happy to announce that the cloud encryption company Tresorit launched their ZeroKit End-to-End Encryption SDK in Azure marketplace today! With ZeroKit, developers can easily build E2EE “zero knowledge” apps that protect data and user passwords from the most frequent data breaches.
Quelle: Azure
Netzwerkdurchsetzungsgesetz und Zensur: "Das Hauptproblem bleibt"
Vertreter von Google, Reporter ohne Grenzen und der FDP waren sich auf einer Konferenz zu Hass in sozialen Netzwerken einig, dass die von der Koalition vorgesehenen Änderungen am geplanten "Zensurgesetz" nicht weit genug gehen.
Quelle: Heise Tech News
Petya-Attacke: Posteo sperrt E-Mail-Adresse der Angreifer
Der E-Mail-Anbieter Posteo hat eine beim aktuellen Petya-Angriff genutzte Mailadresse gesperrt. Für Opfer gibt es damit wohl vorerst keine Möglichkeit, die Erpresser zu kontaktieren. Ob die nach einer Lösegeldzahlung geholfen hätten, ist sowieso fraglich.
Quelle: Heise Tech News
Enterprise identity made easy in Google Cloud Platform with Cloud Identity
By Zack Ontiveros, Product Manager, Google Cloud Identity
As an organization, you want to be able to control how your users access Google’s products and other services online. Millions of G Suite customers already rely on Google Cloud’s identity services to secure their online identities, perform single sign on and enforce multi-factor authentication. We’re excited to announce that the same identity management features used for years in G Suite will be made available for free to Google Cloud Platform (GCP) customers to manage their developers online with Cloud Identity.
Introducing Cloud Identity support in GCP
Starting today, we’re rolling out native support for Cloud Identity right into GCP. Cloud Identity makes it easy to provision and manage users and groups directly from the Google Admin Console. Once you sign up for Cloud Identity, you’ll also get access to the Cloud Resource Manager to administer your new GCP organization. Cloud Resource Manager allows you to centrally manage all of your organization’s GCP projects and IAM roles. With Cloud Identity and Cloud Resource Manager, you now have full control over how your organization uses Google Cloud.
Try it today
To start using Cloud Identity, head to the Cloud Console to find the new “Identity” section under Cloud IAM. Here you’ll be able to find the Cloud Identity sign up flow, where you’ll create your new Cloud Identity admin account and Cloud Identity organization. For more information, check out our Getting Started Guide.
Quelle: Google Cloud Platform
Companies In Europe Are Being Hit By A Massive Ransomware Attack
Businesses in several European countries reported falling victim to a massive ransomware attack on Tuesday.
A screenshot posted by digital security firm Symantec showed a screen with red text reading, “If you see this text, then your files are no longer accessible, because they have been encrypted,” and demanding 300 Bitcoin (roughly $700,000) in ransom.
A spokesperson for the security firm told BuzzFeed News the ransomware, known as Petya, is associated with a Bitcoin account which has so far received nine payments. The Symantec spokesperson said that the ransomware functions using the same vulnerabilities as a virus which struck worldwide in May.
Companies in the UK, France, Denmark, and Ukraine reported on Twitter that they had been targeted in Tuesday's attack. The Ukrainian energy national energy distributor and an airport in Kiev were among those affected.
The attacks come in the wake of May's major ransomware attack, WannaCry, which particularly affected the British National Health Service.
WannaCry infected more than 100,000 organizations in at least 150 countries, according to cybersecurity companies who are observing its spread across the globe.
This is a developing story. Check back for updates and follow BuzzFeed News on Twitter.
LINK: If You Have Windows, Update It Right Now To Keep This Massive Hack Out
LINK: Did The NHS Leave Hospitals Vulnerable To A Massive Ransomware Attack?
LINK: The NHS Is Starting To Recover From The Huge Ransomware Attack
Quelle: <a href="Companies In Europe Are Being Hit By A Massive Ransomware Attack“>BuzzFeed
Kubespray Ansible Playbooks foster Collaborative Kubernetes Ops
Today’s guest post is by Rob Hirschfeld, co-founder of open infrastructure automation project, Digital Rebar and co-chair of the SIG Cluster Ops. Why Kubespray?Making Kubernetes operationally strong is a widely held priority and I track many deployment efforts around the project. The incubated Kubespray project is of particular interest for me because it uses the popular Ansible toolset to build robust, upgradable clusters on both cloud and physical targets. I believe using tools familiar to operators grows our community.We’re excited to see the breadth of platforms enabled by Kubespray and how well it handles a wide range of options like integrating Ceph for StatefulSet persistence and Helm for easier application uploads. Those additions have allowed us to fully integrate the OpenStack Helm charts (demo video).By working with the upstream source instead of creating different install scripts, we get the benefits of a larger community. This requires some extra development effort; however, we believe helping share operational practices makes the whole community stronger. That was also the motivation behind the SIG-Cluster Ops.With Kubespray delivering robust installs, we can focus on broader operational concerns.For example, we can now drive parallel deployments, so it’s possible to fully exercise the options enabled by Kubespray simultaneously for development and testing. That’s helpful to built-test-destroy coordinated Kubernetes installs on CentOS, Red Hat and Ubuntu as part of an automation pipeline. We can also set up a full classroom environment from a single command using Digital Rebar’s providers, tenants and cluster definition JSON.Let’s explore the classroom example:First, we define a student cluster in JSON like the snippet below{ “attribs”: { “k8s-version”: “v1.6.0″, “k8s-kube_network_plugin”: “calico”, “k8s-docker_version”: “1.12” }, “name”: “cluster01″, “tenant”: “cluster01″, “public_keys”: { “cluster01″: “ssh-rsa AAAAB….. user@example.com” }, “provider”: { “name”: “google-provider” }, “nodes”: [ { “roles”: [ “etcd”,”k8s-addons”, “k8s-master” ], “count”: 1 }, { “roles”: [ “k8s-worker” ], “count”: 3 } ]}Then we run the Digital Rebar workloads Multideploy.sh reference script which inspects the deployment files to pull out key information. Basically, it automates the following steps:rebar provider create {“name”:“google-provider”, [secret stuff]}rebar tenants create {“name”:“cluster01”}rebar deployments create [contents from cluster01 file]The deployments create command will automatically request nodes from the provider. Since we’re using tenants and SSH key additions, each student only gets access to their own cluster. When we’re done, adding the –destroy flag will reverse the process for the nodes and deployments but leave the providers and tenants.We are invested in operational scripts like this example using Kubespray and Digital Rebar because if we cannot manage variation in a consistent way then we’re doomed to operational fragmentation. I am excited to see and be part of the community progress towards enterprise-ready Kubernetes operations on both cloud and on-premises. That means I am seeing reasonable patterns emerge with sharable/reusable automation. I strongly recommend watching (or better, collaborating in) these efforts if you are deploying Kubernetes even at experimental scale. Being part of the community requires more upfront effort but returns dividends as you get the benefits of shared experience and improvement.When deploying at scale, how do you set up a system to be both repeatable and multi-platform without compromising scale or security?With Kubespray and Digital Rebar as a repeatable base, extensions get much faster and easier. Even better, using upstream directly allows improvements to be quickly cycled back into upstream. That means we’re closer to building a community focused on the operational side of Kubernetes with an SRE mindset.If this is interesting, please engage with us in the Cluster Ops SIG, Kubespray or Digital Rebar communities. — Rob Hirschfeld, co-founder of RackN and co-chair of the Cluster Ops SIGGet involved with the Kubernetes project on GitHub Post questions (or answer questions) on Stack Overflow Connect with the community on SlackFollow us on Twitter @Kubernetesio for latest updates
Quelle: kubernetes
OpenShift Application Development with Red Hat Development Suite, Part 5
In part 5 of the OpenShift Application Development with Red Hat Development Suite series, Veer Muchandi shows how to build and test container images on your local OpenShift cluster using JBoss Developer Studio.
Quelle: OpenShift
"Secure transfer required" is available in Azure Storage account
The "Secure transfer required" feature is now supported in Azure Storage account. This feature enhances the security of your storage account by enforcing all requests to your account through a secure connection.
This feature is disabled by default. For more details, see the article "Require secure transfer".
Quelle: Azure
