From f14541cdf4ea5d75e0f177f64ba88aa66d5b32b6 Mon Sep 17 00:00:00 2001 From: Andrew Chen Date: Fri, 27 Jul 2018 16:30:04 -0700 Subject: [PATCH 1/3] change image assets to https --- .../2015-05-00-Kubernetes-On-Openstack.md | 2 +- ...-07-00-Strong-Simple-Ssl-For-Kubernetes.md | 4 ++-- ...tes-As-Foundation-For-Cloud-Native-Paas.md | 8 ++++---- ...11-00-Monitoring-Kubernetes-With-Sysdig.md | 20 +++++++++---------- ...nd-Dynamic-Distributed-Systems-At-Scale.md | 4 ++-- ...00-Elasticbox-Introduces-Elastickube-To.md | 2 +- ...-11-00-Certified-Kubernetes-Conformance.md | 2 +- ...-Securing-Software-Supply-Chain-Grafeas.md | 2 +- 8 files changed, 22 insertions(+), 22 deletions(-) diff --git a/content/en/blog/_posts/2015-05-00-Kubernetes-On-Openstack.md b/content/en/blog/_posts/2015-05-00-Kubernetes-On-Openstack.md index 243678bcaae04..5306ed48433e9 100644 --- a/content/en/blog/_posts/2015-05-00-Kubernetes-On-Openstack.md +++ b/content/en/blog/_posts/2015-05-00-Kubernetes-On-Openstack.md @@ -7,7 +7,7 @@ url: /blog/2015/05/Kubernetes-On-Openstack -[![](http://3.bp.blogspot.com/-EOrCHChZJZE/VVZzq43g6CI/AAAAAAAAF-E/JUilRHk369E/s400/Untitled%2Bdrawing.jpg)](http://3.bp.blogspot.com/-EOrCHChZJZE/VVZzq43g6CI/AAAAAAAAF-E/JUilRHk369E/s1600/Untitled%2Bdrawing.jpg) +[![](https://3.bp.blogspot.com/-EOrCHChZJZE/VVZzq43g6CI/AAAAAAAAF-E/JUilRHk369E/s400/Untitled%2Bdrawing.jpg)](https://3.bp.blogspot.com/-EOrCHChZJZE/VVZzq43g6CI/AAAAAAAAF-E/JUilRHk369E/s1600/Untitled%2Bdrawing.jpg) diff --git a/content/en/blog/_posts/2015-07-00-Strong-Simple-Ssl-For-Kubernetes.md b/content/en/blog/_posts/2015-07-00-Strong-Simple-Ssl-For-Kubernetes.md index 748059da26ffb..f122a15d8a9c6 100644 --- a/content/en/blog/_posts/2015-07-00-Strong-Simple-Ssl-For-Kubernetes.md +++ b/content/en/blog/_posts/2015-07-00-Strong-Simple-Ssl-For-Kubernetes.md @@ -17,7 +17,7 @@ In the spirit of minimum viability, the first version of Jenkins-on-Kubernetes I Here’s a visual of that first version: -[![](http://1.bp.blogspot.com/-ccmpTmulrng/VaVxOs7gysI/AAAAAAAAAU8/bCEzgGGm-pE/s400/0.png)](http://1.bp.blogspot.com/-ccmpTmulrng/VaVxOs7gysI/AAAAAAAAAU8/bCEzgGGm-pE/s1600/0.png) +[![](https://1.bp.blogspot.com/-ccmpTmulrng/VaVxOs7gysI/AAAAAAAAAU8/bCEzgGGm-pE/s400/0.png)](https://1.bp.blogspot.com/-ccmpTmulrng/VaVxOs7gysI/AAAAAAAAAU8/bCEzgGGm-pE/s1600/0.png) @@ -156,7 +156,7 @@ The pod will have a service exposing TCP 80 and 443 to a public load balancer. H And here’s an overview with the SSL termination proxy in place. Notice that Jenkins is no longer directly exposed to the public Internet: -[![](http://3.bp.blogspot.com/-0B1BEQo_fWc/VaVxVUBkf3I/AAAAAAAAAVE/5yCCnA29C88/s400/0%2B%25281%2529.png)](http://3.bp.blogspot.com/-0B1BEQo_fWc/VaVxVUBkf3I/AAAAAAAAAVE/5yCCnA29C88/s1600/0%2B%25281%2529.png) +[![](https://3.bp.blogspot.com/-0B1BEQo_fWc/VaVxVUBkf3I/AAAAAAAAAVE/5yCCnA29C88/s400/0%2B%25281%2529.png)](https://3.bp.blogspot.com/-0B1BEQo_fWc/VaVxVUBkf3I/AAAAAAAAAVE/5yCCnA29C88/s1600/0%2B%25281%2529.png) diff --git a/content/en/blog/_posts/2015-11-00-Kubernetes-As-Foundation-For-Cloud-Native-Paas.md b/content/en/blog/_posts/2015-11-00-Kubernetes-As-Foundation-For-Cloud-Native-Paas.md index 9cb08c5c43d55..1d7585b075a79 100644 --- a/content/en/blog/_posts/2015-11-00-Kubernetes-As-Foundation-For-Cloud-Native-Paas.md +++ b/content/en/blog/_posts/2015-11-00-Kubernetes-As-Foundation-For-Cloud-Native-Paas.md @@ -6,7 +6,7 @@ url: /blog/2015/11/Kubernetes-As-Foundation-For-Cloud-Native-Paas --- With Kubernetes continuing to gain momentum as a critical tool for building and scaling container based applications, we’ve been thrilled to see a growing number of platform as a service (PaaS) offerings adopt it as a foundation. PaaS developers have been drawn to Kubernetes by its rapid rate of maturation, the soundness of its core architectural concepts, and the strength of its contributor community. The [Kubernetes ecosystem](https://kubernetes.io/blog/2015/07/the-growing-kubernetes-ecosystem) continues to grow, and these PaaS projects are great additions to it. -[![](http://1.bp.blogspot.com/-xX93tnoIlGo/Vjj2fSc_CDI/AAAAAAAAAi0/lvTkT9jyFog/s400/k8%2Bipaas%2B1.png)](http://1.bp.blogspot.com/-xX93tnoIlGo/Vjj2fSc_CDI/AAAAAAAAAi0/lvTkT9jyFog/s1600/k8%2Bipaas%2B1.png) +[![](https://1.bp.blogspot.com/-xX93tnoIlGo/Vjj2fSc_CDI/AAAAAAAAAi0/lvTkT9jyFog/s400/k8%2Bipaas%2B1.png)](https://1.bp.blogspot.com/-xX93tnoIlGo/Vjj2fSc_CDI/AAAAAAAAAi0/lvTkT9jyFog/s1600/k8%2Bipaas%2B1.png) @@ -23,7 +23,7 @@ With Kubernetes continuing to gain momentum as a critical tool for building and -[![](http://1.bp.blogspot.com/-1XZFGRHGb34/Vjj2wUtA6pI/AAAAAAAAAi8/SD-qRhVIiIs/s400/k8%2Bipaas%2B2.png)](http://1.bp.blogspot.com/-1XZFGRHGb34/Vjj2wUtA6pI/AAAAAAAAAi8/SD-qRhVIiIs/s1600/k8%2Bipaas%2B2.png) +[![](https://1.bp.blogspot.com/-1XZFGRHGb34/Vjj2wUtA6pI/AAAAAAAAAi8/SD-qRhVIiIs/s400/k8%2Bipaas%2B2.png)](https://1.bp.blogspot.com/-1XZFGRHGb34/Vjj2wUtA6pI/AAAAAAAAAi8/SD-qRhVIiIs/s1600/k8%2Bipaas%2B2.png) @@ -38,7 +38,7 @@ With Kubernetes continuing to gain momentum as a critical tool for building and -[![](http://2.bp.blogspot.com/-t3L1CANyhUs/Vjj28Zpf9WI/AAAAAAAAAjE/Ef-PLLmHGvU/s400/k8%2Bipaas%2B3.png)](http://2.bp.blogspot.com/-t3L1CANyhUs/Vjj28Zpf9WI/AAAAAAAAAjE/Ef-PLLmHGvU/s1600/k8%2Bipaas%2B3.png) +[![](https://2.bp.blogspot.com/-t3L1CANyhUs/Vjj28Zpf9WI/AAAAAAAAAjE/Ef-PLLmHGvU/s400/k8%2Bipaas%2B3.png)](http://2.bp.blogspot.com/-t3L1CANyhUs/Vjj28Zpf9WI/AAAAAAAAAjE/Ef-PLLmHGvU/s1600/k8%2Bipaas%2B3.png) @@ -64,7 +64,7 @@ Huawei has made Kubernetes the core runtime engine for container based applicati -[![](http://2.bp.blogspot.com/-Ys0Zn4IQzn0/Vjj3JIE0BVI/AAAAAAAAAjM/ktwltzVa1GE/s400/k8%2Bipaas%2B4.png)](http://2.bp.blogspot.com/-Ys0Zn4IQzn0/Vjj3JIE0BVI/AAAAAAAAAjM/ktwltzVa1GE/s1600/k8%2Bipaas%2B4.png) +[![](https://2.bp.blogspot.com/-Ys0Zn4IQzn0/Vjj3JIE0BVI/AAAAAAAAAjM/ktwltzVa1GE/s400/k8%2Bipaas%2B4.png)](http://2.bp.blogspot.com/-Ys0Zn4IQzn0/Vjj3JIE0BVI/AAAAAAAAAjM/ktwltzVa1GE/s1600/k8%2Bipaas%2B4.png) diff --git a/content/en/blog/_posts/2015-11-00-Monitoring-Kubernetes-With-Sysdig.md b/content/en/blog/_posts/2015-11-00-Monitoring-Kubernetes-With-Sysdig.md index ee1ea6c863691..3affa1eb1c8a9 100644 --- a/content/en/blog/_posts/2015-11-00-Monitoring-Kubernetes-With-Sysdig.md +++ b/content/en/blog/_posts/2015-11-00-Monitoring-Kubernetes-With-Sysdig.md @@ -27,7 +27,7 @@ The easiest way to take advantage of sysdig’s Kubernetes support is by launchi Now that csysdig is running, hit F2 to bring up the views panel, and you'll notice the presence of a bunch of new views. The **k8s Namespaces** view can be used to see the list of namespaces and observe the amount of CPU, memory, network and disk resources each of them is using on this machine: -[![](http://2.bp.blogspot.com/-9kXfpo76r0k/Vkz8AkpctEI/AAAAAAAAAss/yvf9oc759Wg/s640/sisdig%2B6.png)](http://2.bp.blogspot.com/-9kXfpo76r0k/Vkz8AkpctEI/AAAAAAAAAss/yvf9oc759Wg/s1600/sisdig%2B6.png) +[![](https://2.bp.blogspot.com/-9kXfpo76r0k/Vkz8AkpctEI/AAAAAAAAAss/yvf9oc759Wg/s640/sisdig%2B6.png)](http://2.bp.blogspot.com/-9kXfpo76r0k/Vkz8AkpctEI/AAAAAAAAAss/yvf9oc759Wg/s1600/sisdig%2B6.png) @@ -40,7 +40,7 @@ Now that csysdig is running, hit F2 to bring up the views panel, and you'll noti Similarly, you can select **k8s Services** to see the same information broken up by service: -[![](http://2.bp.blogspot.com/-Ya1W3Z_ETcs/Vkz8AN3XtfI/AAAAAAAAAs8/HNv_TvHpfHU/s640/sisdig%2B2.png)](http://2.bp.blogspot.com/-Ya1W3Z_ETcs/Vkz8AN3XtfI/AAAAAAAAAs8/HNv_TvHpfHU/s1600/sisdig%2B2.png) +[![](https://2.bp.blogspot.com/-Ya1W3Z_ETcs/Vkz8AN3XtfI/AAAAAAAAAs8/HNv_TvHpfHU/s640/sisdig%2B2.png)](http://2.bp.blogspot.com/-Ya1W3Z_ETcs/Vkz8AN3XtfI/AAAAAAAAAs8/HNv_TvHpfHU/s1600/sisdig%2B2.png) @@ -53,7 +53,7 @@ Similarly, you can select **k8s Services** to see the same information broken up or **k8s Controllers** to see the replication controllers: -[![](http://3.bp.blogspot.com/-gGkgXRC5P6g/Vkz8A1RVyAI/AAAAAAAAAtQ/SFlHQeNrDjQ/s640/sysdig%2B1.png)](http://3.bp.blogspot.com/-gGkgXRC5P6g/Vkz8A1RVyAI/AAAAAAAAAtQ/SFlHQeNrDjQ/s1600/sysdig%2B1.png) +[![](https://3.bp.blogspot.com/-gGkgXRC5P6g/Vkz8A1RVyAI/AAAAAAAAAtQ/SFlHQeNrDjQ/s640/sysdig%2B1.png)](https://3.bp.blogspot.com/-gGkgXRC5P6g/Vkz8A1RVyAI/AAAAAAAAAtQ/SFlHQeNrDjQ/s1600/sysdig%2B1.png) @@ -66,7 +66,7 @@ or **k8s Controllers** to see the replication controllers: or **k8s Pods** to see the list of pods running on this machine and the resources they use: -[![](http://3.bp.blogspot.com/-PrDfWzi9F3c/Vkz8H6rPlII/AAAAAAAAAtc/f46tE6EKvoo/s640/sisdig%2B7.png)](http://3.bp.blogspot.com/-PrDfWzi9F3c/Vkz8H6rPlII/AAAAAAAAAtc/f46tE6EKvoo/s1600/sisdig%2B7.png) +[![](https://3.bp.blogspot.com/-PrDfWzi9F3c/Vkz8H6rPlII/AAAAAAAAAtc/f46tE6EKvoo/s640/sisdig%2B7.png)](https://3.bp.blogspot.com/-PrDfWzi9F3c/Vkz8H6rPlII/AAAAAAAAAtc/f46tE6EKvoo/s1600/sisdig%2B7.png) @@ -74,7 +74,7 @@ or **k8s Pods** to see the list of pods running on this machine and the resource A cool feature in csysdig is the ability to drill down: just select an element, click on enter and – boom – now you're looking inside it. Drill down is also aware of the Kubernetes hierarchy, which means I can start from a service, get the list of its pods, see which containers run inside one of the pods, and go inside one of the containers to explore files, network connections, processes or even threads. Check out the video below. -[![](http://1.bp.blogspot.com/-lQ-P2gLywlY/Vkz9MOoTgGI/AAAAAAAAAtk/UB6pW7sUbQA/s640/image09.gif)](http://1.bp.blogspot.com/-lQ-P2gLywlY/Vkz9MOoTgGI/AAAAAAAAAtk/UB6pW7sUbQA/s1600/image09.gif) +[![](https://1.bp.blogspot.com/-lQ-P2gLywlY/Vkz9MOoTgGI/AAAAAAAAAtk/UB6pW7sUbQA/s640/image09.gif)](https://1.bp.blogspot.com/-lQ-P2gLywlY/Vkz9MOoTgGI/AAAAAAAAAtk/UB6pW7sUbQA/s1600/image09.gif) ### Actions!  @@ -90,7 +90,7 @@ Let’s start with a quick review of Kubernetes’ architecture. From the physic On the other hand, from the logical/application point of view, Kubernetes clusters are arranged in the hierarchical fashion shown in this picture: -[![](http://1.bp.blogspot.com/-p_x0bLRdFJo/Vkz8IPR5q4I/AAAAAAAAAtg/D9UU2MfPmcI/s640/sisdig%2B4.png)](http://1.bp.blogspot.com/-p_x0bLRdFJo/Vkz8IPR5q4I/AAAAAAAAAtg/D9UU2MfPmcI/s1600/sisdig%2B4.png) +[![](https://1.bp.blogspot.com/-p_x0bLRdFJo/Vkz8IPR5q4I/AAAAAAAAAtg/D9UU2MfPmcI/s640/sisdig%2B4.png)](https://1.bp.blogspot.com/-p_x0bLRdFJo/Vkz8IPR5q4I/AAAAAAAAAtg/D9UU2MfPmcI/s1600/sisdig%2B4.png) @@ -123,7 +123,7 @@ One of the core features of Sysdig Cloud is groups, which allow you to define th If you’re interested in the utilization of your underlying physical resource – e.g., identifying noisy neighbors – then the physical hierarchy is great. But if you’re looking to explore the performance of your applications and microservices, then the logical hierarchy is often the best place to start.  -[![](http://4.bp.blogspot.com/-80u3oSEi_Fw/Vkz8AZgE6eI/AAAAAAAAAtE/3iRDMJKBNmc/s640/sisdig%2B5.png)](http://4.bp.blogspot.com/-80u3oSEi_Fw/Vkz8AZgE6eI/AAAAAAAAAtE/3iRDMJKBNmc/s1600/sisdig%2B5.png) +[![](https://4.bp.blogspot.com/-80u3oSEi_Fw/Vkz8AZgE6eI/AAAAAAAAAtE/3iRDMJKBNmc/s640/sisdig%2B5.png)](http://4.bp.blogspot.com/-80u3oSEi_Fw/Vkz8AZgE6eI/AAAAAAAAAtE/3iRDMJKBNmc/s1600/sisdig%2B5.png) @@ -148,7 +148,7 @@ If you’re interested in the utilization of your underlying physical resource&n For example: here you can see the overall performance of our WordPress service:  -[![](http://4.bp.blogspot.com/-QAsedrM2UxI/Vkz8Aas-26I/AAAAAAAAAtM/9B7Z33vUQrg/s640/sisdig%2B3.png)](http://4.bp.blogspot.com/-QAsedrM2UxI/Vkz8Aas-26I/AAAAAAAAAtM/9B7Z33vUQrg/s1600/sisdig%2B3.png) +[![](https://4.bp.blogspot.com/-QAsedrM2UxI/Vkz8Aas-26I/AAAAAAAAAtM/9B7Z33vUQrg/s640/sisdig%2B3.png)](http://4.bp.blogspot.com/-QAsedrM2UxI/Vkz8Aas-26I/AAAAAAAAAtM/9B7Z33vUQrg/s1600/sisdig%2B3.png) Keep in mind that the pods implementing this service are scattered across multiple machines, but we can still total request counts, response times and URL statistics aggregated together for this service. And don’t forget: this doesn’t require any configuration or instrumentation of wordpress, apache, or the underlying containers!  @@ -162,7 +162,7 @@ And from this view, I can now easily create alerts for these service-level metri We’ve also included Kubernetes awareness in Sysdig Cloud’s famous topology view, at both the physical and logical level.  -[![](http://2.bp.blogspot.com/-2is-UJatmPk/Vk0AtdfvYvI/AAAAAAAAAt0/9SEsl2LCpYI/s640/image02.gif)](http://2.bp.blogspot.com/-2is-UJatmPk/Vk0AtdfvYvI/AAAAAAAAAt0/9SEsl2LCpYI/s1600/image02.gif) +[![](https://2.bp.blogspot.com/-2is-UJatmPk/Vk0AtdfvYvI/AAAAAAAAAt0/9SEsl2LCpYI/s640/image02.gif)](http://2.bp.blogspot.com/-2is-UJatmPk/Vk0AtdfvYvI/AAAAAAAAAt0/9SEsl2LCpYI/s1600/image02.gif) @@ -188,7 +188,7 @@ We’ve also included Kubernetes awareness in Sysdig Cloud’s famous topology v -[![](http://2.bp.blogspot.com/-hGQtaIV9XTA/Vk0RnwtlcGI/AAAAAAAAAuM/7ndiyAWpSvU/s640/image08.gif)](http://2.bp.blogspot.com/-hGQtaIV9XTA/Vk0RnwtlcGI/AAAAAAAAAuM/7ndiyAWpSvU/s1600/image08.gif) +[![](https://2.bp.blogspot.com/-hGQtaIV9XTA/Vk0RnwtlcGI/AAAAAAAAAuM/7ndiyAWpSvU/s640/image08.gif)](http://2.bp.blogspot.com/-hGQtaIV9XTA/Vk0RnwtlcGI/AAAAAAAAAuM/7ndiyAWpSvU/s1600/image08.gif) diff --git a/content/en/blog/_posts/2015-11-00-One-Million-Requests-Per-Second-Dependable-And-Dynamic-Distributed-Systems-At-Scale.md b/content/en/blog/_posts/2015-11-00-One-Million-Requests-Per-Second-Dependable-And-Dynamic-Distributed-Systems-At-Scale.md index 1cf45187b5f33..fb8ef764abed4 100644 --- a/content/en/blog/_posts/2015-11-00-One-Million-Requests-Per-Second-Dependable-And-Dynamic-Distributed-Systems-At-Scale.md +++ b/content/en/blog/_posts/2015-11-00-One-Million-Requests-Per-Second-Dependable-And-Dynamic-Distributed-Systems-At-Scale.md @@ -13,13 +13,13 @@ Fortunately, for developers, our infrastructure is evolving along with the requi To demonstrate exactly what we mean by this, I've developed a simple demo of a Container Engine cluster serving 1 million HTTP requests per second. In all honesty, serving 1 million requests per second isn’t really that exciting. In fact, it’s really so very [2013](http://googlecloudplatform.blogspot.com/2013/11/compute-engine-load-balancing-hits-1-million-requests-per-second.html). -[![](http://4.bp.blogspot.com/-eACCKAzuQFQ/VkO1rwW1DRI/AAAAAAAAAko/zKu-19QCCBU/s640/image01.gif)](http://4.bp.blogspot.com/-eACCKAzuQFQ/VkO1rwW1DRI/AAAAAAAAAko/zKu-19QCCBU/s1600/image01.gif) +[![](https://4.bp.blogspot.com/-eACCKAzuQFQ/VkO1rwW1DRI/AAAAAAAAAko/zKu-19QCCBU/s640/image01.gif)](http://4.bp.blogspot.com/-eACCKAzuQFQ/VkO1rwW1DRI/AAAAAAAAAko/zKu-19QCCBU/s1600/image01.gif) What _is_ exciting is that while successfully handling 1 million HTTP requests per second with uninterrupted availability, we have Kubernetes perform a zero-downtime rolling upgrade of the service to a new version of the software _while we're  **still** serving 1 million requests per second_. -[![](http://2.bp.blogspot.com/-_96_QwNRHLo/VkO1oDAyLLI/AAAAAAAAAkk/B_y5Uh5ngPU/s640/image00.gif)](http://2.bp.blogspot.com/-_96_QwNRHLo/VkO1oDAyLLI/AAAAAAAAAkk/B_y5Uh5ngPU/s1600/image00.gif) +[![](https://2.bp.blogspot.com/-_96_QwNRHLo/VkO1oDAyLLI/AAAAAAAAAkk/B_y5Uh5ngPU/s640/image00.gif)](http://2.bp.blogspot.com/-_96_QwNRHLo/VkO1oDAyLLI/AAAAAAAAAkk/B_y5Uh5ngPU/s1600/image00.gif) This is only possible due to a large number of performance tweaks and enhancements that have gone into the [Kubernetes 1.1 release](https://kubernetes.io/blog/2015/11/Kubernetes-1-1-Performance-upgrades-improved-tooling-and-a-growing-community). I’m incredibly proud of all of the features that our community has built into this release. Indeed in addition to making it possible to serve 1 million requests per second, we’ve also added an auto-scaler, so that you won’t even have to wake up in the middle of the night to scale your service in response to load or memory pressures. diff --git a/content/en/blog/_posts/2016-03-00-Elasticbox-Introduces-Elastickube-To.md b/content/en/blog/_posts/2016-03-00-Elasticbox-Introduces-Elastickube-To.md index 314bf770ab88e..1a67c9334eb1e 100644 --- a/content/en/blog/_posts/2016-03-00-Elasticbox-Introduces-Elastickube-To.md +++ b/content/en/blog/_posts/2016-03-00-Elasticbox-Introduces-Elastickube-To.md @@ -28,7 +28,7 @@ Use your existing tools of choice to actually build your containers Use ElasticKube to run, deploy and manage your containers and services -[![](http://cl.ly/0i3M2L3Q030z/Image%202016-03-11%20at%209.49.12%20AM.png)](http://cl.ly/0i3M2L3Q030z/Image%202016-03-11%20at%209.49.12%20AM.png) +[![](https://cl.ly/0i3M2L3Q030z/Image%202016-03-11%20at%209.49.12%20AM.png)](http://cl.ly/0i3M2L3Q030z/Image%202016-03-11%20at%209.49.12%20AM.png) diff --git a/content/en/blog/_posts/2017-11-00-Certified-Kubernetes-Conformance.md b/content/en/blog/_posts/2017-11-00-Certified-Kubernetes-Conformance.md index 649876673c35a..0fedabf7cc0c7 100644 --- a/content/en/blog/_posts/2017-11-00-Certified-Kubernetes-Conformance.md +++ b/content/en/blog/_posts/2017-11-00-Certified-Kubernetes-Conformance.md @@ -5,7 +5,7 @@ slug: certified-kubernetes-conformance url: /blog/2017/11/Certified-Kubernetes-Conformance --- -[![](https://1.bp.blogspot.com/-YasPeoIh8tA/Wg28rH4dzXI/AAAAAAAAAHg/Hfk2dnUoav4XMefGyjzMWdJMZbu1QJFagCK4BGAYYCw/s200/certified_kubernetes_color.png)](http://1.bp.blogspot.com/-YasPeoIh8tA/Wg28rH4dzXI/AAAAAAAAAHg/Hfk2dnUoav4XMefGyjzMWdJMZbu1QJFagCK4BGAYYCw/s1600/certified_kubernetes_color.png)This week the CNCFⓇ [certified the first group](https://www.cncf.io/announcement/2017/11/13/cloud-native-computing-foundation-launches-certified-kubernetes-program-32-conformant-distributions-platforms/) of KubernetesⓇ offerings under the [Certified Kubernetes Conformance Program](https://www.cncf.io/certification/software-conformance/). These first certifications follow a [beta phase](https://kubernetes.io/blog/2017/10/software-conformance-certification) during which we invited participants to submit conformance results. The community response was overwhelming: CNCF certified offerings from 32 vendors! +[![](https://1.bp.blogspot.com/-YasPeoIh8tA/Wg28rH4dzXI/AAAAAAAAAHg/Hfk2dnUoav4XMefGyjzMWdJMZbu1QJFagCK4BGAYYCw/s200/certified_kubernetes_color.png)](https://1.bp.blogspot.com/-YasPeoIh8tA/Wg28rH4dzXI/AAAAAAAAAHg/Hfk2dnUoav4XMefGyjzMWdJMZbu1QJFagCK4BGAYYCw/s1600/certified_kubernetes_color.png)This week the CNCFⓇ [certified the first group](https://www.cncf.io/announcement/2017/11/13/cloud-native-computing-foundation-launches-certified-kubernetes-program-32-conformant-distributions-platforms/) of KubernetesⓇ offerings under the [Certified Kubernetes Conformance Program](https://www.cncf.io/certification/software-conformance/). These first certifications follow a [beta phase](https://kubernetes.io/blog/2017/10/software-conformance-certification) during which we invited participants to submit conformance results. The community response was overwhelming: CNCF certified offerings from 32 vendors! The new Certified Kubernetes Conformance Program gives enterprise organizations the confidence that workloads running on any Certified Kubernetes distribution or platform will work correctly on other Certified Kubernetes distributions or platforms. A Certified Kubernetes product guarantees that the complete Kubernetes API functions as specified, so users can rely on a seamless, stable experience. diff --git a/content/en/blog/_posts/2017-11-00-Securing-Software-Supply-Chain-Grafeas.md b/content/en/blog/_posts/2017-11-00-Securing-Software-Supply-Chain-Grafeas.md index aa657b2f3cc99..9e01ff5d40663 100644 --- a/content/en/blog/_posts/2017-11-00-Securing-Software-Supply-Chain-Grafeas.md +++ b/content/en/blog/_posts/2017-11-00-Securing-Software-Supply-Chain-Grafeas.md @@ -24,7 +24,7 @@ Let’s consider a simple application, _PaymentProcessor_, that retrieves, proce Due to the sensitive nature of the payment data, the developers and DevOps team really want to make sure that the code meets certain security and compliance requirements, with detailed records on the provenance of this code. There are CI/CD stages that validate the quality of the PaymentProcessor release, but there is no easy way to centrally view/manage this information: -[![](https://1.bp.blogspot.com/-WeI6zpGd42A/WfzDkkIonFI/AAAAAAAAAG4/wKUaNaXYvaQ-an9p4_9T9J3EQB_zHkRXwCK4BGAYYCw/s1600/Screen%2BShot%2B2017-11-03%2Bat%2B12.28.23%2BPM.png)](http://1.bp.blogspot.com/-WeI6zpGd42A/WfzDkkIonFI/AAAAAAAAAG4/wKUaNaXYvaQ-an9p4_9T9J3EQB_zHkRXwCK4BGAYYCw/s1600/Screen%2BShot%2B2017-11-03%2Bat%2B12.28.23%2BPM.png) +[![](https://1.bp.blogspot.com/-WeI6zpGd42A/WfzDkkIonFI/AAAAAAAAAG4/wKUaNaXYvaQ-an9p4_9T9J3EQB_zHkRXwCK4BGAYYCw/s1600/Screen%2BShot%2B2017-11-03%2Bat%2B12.28.23%2BPM.png)](https://1.bp.blogspot.com/-WeI6zpGd42A/WfzDkkIonFI/AAAAAAAAAG4/wKUaNaXYvaQ-an9p4_9T9J3EQB_zHkRXwCK4BGAYYCw/s1600/Screen%2BShot%2B2017-11-03%2Bat%2B12.28.23%2BPM.png) ## Visibility and governance over the PaymentProcessor Code From 5e8cbb97ecaae8ddfdeaecbfc03f6a780721b741 Mon Sep 17 00:00:00 2001 From: Andrew Chen Date: Fri, 27 Jul 2018 16:42:23 -0700 Subject: [PATCH 2/3] fix in docs --- content/en/case-studies/ancestry.html | 2 +- content/en/docs/setup/on-premises-vm/ovirt.md | 2 +- content/en/docs/setup/turnkey/gce.md | 2 +- .../debug-application-cluster/resource-usage-monitoring.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/content/en/case-studies/ancestry.html b/content/en/case-studies/ancestry.html index 93c84c0286b16..8bd998392ab22 100644 --- a/content/en/case-studies/ancestry.html +++ b/content/en/case-studies/ancestry.html @@ -7,7 +7,7 @@ ---
-

CASE STUDY:
Digging Into the Past With New Technology

+

CASE STUDY:
Digging Into the Past With New Technology

diff --git a/content/en/docs/setup/on-premises-vm/ovirt.md b/content/en/docs/setup/on-premises-vm/ovirt.md index 218a01ee27145..a461de95e235c 100644 --- a/content/en/docs/setup/on-premises-vm/ovirt.md +++ b/content/en/docs/setup/on-premises-vm/ovirt.md @@ -59,7 +59,7 @@ kube-controller-manager ... --cloud-provider=ovirt --cloud-config=/path/to/ovirt This short screencast demonstrates how the oVirt Cloud Provider can be used to dynamically add VMs to your Kubernetes cluster. -[![Screencast](http://img.youtube.com/vi/JyyST4ZKne8/0.jpg)](http://www.youtube.com/watch?v=JyyST4ZKne8) +[![Screencast](https://img.youtube.com/vi/JyyST4ZKne8/0.jpg)](https://www.youtube.com/watch?v=JyyST4ZKne8) ## Support Level diff --git a/content/en/docs/setup/turnkey/gce.md b/content/en/docs/setup/turnkey/gce.md index 4f3c7045ca853..146c6d996bc0d 100644 --- a/content/en/docs/setup/turnkey/gce.md +++ b/content/en/docs/setup/turnkey/gce.md @@ -18,7 +18,7 @@ If you want a simplified getting started experience and GUI for managing cluster For an easy way to experiment with the Kubernetes development environment, click the button below to open a Google Cloud Shell with an auto-cloned copy of the Kubernetes source repo. -[![Open in Cloud Shell](http://gstatic.com/cloudssh/images/open-btn.png)](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/kubernetes/kubernetes&page=editor&open_in_editor=README.md) +[![Open in Cloud Shell](https://gstatic.com/cloudssh/images/open-btn.png)](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/kubernetes/kubernetes&page=editor&open_in_editor=README.md) If you want to use custom binaries or pure open source Kubernetes, please continue with the instructions below. diff --git a/content/en/docs/tasks/debug-application-cluster/resource-usage-monitoring.md b/content/en/docs/tasks/debug-application-cluster/resource-usage-monitoring.md index 5d99079d9ba6e..115dc3ecfb318 100644 --- a/content/en/docs/tasks/debug-application-cluster/resource-usage-monitoring.md +++ b/content/en/docs/tasks/debug-application-cluster/resource-usage-monitoring.md @@ -87,7 +87,7 @@ from your Kubernetes cluster. This video shows how to configure and run a Google Cloud Monitoring backed Heapster: -[![how to setup and run a Google Cloud Monitoring backed Heapster](http://img.youtube.com/vi/xSMNR2fcoLs/0.jpg)](http://www.youtube.com/watch?v=xSMNR2fcoLs) +[![how to setup and run a Google Cloud Monitoring backed Heapster](https://img.youtube.com/vi/xSMNR2fcoLs/0.jpg)](https://www.youtube.com/watch?v=xSMNR2fcoLs) {{< figure src="/images/docs/gcm.png" alt="Google Cloud Monitoring dashboard example" title="Google Cloud Monitoring dashboard example" caption="This dashboard shows cluster-wide resource usage." >}} From d06087adcc6abb02410bc15b4ecbabb8d29e1991 Mon Sep 17 00:00:00 2001 From: Andrew Chen Date: Fri, 27 Jul 2018 16:45:36 -0700 Subject: [PATCH 3/3] fix remaining image links --- ...Kubernetes-As-Foundation-For-Cloud-Native-Paas.md | 4 ++-- .../2015-11-00-Monitoring-Kubernetes-With-Sysdig.md | 12 ++++++------ ...dable-And-Dynamic-Distributed-Systems-At-Scale.md | 4 ++-- ...7-11-00-Securing-Software-Supply-Chain-Grafeas.md | 4 ++-- .../2018-01-00-Extensible-Admission-Is-Beta.md | 2 +- 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/content/en/blog/_posts/2015-11-00-Kubernetes-As-Foundation-For-Cloud-Native-Paas.md b/content/en/blog/_posts/2015-11-00-Kubernetes-As-Foundation-For-Cloud-Native-Paas.md index 1d7585b075a79..088b8032a3037 100644 --- a/content/en/blog/_posts/2015-11-00-Kubernetes-As-Foundation-For-Cloud-Native-Paas.md +++ b/content/en/blog/_posts/2015-11-00-Kubernetes-As-Foundation-For-Cloud-Native-Paas.md @@ -38,7 +38,7 @@ With Kubernetes continuing to gain momentum as a critical tool for building and -[![](https://2.bp.blogspot.com/-t3L1CANyhUs/Vjj28Zpf9WI/AAAAAAAAAjE/Ef-PLLmHGvU/s400/k8%2Bipaas%2B3.png)](http://2.bp.blogspot.com/-t3L1CANyhUs/Vjj28Zpf9WI/AAAAAAAAAjE/Ef-PLLmHGvU/s1600/k8%2Bipaas%2B3.png) +[![](https://2.bp.blogspot.com/-t3L1CANyhUs/Vjj28Zpf9WI/AAAAAAAAAjE/Ef-PLLmHGvU/s400/k8%2Bipaas%2B3.png)](https://2.bp.blogspot.com/-t3L1CANyhUs/Vjj28Zpf9WI/AAAAAAAAAjE/Ef-PLLmHGvU/s1600/k8%2Bipaas%2B3.png) @@ -64,7 +64,7 @@ Huawei has made Kubernetes the core runtime engine for container based applicati -[![](https://2.bp.blogspot.com/-Ys0Zn4IQzn0/Vjj3JIE0BVI/AAAAAAAAAjM/ktwltzVa1GE/s400/k8%2Bipaas%2B4.png)](http://2.bp.blogspot.com/-Ys0Zn4IQzn0/Vjj3JIE0BVI/AAAAAAAAAjM/ktwltzVa1GE/s1600/k8%2Bipaas%2B4.png) +[![](https://2.bp.blogspot.com/-Ys0Zn4IQzn0/Vjj3JIE0BVI/AAAAAAAAAjM/ktwltzVa1GE/s400/k8%2Bipaas%2B4.png)](https://2.bp.blogspot.com/-Ys0Zn4IQzn0/Vjj3JIE0BVI/AAAAAAAAAjM/ktwltzVa1GE/s1600/k8%2Bipaas%2B4.png) diff --git a/content/en/blog/_posts/2015-11-00-Monitoring-Kubernetes-With-Sysdig.md b/content/en/blog/_posts/2015-11-00-Monitoring-Kubernetes-With-Sysdig.md index 3affa1eb1c8a9..aa9790d997f52 100644 --- a/content/en/blog/_posts/2015-11-00-Monitoring-Kubernetes-With-Sysdig.md +++ b/content/en/blog/_posts/2015-11-00-Monitoring-Kubernetes-With-Sysdig.md @@ -27,7 +27,7 @@ The easiest way to take advantage of sysdig’s Kubernetes support is by launchi Now that csysdig is running, hit F2 to bring up the views panel, and you'll notice the presence of a bunch of new views. The **k8s Namespaces** view can be used to see the list of namespaces and observe the amount of CPU, memory, network and disk resources each of them is using on this machine: -[![](https://2.bp.blogspot.com/-9kXfpo76r0k/Vkz8AkpctEI/AAAAAAAAAss/yvf9oc759Wg/s640/sisdig%2B6.png)](http://2.bp.blogspot.com/-9kXfpo76r0k/Vkz8AkpctEI/AAAAAAAAAss/yvf9oc759Wg/s1600/sisdig%2B6.png) +[![](https://2.bp.blogspot.com/-9kXfpo76r0k/Vkz8AkpctEI/AAAAAAAAAss/yvf9oc759Wg/s640/sisdig%2B6.png)](https://2.bp.blogspot.com/-9kXfpo76r0k/Vkz8AkpctEI/AAAAAAAAAss/yvf9oc759Wg/s1600/sisdig%2B6.png) @@ -40,7 +40,7 @@ Now that csysdig is running, hit F2 to bring up the views panel, and you'll noti Similarly, you can select **k8s Services** to see the same information broken up by service: -[![](https://2.bp.blogspot.com/-Ya1W3Z_ETcs/Vkz8AN3XtfI/AAAAAAAAAs8/HNv_TvHpfHU/s640/sisdig%2B2.png)](http://2.bp.blogspot.com/-Ya1W3Z_ETcs/Vkz8AN3XtfI/AAAAAAAAAs8/HNv_TvHpfHU/s1600/sisdig%2B2.png) +[![](https://2.bp.blogspot.com/-Ya1W3Z_ETcs/Vkz8AN3XtfI/AAAAAAAAAs8/HNv_TvHpfHU/s640/sisdig%2B2.png)](https://2.bp.blogspot.com/-Ya1W3Z_ETcs/Vkz8AN3XtfI/AAAAAAAAAs8/HNv_TvHpfHU/s1600/sisdig%2B2.png) @@ -123,7 +123,7 @@ One of the core features of Sysdig Cloud is groups, which allow you to define th If you’re interested in the utilization of your underlying physical resource – e.g., identifying noisy neighbors – then the physical hierarchy is great. But if you’re looking to explore the performance of your applications and microservices, then the logical hierarchy is often the best place to start.  -[![](https://4.bp.blogspot.com/-80u3oSEi_Fw/Vkz8AZgE6eI/AAAAAAAAAtE/3iRDMJKBNmc/s640/sisdig%2B5.png)](http://4.bp.blogspot.com/-80u3oSEi_Fw/Vkz8AZgE6eI/AAAAAAAAAtE/3iRDMJKBNmc/s1600/sisdig%2B5.png) +[![](https://4.bp.blogspot.com/-80u3oSEi_Fw/Vkz8AZgE6eI/AAAAAAAAAtE/3iRDMJKBNmc/s640/sisdig%2B5.png)](https://4.bp.blogspot.com/-80u3oSEi_Fw/Vkz8AZgE6eI/AAAAAAAAAtE/3iRDMJKBNmc/s1600/sisdig%2B5.png) @@ -148,7 +148,7 @@ If you’re interested in the utilization of your underlying physical resource&n For example: here you can see the overall performance of our WordPress service:  -[![](https://4.bp.blogspot.com/-QAsedrM2UxI/Vkz8Aas-26I/AAAAAAAAAtM/9B7Z33vUQrg/s640/sisdig%2B3.png)](http://4.bp.blogspot.com/-QAsedrM2UxI/Vkz8Aas-26I/AAAAAAAAAtM/9B7Z33vUQrg/s1600/sisdig%2B3.png) +[![](https://4.bp.blogspot.com/-QAsedrM2UxI/Vkz8Aas-26I/AAAAAAAAAtM/9B7Z33vUQrg/s640/sisdig%2B3.png)](https://4.bp.blogspot.com/-QAsedrM2UxI/Vkz8Aas-26I/AAAAAAAAAtM/9B7Z33vUQrg/s1600/sisdig%2B3.png) Keep in mind that the pods implementing this service are scattered across multiple machines, but we can still total request counts, response times and URL statistics aggregated together for this service. And don’t forget: this doesn’t require any configuration or instrumentation of wordpress, apache, or the underlying containers!  @@ -162,7 +162,7 @@ And from this view, I can now easily create alerts for these service-level metri We’ve also included Kubernetes awareness in Sysdig Cloud’s famous topology view, at both the physical and logical level.  -[![](https://2.bp.blogspot.com/-2is-UJatmPk/Vk0AtdfvYvI/AAAAAAAAAt0/9SEsl2LCpYI/s640/image02.gif)](http://2.bp.blogspot.com/-2is-UJatmPk/Vk0AtdfvYvI/AAAAAAAAAt0/9SEsl2LCpYI/s1600/image02.gif) +[![](https://2.bp.blogspot.com/-2is-UJatmPk/Vk0AtdfvYvI/AAAAAAAAAt0/9SEsl2LCpYI/s640/image02.gif)](https://2.bp.blogspot.com/-2is-UJatmPk/Vk0AtdfvYvI/AAAAAAAAAt0/9SEsl2LCpYI/s1600/image02.gif) @@ -188,7 +188,7 @@ We’ve also included Kubernetes awareness in Sysdig Cloud’s famous topology v -[![](https://2.bp.blogspot.com/-hGQtaIV9XTA/Vk0RnwtlcGI/AAAAAAAAAuM/7ndiyAWpSvU/s640/image08.gif)](http://2.bp.blogspot.com/-hGQtaIV9XTA/Vk0RnwtlcGI/AAAAAAAAAuM/7ndiyAWpSvU/s1600/image08.gif) +[![](https://2.bp.blogspot.com/-hGQtaIV9XTA/Vk0RnwtlcGI/AAAAAAAAAuM/7ndiyAWpSvU/s640/image08.gif)](https://2.bp.blogspot.com/-hGQtaIV9XTA/Vk0RnwtlcGI/AAAAAAAAAuM/7ndiyAWpSvU/s1600/image08.gif) diff --git a/content/en/blog/_posts/2015-11-00-One-Million-Requests-Per-Second-Dependable-And-Dynamic-Distributed-Systems-At-Scale.md b/content/en/blog/_posts/2015-11-00-One-Million-Requests-Per-Second-Dependable-And-Dynamic-Distributed-Systems-At-Scale.md index fb8ef764abed4..a4fe98a9c0717 100644 --- a/content/en/blog/_posts/2015-11-00-One-Million-Requests-Per-Second-Dependable-And-Dynamic-Distributed-Systems-At-Scale.md +++ b/content/en/blog/_posts/2015-11-00-One-Million-Requests-Per-Second-Dependable-And-Dynamic-Distributed-Systems-At-Scale.md @@ -13,13 +13,13 @@ Fortunately, for developers, our infrastructure is evolving along with the requi To demonstrate exactly what we mean by this, I've developed a simple demo of a Container Engine cluster serving 1 million HTTP requests per second. In all honesty, serving 1 million requests per second isn’t really that exciting. In fact, it’s really so very [2013](http://googlecloudplatform.blogspot.com/2013/11/compute-engine-load-balancing-hits-1-million-requests-per-second.html). -[![](https://4.bp.blogspot.com/-eACCKAzuQFQ/VkO1rwW1DRI/AAAAAAAAAko/zKu-19QCCBU/s640/image01.gif)](http://4.bp.blogspot.com/-eACCKAzuQFQ/VkO1rwW1DRI/AAAAAAAAAko/zKu-19QCCBU/s1600/image01.gif) +[![](https://4.bp.blogspot.com/-eACCKAzuQFQ/VkO1rwW1DRI/AAAAAAAAAko/zKu-19QCCBU/s640/image01.gif)](https://4.bp.blogspot.com/-eACCKAzuQFQ/VkO1rwW1DRI/AAAAAAAAAko/zKu-19QCCBU/s1600/image01.gif) What _is_ exciting is that while successfully handling 1 million HTTP requests per second with uninterrupted availability, we have Kubernetes perform a zero-downtime rolling upgrade of the service to a new version of the software _while we're  **still** serving 1 million requests per second_. -[![](https://2.bp.blogspot.com/-_96_QwNRHLo/VkO1oDAyLLI/AAAAAAAAAkk/B_y5Uh5ngPU/s640/image00.gif)](http://2.bp.blogspot.com/-_96_QwNRHLo/VkO1oDAyLLI/AAAAAAAAAkk/B_y5Uh5ngPU/s1600/image00.gif) +[![](https://2.bp.blogspot.com/-_96_QwNRHLo/VkO1oDAyLLI/AAAAAAAAAkk/B_y5Uh5ngPU/s640/image00.gif)](https://2.bp.blogspot.com/-_96_QwNRHLo/VkO1oDAyLLI/AAAAAAAAAkk/B_y5Uh5ngPU/s1600/image00.gif) This is only possible due to a large number of performance tweaks and enhancements that have gone into the [Kubernetes 1.1 release](https://kubernetes.io/blog/2015/11/Kubernetes-1-1-Performance-upgrades-improved-tooling-and-a-growing-community). I’m