Archive: December 2018 - Root Level Technology

Clair Image Scan Setup in a Codefresh Pipeline

Clair image scanning provides a report on known vulnerabilities in a docker image. Adding this to your Codefresh CI/CD pipeline means you can view threats and start automating your responses to them. This can be as simple as showing a report with the listed vulnerabilities to the development team, to something as complex as rolling back deployment to the last approved build if the vulnerabilities exceed your desired guidelines.   In order to use the Clair Scan you must have your own Clair Scan service setup ahead of time. You can then pass the docker image to your Clair Scan service during your CodeFresh Pipeline Setup. The report will need to be saved in a storage bucket and a link […]

Continue reading

KubeCon Day 3 (12/13)

As we wrap up this year’s KubeCon, Braden finishes up his experience by starting his day started with Keynote: Smooth Operator♪: Large Scale Automated Storage with Kubernetes – Celina Ward, Software Engineer & Matt Schallert, Site Reliability Engineer, Uber.   “It was a little weird to have 2 back to back keynotes talking about operators (previous keynote: Kubernetes: Living Up to the Hype – Janet Kuo, Software Engineer, Google),” says Braden. “But,    M3DB was a good case study of how moving to K8s and using operators helped. None of this was new info to me except M3DB.”   There were comparisons to large-scale Prometheus installs like Cortex or Thanos, which are based on Prometheus and have large communities and integrate […]

Continue reading

KubeCon Day 2 (12/12)

Day 2 was jammed packed with people and keynotes. Braden started his day at 9:00 am. The first keynote he attended was Save Yourselves! – Liz Rice, Technology Evangelist, Aqua Security. Which had some interesting tidbits. Like, how easy it is to Own a K8s cluster if you have a cluster admin role. There was a talk last year about integrating OPA with Istio to control access to services, etc.  So the idea of being able to write security policies for your services and also to control your cluster is really appealing.  OPA is still really early, last year seems like there was progress but still experimental. Maybe, this is the year it gets to beta and is ready for […]

Continue reading