Linux

Quick Kubeflow Pipelines with KALE, ElasticSearch and Ceph

KALE allows you to annotate your Jupiter notebooks on Kubeflow and magically compile and run Kubeflow Pipelines. In this demo, Aymen Frikha from Canonical shows how to deploy and run Kubeflow alongside ElasticSearch and Ceph, and how to quickly run a pipeline directly from a Jupyter notebook, using KALE (Kubeflow Automated pipeLines Engine).
sysdig

How to mitigate CVE-2021-33909 Sequoia with Falco - Linux filesystem privilege escalation vulnerability

The CVE-2021-33909, named Sequoia, is a new privilege escalation vulnerability that affects Linux’s file system. It was disclosed in July, 2021, and it was introduced in 2014 on many Linux distros; among which we have Ubuntu (20.04, 20.10 and 21.04), Debian 11, Fedora 34 Workstation and some Red Hat products, too. This vulnerability is caused by an out-of-bounds write found in the Linux kernel’s seq_file in the Filesystem layer.

canonical

How to test the latest Kubernetes 1.22 release candidate with MicroK8s

Today, the Kubernetes community made the 1.22 release candidate available, a few weeks ahead of general availability, planned for August the 4th. We invite developers, platform engineers and cloud tech enthusiasts to experiment with the new features, report back findings and bugs. MicroK8s is the easiest way to get up and running with the latest version of K8s for testing and experimentation.

FIPS certification and CIS compliance with Ubuntu

There are few Linux distributions that undergo the FIPS certification process, and even fewer with certified images available for production use in multi-cloud environments. Canonical has built integrated services to easily enable FIPS certified or compliant modules for Ubuntu 18.04 and 16.04 LTS releases, as well as tooling to assist in hardening and auditing Ubuntu instances to meet CIS compliance benchmarks. These certified components enable operating environments under compliance regimes like FedRAMP, HIPAA, PCI and ISO.
logz.io

Observability with Zero Code Instrumentation? Meet eBPF

Current observability practice is largely based on manual instrumentation, which requires adding code in relevant points in the user’s business logic code to generate telemetry data. This can become quite burdensome and create a barrier to entry for many wishing to implement observability in their environment. This is especially true in Kubernetes environments and microservices architecture.

canonical

Ubuntu becomes #1 OS for OpenStack deployment

One of the core values of Canonical, that we all identify with, is the mission of bringing the power of open source to everyone on the planet. From developing to developed countries. From individuals to big enterprises. From engineers to CEOs. And there is only one way to find out if we are efficient in what we do. This is community feedback. It is no different this time.

canonical

Linux kernel Livepatching

Canonical livepatch is the service and the software that enables organizations to quickly patch vulnerabilities on the Ubuntu Linux kernels. Livepatch provides uninterrupted service while reducing fire drills during high and critical severity kernel vulnerabilities. It is a complex technology and the details can be confusing, so in this post we provide a high level introduction to Ubuntu Linux kernel livepatching and the processes around it.