Posts in 2022
Security: Using Pod Security Standard "restricted"
2022-03-09 in Blog
tl;dr: pod security standards is a recent addition to Kubernetes, coming to replace pod security policies. Alongside seccomp, it provides greater isolation levels to workloads. Read up on how we moved all Flux controllers to 'restricted' mode and how that's going to keep you safer.
Next up in our blog series about Flux Security is how we moved to Pod Security Standard “restricted”, all the background info you need to know and how that makes things safer for you. Since version 0.26 of Flux we are applying [..] the restricted pod security standard to all controllers. In practice this means: all Linux capabilities were dropped the root filesystem was set to …
February 2022 Update
2022-03-01 in Blog
tl;dr: New Flux and Flagger releases bring more security, many new adopters have joined our community, Flux articles and docs, upcoming Flux events helping you get started and more.
As the Flux family of projects and its communities are growing, we strive to inform you each month about what has already landed, new possibilities which are available for integration, and where you can get involved. Read our last update here. It’s the beginning of March 2022 - let’s recap together what happened in February - it has been a lot! News in the Flux family Latest Flux is …
Security: More confidence through Fuzzing
2022-02-22 in Blog
tl;dr: ADA Logics helped us moving to Fuzzing as part of their security audit. We finally implemented this for all Flux controllers. Learn here how this keeps you safer.
Next up in our blog series about Flux Security is how we implemented fuzzing in Flux and its controllers and how that makes things safer for you. Wikipedia explains Fuzzing like so: Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as …
Security: Image Provenance
2022-02-14 in Blog
tl;dr: Next up in our series of blog posts about Flux's security considerations. This time: image provenance - how to make it part of your workflow and how it keeps you safe.
Next up in our blog series about Flux Security is how and why we use signatures for the Flux CLI and all its controller images and what you can do to verify image provenance in your workflow. Since Flux 0.26 our Security Docs had this addition: The Flux CLI and the controllers' images are signed using Sigstore Cosign and GitHub OIDC. The container images along with their signatures are published …
Security: The Value of SBOMs
2022-02-07 in Blog
tl;dr: The first in our series of blog posts about Flux's security considerations. This time: what a Software Bill of Materials can do to keep you safe.
Flux - built with security in mind You don’t get to re-architect a successful project very often, but we did about two years ago. The Flux project was already off to a great start and had many happy adopters and many of its design principles we kept at the forefront of our mind: Pull vs Push: if you haven’t read this great blog post from 2018 about why you want Pull - all it says still …
January 2022 Update
2022-01-31 in Blog
tl;dr: New Flux and Flagger releases bring more security, terraform-controller team wants feedback, Flux articles and docs, upcoming Flux events helping you get started and more.
As the Flux family of projects and its communities are growing, we strive to inform you each month about what has already landed, new possibilities which are available for integration, and where you can get involved. Read our last update here. It’s the beginning of February 2022 and you have been waiting for a long time - let’s recap together what happened in January and December- …
Posts in 2021
December 2021 Update
2021-11-30 in Blog
tl;dr: New Flux releases bring more security, update GitHub integration, add support for BitBucket Server. We need your input on new Flux RFCs, upcoming events featuring Flux and more.
As the Flux family of projects and its communities are growing, we strive to inform you each month about what has already landed, new possibilities which are available for integration, and where you can get involved. Read last month’s update here. Let’s recap what happened in November - there has been so much happening! News in the Flux family A flurry of Flux releases The Flux …
Flux Security Audit has concluded
2021-11-10 in Blog
tl;dr: Flux just went through a CNCF-funded Security Audit. Here we publicly release and discuss the report. We also disclose our first CVE, which was fixed in Flux v0.18.0 - please upgrade as soon as you can!
As Flux is an Incubation project within the Cloud Native Computing Foundation, we were graciously granted a sponsored audit. The primary aim was to assess Flux’s fundamental security posture and to identify next steps in its security story. The audit was commissioned by the CNCF, and facilitated by OSTIF (the Open Source Technology Improvement Fund). ADA Logics was quickly brought into the …
November 2021 update
2021-10-29 in Blog
tl;dr: New releases in the Flux family (Server-Side Apply in Flux, Flagger 1.15). Max Jonas Werner (D2IQ) and Soulé Ba + Sunny (Weaveworks) are new Flux maintainers, lots of event news, Flux and OpenShift and much much more!
As the Flux family of projects and its communities are growing, we strive to inform you each month about what has already landed, new possibilities which are available for integration, and where you can get involved. Read last month’s update here. Let’s recap what happened in October - there has been so much happening! News in the Flux family Server side apply has landed We gave you a …
October 2021 update
2021-10-01 in Blog
tl;dr: Server-side reconciliation is coming, better transport and crypto support for libgit2, Flagger 1.14, KubeCon updates, GitOps One-Stop Shop Event to show-case Flux integrated being used in big GitOps offerings, community news!
As the Flux family of projects and its communities are growing, we strive to inform you each month about what has already landed, new possibilities which are available for integration, and where you can get involved. Read last month’s update here. Let’s recap what happened in September - there has been so much happening! Flux Project Facts We are very proud of what we put together, …