Linux Containers has released Incus 0.1, the first formal release of their community fork of the LXD project. Incus was created after Canonical took control of LXD. Incus 0.1 is similar to the LXD 5.18 release but includes several changes and improvements. The project has dropped unused or problematic features from the LXD codebase and will now focus on backwards compatibility. Notable changes include renaming the project to Incus and replacing /dev/lxd with /dev/incus. More details and downloads can be found at LinuxContainers.org.

Source: Phoronix.

k0s, an all-inclusive Kubernetes distribution, has just released version v1.27.6+k0s.0. This distribution is designed to make building a Kubernetes cluster easier by providing all the necessary features in a single binary. One of the key advantages of k0s is its versatility. While it is well-suited for cloud environments, it can also be used in IoT gateways, edge deployments, and bare metal setups. This is due to its simple design, flexible deployment options, and modest system requirements.

In this latest release, several changes and improvements have been made. These include fixing a hanging start-stop-daemon in footloose Alpine, updating dependencies such as filepath-securejoin and Go, modifying kubelet arguments passed in the CLI inttest, and upgrading containerd to version 1.7.6. Additionally, Kubernetes itself has been bumped to version 1.27.6.

For more details on the changes, you can check out the full changelog.

Kubernetes 1.28 introduces several security enhancements to improve the user experience and address the evolving needs of its users. The enhancements include the use of CEL-based admission policies and webhook match conditions, reduction of secret-based service account tokens, ensuring secure image pulling, container image signature handling based on sigstore, KMS v2 improvements, and an Auth API to get self-user attributes. These enhancements provide better security, performance, and management of Kubernetes clusters, ensuring that only verified and secure images are used and that sensitive data remains encrypted. As Kubernetes becomes more essential, these enhancements play a critical role in ensuring the security and reliability of container orchestration platforms.

Source: CNCF Blog.

The New Stack has posted a guide on how to harden n Ubuntu server. Ubuntu is a popular choice for container deployments, but many admins and DevOps teams overlook the importance of securing the operating system itself. The article provides a guide to hardening Ubuntu to ensure a secure foundation for deployments. The steps include:

1. Schedule regular upgrades to ensure the server is patched against the latest threats.

2. Change sudo and SSH settings.

3. Install and configure fail2ban to automatically ban IP addresses that attempt to compromise the server via SSH.

4. Secure shared memory by mounting /run/shm with certain privileges.

5. Enable and configure the Uncomplicated Firewall (UFW) and allow SSH connections.

By following these steps, admins and DevOps teams can significantly enhance the security of their Ubuntu Server deployments. Head over to The New Stack and read the guide!

Source: The New Stack.

This guide will help you set up a Kubernetes cluster, including a service mesh using k3s (at the time of writing at version 0.10.2) and Rio. We’ll deploy the cluster on DigitalOcean. Ubuntu 18.04 LTS will be the OS during this tutorial. If you sign up to DigitalOcean using this link, you’ll receive $50 to spend on their services over 30 days. If you wish to run your cluster on your own hardware, you could do so on Raspberry Pis (ARM64) or Intel NUCs (x86_64) for example.

In this tutorial, we’ll deploy Bitwarden on Docker Swarm. It’s based on an earlier tutorial on this site, where we deployed Docker Swarm on DigitalOcean. Bitwarden is a password manager with support for self-hosting. We’ll use bitwarden_rs, an unofficial Bitwarden API server implementation, as it’s a bit faster than the default implementation. Bitwarden_rs is written in Rust and is compatible with the official Bitwarden clients. Bitwarden has the following features, among others: