Parasoft announces the opening of its new office in Northeast Ohio.
Loft Labs announced that its open-source technology vcluster adds an isolated mode for virtual clusters which reduces the work required by administrators to isolate tenants in multi-tenant Kubernetes clusters.
Virtual clusters spun up with vcluster are logically isolated by means of having separate Kubernetes control planes but the workloads running inside these virtual clusters (pods and their containers) are not isolated by default.
Previously, any Kubernetes security mechanisms for vcluster workloads had to be created manually by the cluster administrators. Now, with vcluster’s isolated mode, a variety of Kubernetes security controls will be enabled and auto-configured without the need for manual configuration, including:
- Pod security standards (admission control policies)
- Resource quotas and limit ranges
- Network policies
Isolated mode enforces baseline workload isolation policies but administrators can harden these further and have full control over customizing everything to their security requirements.
“Before, admins had to add security constraints for virtual clusters themselves which added complexity and required ongoing maintenance. Now, with isolated mode, we as project maintainers provide a default set of security measures that we recommend as best practice for isolating virtual clusters,” said Lukas Gentele, Co-founder and CEO, Loft Labs. “Of course, admins can tweak isolation constraints to their use cases and to their organization’s security policies but we make it easier for them to kick the tires with vcluster while enforcing stricter security boundaries by default and right from the start.”
The vcluster open source software is growing quickly with more than 500,000 downloads and over 1,300 stars on GitHub in less than a year after its initial release. First launched in April 2021, vcluster is used to create lightweight Kubernetes clusters that run inside the namespaces of underlying Kubernetes clusters. Using virtual clusters solves the majority of multi-tenancy issues of Kubernetes because they offer:
- Better isolation than simple namespace-based multi-tenancy;
- Reduced cloud computing cost because virtual clusters are much more lightweight and resource-efficient than spinning up separate single-tenant clusters;
- Logical separation and encapsulation of application workloads from the underlying cluster’s shared infrastructure workloads (such as shared ingress controller or network plug-ins).
At the same time, virtual cluster users can expect that their virtual cluster behaves just like any regular Kubernetes cluster because vcluster is a certified Kubernetes distribution, which means that it passes all conformance tests that CNCF requires. Virtual clusters are often used as development environments when engineers are building, testing and debugging cloud-native software, but they are also frequently used as ephemeral environments for executing continuous integration/continuous delivery (CI/CD) pipelines.
Industry News
Postman released v11, a significant update that speeds up development by reducing collaboration friction on APIs.
Sysdig announced the launch of the company’s Runtime Insights Partner Ecosystem, recognizing the leading security solutions that combine with Sysdig to help customers prioritize and respond to critical security risks.
Nokod Security announced the general availability of the Nokod Security Platform.
Drata has acquired oak9, a cloud native security platform, and released a new capability in beta to seamlessly bring continuous compliance into the software development lifecycle.
Amazon Web Services (AWS) announced the general availability of Amazon Q, a generative artificial intelligence (AI)-powered assistant for accelerating software development and leveraging companies’ internal data.
Red Hat announced the general availability of Red Hat Enterprise Linux 9.4, the latest version of the enterprise Linux platform.
ActiveState unveiled Get Current, Stay Current (GCSC) – a continuous code refactoring service that deals with breaking changes so enterprises can stay current with the pace of open source.
Lineaje released Open-Source Manager (OSM), a solution to bring transparency to open-source software components in applications and proactively manage and mitigate associated risks.
Synopsys announced the availability of Polaris Assist, an AI-powered application security assistant on the Synopsys Polaris Software Integrity Platform®.
Backslash Security announced the findings of its GPT-4 developer simulation exercise, designed and conducted by the Backslash Research Team, to identify security issues associated with LLM-generated code. The Backslash platform offers several core capabilities that address growing security concerns around AI-generated code, including open source code reachability analysis and phantom package visibility capabilities.
Azul announced that Azul Intelligence Cloud, Azul’s cloud analytics solution -- which provides actionable intelligence from production Java runtime data to dramatically boost developer productivity -- now supports Oracle JDK and any OpenJDK-based JVM (Java Virtual Machine) from any vendor or distribution.
F5 announced new security offerings: F5 Distributed Cloud Services Web Application Scanning, BIG-IP Next Web Application Firewall (WAF), and NGINX App Protect for open source deployments.
Code Intelligence announced a new feature to CI Sense, a scalable fuzzing platform for continuous testing.
WSO2 is adding new capabilities for WSO2 API Manager, WSO2 API Platform for Kubernetes (WSO2 APK), and WSO2 Micro Integrator.