RSS

Posts in 2022

  • Security: Using Pod Security Standard "restricted"

    2022-03-09 in Blog

    tl;dr: pod security standards is a recent addition to Kubernetes, coming to replace pod security policies. Alongside seccomp, it provides greater isolation levels to workloads. Read up on how we moved all Flux controllers to 'restricted' mode and how that's going to keep you safer.

    Next up in our blog series about Flux Security is how we moved to Pod Security Standard “restricted”, all the background info you need to know and how that makes things safer for you. Since version 0.26 of Flux we are applying [..] the restricted pod security standard to all controllers. In practice this means: all Linux capabilities were dropped the root filesystem was set to …

    Read more

  • February 2022 Update

    2022-03-01 in Blog

    Featured Image for February 2022 Update

    tl;dr: New Flux and Flagger releases bring more security, many new adopters have joined our community, Flux articles and docs, upcoming Flux events helping you get started and more.

    As the Flux family of projects and its communities are growing, we strive to inform you each month about what has already landed, new possibilities which are available for integration, and where you can get involved. Read our last update here. It’s the beginning of March 2022 - let’s recap together what happened in February - it has been a lot! News in the Flux family Latest Flux is …

    Read more

  • Security: More confidence through Fuzzing

    2022-02-22 in Blog

    tl;dr: ADA Logics helped us moving to Fuzzing as part of their security audit. We finally implemented this for all Flux controllers. Learn here how this keeps you safer.

    Next up in our blog series about Flux Security is how we implemented fuzzing in Flux and its controllers and how that makes things safer for you. Wikipedia explains Fuzzing like so: Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as …

    Read more

  • Security: Image Provenance

    2022-02-14 in Blog

    Featured Image for Security: Image Provenance

    tl;dr: Next up in our series of blog posts about Flux's security considerations. This time: image provenance - how to make it part of your workflow and how it keeps you safe.

    Next up in our blog series about Flux Security is how and why we use signatures for the Flux CLI and all its controller images and what you can do to verify image provenance in your workflow. Since Flux 0.26 our Security Docs had this addition: The Flux CLI and the controllers' images are signed using Sigstore Cosign and GitHub OIDC. The container images along with their signatures are published …

    Read more

  • Security: The Value of SBOMs

    2022-02-07 in Blog

    Featured Image for Security: The Value of SBOMs

    tl;dr: The first in our series of blog posts about Flux's security considerations. This time: what a Software Bill of Materials can do to keep you safe.

    Flux - built with security in mind You don’t get to re-architect a successful project very often, but we did about two years ago. The Flux project was already off to a great start and had many happy adopters and many of its design principles we kept at the forefront of our mind: Pull vs Push: if you haven’t read this great blog post from 2018 about why you want Pull - all it says still …

    Read more

  • January 2022 Update

    2022-01-31 in Blog

    Featured Image for January 2022 Update

    tl;dr: New Flux and Flagger releases bring more security, terraform-controller team wants feedback, Flux articles and docs, upcoming Flux events helping you get started and more.

    As the Flux family of projects and its communities are growing, we strive to inform you each month about what has already landed, new possibilities which are available for integration, and where you can get involved. Read our last update here. It’s the beginning of February 2022 and you have been waiting for a long time - let’s recap together what happened in January and December- …

    Read more

Posts in 2021

  • December 2021 Update

    2021-11-30 in Blog

    Featured Image for December 2021 Update

    tl;dr: New Flux releases bring more security, update GitHub integration, add support for BitBucket Server. We need your input on new Flux RFCs, upcoming events featuring Flux and more.

    As the Flux family of projects and its communities are growing, we strive to inform you each month about what has already landed, new possibilities which are available for integration, and where you can get involved. Read last month’s update here. Let’s recap what happened in November - there has been so much happening! News in the Flux family A flurry of Flux releases The Flux …

    Read more

  • Flux Security Audit has concluded

    2021-11-10 in Blog

    Featured Image for Flux Security Audit has concluded

    tl;dr: Flux just went through a CNCF-funded Security Audit. Here we publicly release and discuss the report. We also disclose our first CVE, which was fixed in Flux v0.18.0 - please upgrade as soon as you can!

    As Flux is an Incubation project within the Cloud Native Computing Foundation, we were graciously granted a sponsored audit. The primary aim was to assess Flux’s fundamental security posture and to identify next steps in its security story. The audit was commissioned by the CNCF, and facilitated by OSTIF (the Open Source Technology Improvement Fund). ADA Logics was quickly brought into the …

    Read more

  • November 2021 update

    2021-10-29 in Blog

    Featured Image for November 2021 update

    tl;dr: New releases in the Flux family (Server-Side Apply in Flux, Flagger 1.15). Max Jonas Werner (D2IQ) and Soulé Ba + Sunny (Weaveworks) are new Flux maintainers, lots of event news, Flux and OpenShift and much much more!

    As the Flux family of projects and its communities are growing, we strive to inform you each month about what has already landed, new possibilities which are available for integration, and where you can get involved. Read last month’s update here. Let’s recap what happened in October - there has been so much happening! News in the Flux family Server side apply has landed We gave you a …

    Read more

  • October 2021 update

    2021-10-01 in Blog

    tl;dr: Server-side reconciliation is coming, better transport and crypto support for libgit2, Flagger 1.14, KubeCon updates, GitOps One-Stop Shop Event to show-case Flux integrated being used in big GitOps offerings, community news!

    As the Flux family of projects and its communities are growing, we strive to inform you each month about what has already landed, new possibilities which are available for integration, and where you can get involved. Read last month’s update here. Let’s recap what happened in September - there has been so much happening! Flux Project Facts We are very proud of what we put together, …

    Read more