incredibly proud of all of the features that our community has built into this release. Indeed in addition to making it possible to serve 1 million requests per second, we’ve also added an auto-scaler, so that you won’t even have to wake up in the middle of the night to scale your service in response to load or memory pressures. diff --git a/content/en/blog/_posts/2017-11-00-Securing-Software-Supply-Chain-Grafeas.md b/content/en/blog/_posts/2017-11-00-Securing-Software-Supply-Chain-Grafeas.md index 9e01ff5d40663..b996a796a2aa7 100644 --- a/content/en/blog/_posts/2017-11-00-Securing-Software-Supply-Chain-Grafeas.md +++ b/content/en/blog/_posts/2017-11-00-Securing-Software-Supply-Chain-Grafeas.md @@ -13,7 +13,7 @@ On October 12th, Google and partners [announced](https://cloudplatform.googleblo Grafeas allows build, auditing and compliance tools to exchange comprehensive metadata on container images using a central API. This allows enforcing policies that provide central control over the software supply process. -[![](https://2.bp.blogspot.com/-TDD4slMA7gg/WfzDeKVLr2I/AAAAAAAAAGw/dhfWOrCMdmogSNhGr5RrA2ovr02K5nn8ACK4BGAYYCw/s400/Screen%2BShot%2B2017-11-03%2Bat%2B12.28.13%2BPM.png)](http://2.bp.blogspot.com/-TDD4slMA7gg/WfzDeKVLr2I/AAAAAAAAAGw/dhfWOrCMdmogSNhGr5RrA2ovr02K5nn8ACK4BGAYYCw/s1600/Screen%2BShot%2B2017-11-03%2Bat%2B12.28.13%2BPM.png) +[![](https://2.bp.blogspot.com/-TDD4slMA7gg/WfzDeKVLr2I/AAAAAAAAAGw/dhfWOrCMdmogSNhGr5RrA2ovr02K5nn8ACK4BGAYYCw/s400/Screen%2BShot%2B2017-11-03%2Bat%2B12.28.13%2BPM.png)](https://2.bp.blogspot.com/-TDD4slMA7gg/WfzDeKVLr2I/AAAAAAAAAGw/dhfWOrCMdmogSNhGr5RrA2ovr02K5nn8ACK4BGAYYCw/s1600/Screen%2BShot%2B2017-11-03%2Bat%2B12.28.13%2BPM.png) ## Example application: PaymentProcessor @@ -30,7 +30,7 @@ Due to the sensitive nature of the payment data, the developers and DevOps team ## Visibility and governance over the PaymentProcessor Code Grafeas provides an API for customers to centrally manage metadata created by various CI/CD components and enables deploy time policy enforcement through a Kritis implementation. -[![](https://4.bp.blogspot.com/-SRMfm5z606M/WfzDpHqlz-I/AAAAAAAAAHA/y2suaInhr9E0hU0u78PacBT_kZj2D7DKgCK4BGAYYCw/s1600/Screen%2BShot%2B2017-11-03%2Bat%2B12.28.34%2BPM.png)](http://4.bp.blogspot.com/-SRMfm5z606M/WfzDpHqlz-I/AAAAAAAAAHA/y2suaInhr9E0hU0u78PacBT_kZj2D7DKgCK4BGAYYCw/s1600/Screen%2BShot%2B2017-11-03%2Bat%2B12.28.34%2BPM.png) +[![](https://4.bp.blogspot.com/-SRMfm5z606M/WfzDpHqlz-I/AAAAAAAAAHA/y2suaInhr9E0hU0u78PacBT_kZj2D7DKgCK4BGAYYCw/s1600/Screen%2BShot%2B2017-11-03%2Bat%2B12.28.34%2BPM.png)](https://4.bp.blogspot.com/-SRMfm5z606M/WfzDpHqlz-I/AAAAAAAAAHA/y2suaInhr9E0hU0u78PacBT_kZj2D7DKgCK4BGAYYCw/s1600/Screen%2BShot%2B2017-11-03%2Bat%2B12.28.34%2BPM.png) Let’s consider a basic example of how Grafeas can provide deploy time control for the PaymentProcessor app using a demo verification pipeline. diff --git a/content/en/blog/_posts/2018-01-00-Extensible-Admission-Is-Beta.md b/content/en/blog/_posts/2018-01-00-Extensible-Admission-Is-Beta.md index 2f9ef3e537d85..fe94dbf1b0da9 100644 --- a/content/en/blog/_posts/2018-01-00-Extensible-Admission-Is-Beta.md +++ b/content/en/blog/_posts/2018-01-00-Extensible-Admission-Is-Beta.md @@ -13,7 +13,7 @@ The admission stage of API server processing is one of the most powerful tools f ## What is Admission? [Admission](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#what-are-they) is the phase of [handling an API server request](https://blog.openshift.com/kubernetes-deep-dive-api-server-part-1/) that happens before a resource is persisted, but after authorization. Admission gets access to the same information as authorization (user, URL, etc) and the complete body of an API request (for most requests). -[![](https://2.bp.blogspot.com/-p8WGg2BATsY/WlfywbD_tAI/AAAAAAAAAJw/mDqZV0dB4_Y0gXXQp_1tQ7CtMRSd6lHVwCK4BGAYYCw/s640/Screen%2BShot%2B2018-01-11%2Bat%2B3.22.07%2BPM.png)](http://2.bp.blogspot.com/-p8WGg2BATsY/WlfywbD_tAI/AAAAAAAAAJw/mDqZV0dB4_Y0gXXQp_1tQ7CtMRSd6lHVwCK4BGAYYCw/s1600/Screen%2BShot%2B2018-01-11%2Bat%2B3.22.07%2BPM.png) +[![](https://2.bp.blogspot.com/-p8WGg2BATsY/WlfywbD_tAI/AAAAAAAAAJw/mDqZV0dB4_Y0gXXQp_1tQ7CtMRSd6lHVwCK4BGAYYCw/s640/Screen%2BShot%2B2018-01-11%2Bat%2B3.22.07%2BPM.png)](https://2.bp.blogspot.com/-p8WGg2BATsY/WlfywbD_tAI/AAAAAAAAAJw/mDqZV0dB4_Y0gXXQp_1tQ7CtMRSd6lHVwCK4BGAYYCw/s1600/Screen%2BShot%2B2018-01-11%2Bat%2B3.22.07%2BPM.png) The admission phase is composed of individual plugins, each of which are narrowly focused and have semantic knowledge of what they are inspecting. Examples include: PodNodeSelector (influences scheduling decisions), PodSecurityPolicy (prevents escalating containers), and ResourceQuota (enforces resource allocation per namespace).