Spotlight on Security
Rancher by SUSE
Innovate Everywhere From datacenter to cloud to edge, Rancher lets you deliver Kubernetes-as-a-Service.
With a new issue published on the first Tuesday of every month, the Rancher Roundup is your digest of all things cloud native from Rancher by SUSE. Keep up with the latest in Rancher, Kubewarden, k3s, and all our other projects by subscribing today!
What’s ?? this month?
Extensions are the hottest new feature of Rancher 2.7! Join Robert Sirchia on February 15th as he hosts a Global Online Meetup with Jordon Leach and José Guilherme Vanz from the Kubewarden project, where our guests will walk through their experience of building an extension for Kubewarden. Secure your spot by registering today!
Cloudy ?? with a side of Ranch?
In January, Epinio v1.6.1 was released with native support for IAM Role authentication. This allows AWS customers that deployed Epinio within an EKS cluster to use Amazon S3 as external storage without the need to specify any credentials just by using a dedicated policy for a safer and more secure integration. This version also comes with general bug fixes and security updates. Check out our release notes to learn more!
k3s ?
The first release of k3s in the 1.26 line, v1.26.0+k3s1 , was affected by containerd/containerd#7843. With the latest release, v1.26.0+k3s2, we’ve updated the version of containerd to v1.6.14, resolving the issue of pods losing their CNI information when containerd was restarted. It is recommended that v1.26.0+k3s2 be used instead of v1.26.0+k3s1 since several other stability and administrative changes are also incorporated. Refer to the linked release notes to learn more.?
With the newest version of Kubewarden comes a significant security enhancement: Policy Evaluation Timeout. Slated to improve the security posture of the project, this default feature prevents a Policy Server from running out of computing resources because one or more of its policy evaluations are stuck in infinite loops. Check out the announcement blog for more details on this feature and to learn what else is new in this release!
Opni ?
With the latest release of Opni, v0.8.1, users can configure various alarms to trigger alerts.??
These include when:?
Refer to our docs to learn more about how you can set these up!?
Rancher ?
The Rancher Security team released new Rancher versions 2.7.1, 2.6.10, and 2.5.17 that exclusively contain fixes for security-related issues (CVEs). Based on the last stable version of each release branch, 2.7.0, 2.6.9, and 2.5.16, these new security-only releases will allow you to run Rancher in production with the additional assurance of an improved security posture.? Additionally, with these security-only releases, we aim to align our development processes with industry standards regarding security disclosure of vulnerabilities. Read the announcement blog to learn more about what’s new in this release!?
News from the Ranch?
With a meteoric rise in attack vectors and cyber exploits, safeguard your Kubernetes installations from malicious actors using Neuvector’s behavioral-based Zero Trust Policies. Read Another Orchestrated Attack: How Do I Protect Myself ?? by Raul Mahiques Martinez to learn more.?
It’s Showtime! ???
Join Robert Sirchia, Head of Community Evangelism, at Civo Navigate as he demystifies learning Kubernetes for developers on February 7th, 2023. See the full schedule and register for the in-person tech event on the 7th and 8th of February, 2023.?
Over the first weekend of February, several SUSE colleagues presented at FOSDEM in person.
All the session recordings will be made available on this link in due course.