Published on

Learn Cloud Native Newsletter

Weekly picks

NSA/CISA Kubernetes hardening guidance and a critical review from NCC Group

In August, NSA & CISA released a Kubernetes hardening guidance that explains how to harden your Kubernetes clusters.

A day ago, the NCC Group (an information assurance company from the UK) released a critical review of the guidance. They separated the guidance into "Good", "Bad", and "Complex" sections. It's an interesting read, especially the bad and the complex sections that go into some aspects of Kubernetes security that were either overlooked or are already out of date (the joys of working in tech).

2021 State of DevOps report

For the past ten years, Puppet has been releasing the yearly State of DevOps report. This year anniversary edition talks about multiple pillars. For example, it says that DevOps is not just automation, but automating repetitive tasks is necessary (90% of respondents with highly evolved DevOps practices automate most repetitive tasks) to allow the team to step back and think about broader strategy.

Here are a couple of other tidbits from the executive summary:

  • Even though 65% of mid-evolution companies are using the public cloud, only 20% are using it to its full potential

  • The major obstacle that prevents enterprises from evolving to the highest levels is organizational structure and dynamics

  • Clear understanding of responsibilities to other teams is reported by 91% of highly evolved teams vs. 46% of low-evolution teams

  • In mid-evolution teams, 21% report their culture discourages risk, and 20% mention unclear responsibilities

Links of the week


Previous newsletters

  • November 24, 2021

    What's next for cloud-native computing?

  • November 7, 2021

    Content from KubeCon and EnvoyCon videos 2021

  • October 1, 2021

    Hacktoberfest 2021 starts today, deep dive into k8s scheduling, Kubermatic

  • September 17, 2021

    5 years of Envoy, Kubernetes CVE, getting started with K8s security

  • September 3, 2021

    Docker updates subscription plan, state of Kubernetes security report, organizing Kubernetes containers, and ArgoCD

  • August 27, 2021

    Kubernetes dashboards, Path from Kubernetes to Serverless with Kelsey Hightower, and Secret Manager support for Functions

  • August 20, 2021

    Github Codespaces, KubeCon and redesign

Sign up for cloud-native newsletter

Receive an occasional email with blog posts, videos, tutorials, and other content from the cloud-native world.

No spam ever.