As part of the graduation criteria for CNCF projects, Helm 3 has successfully completed its security audit, available in the Helm community repo. In summary, there was only one noteworthy finding and it did not lead to an exploit.

Two part series which reviews the basic concepts and discuss different ways of aggregating logs from AWS. Part 1 focuses on forwarding logs to a centralised account, whereas Part 2 covers the actual implementation steps.

Docker Hub has finally gotten 2FA to stop container take over.

Tim Hockin (@thockin) released a thorough flowchart describing how the kube-proxy iptables rules work.

The full copy (all 266 pages) of 'Kubernetes Patterns' e-book is available for free!

Amazon CloudWatch now includes cross-account cross-region dashboards, which enable you to create high level operational dashboards, and with one click, drill down into more specific dashboards in different AWS accounts without having to log in and out of different accounts or switch AWS Regions. It is intended for centralized operations teams, DevOps engineers, and service owners who need to monitor, troubleshoot, and analyze applications running in multiple regions and accounts.

The Aqua Security team released tracee, a lightweight, easy to use container tracing tool. After launching the tool, it will start collecting traces of newly created containers. The collected traces are mostly system calls performed by the processes running inside the containers, but other events, such as capabilities required to perform the actions requested by the container, are also supported.

I'm aware that, sadly, not many people are familiar (or even aware!) with The Update Framework (TUF). That's why I'm happy to see that AWS has released Rust libraries and tools for using and generating TUF repositories.