www.mirantis.com Open in urlscan Pro
2a05:d014:275:cb01:2c5:838c:1ab7:a223  Public Scan

Form analysis
2 forms found in the DOM

<form class="search-dropdown"><input id="search-input" autocomplete="off" autocorrect="off" autocapitalize="off" data-di-id="#search-input" class="st-default-search-input"></form>

<form>
  <input class="st-default-search-input st-search-set-focus" type="text" value="" placeholder="Search this site" aria-label="Search this site" id="st-overlay-search-input" autocomplete="off" autocorrect="off" autocapitalize="off">
</form>

Text Content

Mirantis Products & Services
|BLOG
 * Kubernetes
   |
 * Openstack
   |
 * Containers
   |
 * Hybrid Cloud
   |
 * Edge
   |
 * Lens
   |
 * Security


CONTACT US


CONFIDENTIAL KUBERNETES, DISTROLESS IMAGES, AND PHISHING GALORE

Eric Gregory - September 30, 2022


Every Wednesday, Nick Chase and Eric Gregory from Mirantis go over the week’s
cloud native and industry news on the Radio Cloud Native podcast.

This week, John Jainschigg stepped in for Nick, and John and Eric discussed:

 * Mirantis Kubernetes Engine recognition by G2

 * The recently open sourced "Confidential" Kubernetes distribution
   Constellation

 * Wolfi, a new open source Linux "undistro" for container images

 * Phishing scheme targets GitHub accounts with fake CircleCI notifications

 * And more on the podcast, including a 15 year old Python bug and the endgame
   for floppy disks

You can watch the entire episode below or download the podcast from Apple
Podcasts, Spotify, or wherever you get your podcasts. If you'd like to tune into
the next show live, follow Mirantis on LinkedIn to receive our announcement of
the next broadcast.




G2 RECOGNIZES MIRANTIS KUBERNETES ENGINE

John: This week G2, the world’s leading business solutions review website,
recognized Mirantis Kubernetes Engine (MKE) as a leader in the Container
Orchestration category across its Overall and Mid-Market Grid Report.

G2 Grid Reports use validated reviews on G2 and market presence scores to
compare products. In this latest report, Mirantis ranks higher than some of the
most prominent players in the industry, including Red Hat and Amazon Web
Services (AWS).

The G2 report includes quotes from users, and we’ll share just one: “The main
advantage of MKE is we can deploy it anywhere like Virtual server, Cloud, etc.
As a project lead, it is my responsibility to make available nodes to users
easily. And also manage all nodes' performance, mainly worker nodes. After
deploying MKE on our premises, my work becomes very easy. Now, all nodes at one
place. Easy to manage and track. Easy to deploy using launchpad CLI. I've
successfully deployed it on our virtual Linux server. Installation link having
clear instructions to install MKE. Now all performance, updates are happening in
one place.”

If you’d like to check out the G2 report, you can see that here.




"CONFIDENTIAL KUBERNETES" DISTRIBUTION CONSTELLATION OPEN SOURCED

Eric: Edgeless Systems announced the open sourcing of their Kubernetes
distribution called Constellation, which they bill as “Confidential Kubernetes.”
This security-centric distro is wrapped in a runtime-encrypted VM, with the idea
being that all activity inside the cluster is encrypted against everyone
outside, including the cloud provider. Among other things, this provides
encryption at runtime and remote attestation, or verification using
cryptographic certificates. 

Now, all this encryption comes with a performance cost that some benchmarks
estimate could fall between 2 and 8%, so the question for enterprises here is
exactly where they want to land on the security-performance continuum.

You can check out the project on GitHub.


WOLFI, A LINUX "UNDISTRO" FOR SUPPLY CHAIN SECURITY

Eric: Elsewhere in security-conscious tooling, Chainguard announced Wolfi, what
they’re calling a Linux “undistro” intended to serve as a slim and secure base
for container images. That’s W-O-L-F-I—it sounds lupine but it actually refers
to the smallest known species of octopus.

Chainguard calls Wolfi an “undistro” because it doesn’t actually include the
Linux kernel—it assumes it’s running in a container and using the host kernel.
It’s similar in concept to Google’s distroless base, paring down packages in the
base to an absolute minimum—and really it’s more than similar, it seems to be a
pretty direct evolution of that project, while also taking some inspiration from
Alpine Linux. Wolfi features include:

 * SBOM generation at build time

 * Minimized dependencies in the base

 * Daily builds for the base image to keep components up-to-date

 * Support for glibc and musl

Using Wolfi as a base, Chainguard says their images for Go, PHP, and nginx each
contain zero CVEs, compared to counts in the hundreds for the standard versions
of those images. 

If you’re interested in how Wolfi differs from the distroless base, it uses
Chainguard-developed tools called melange and apko to build images from apk
packages (without actually including a package manager like apk or apt in the
base) and doesn’t draw on upstream Debian like distroless.

You can check out Wolfi on GitHub at https://github.com/chainguard-dev/wolfi-os.


PHISHING SCHEME TARGETS GITHUB ACCOUNTS WITH FAKE CIRCLECI NOTIFICATIONS

Eric: A recent phishing scheme targets GitHub accounts with fake CircleCI
notifications. According to GitHub, this campaign began on September 16th. The
false message claims that users need to log in to accept modified privacy
policies and terms of use.

The phishers use a variety of fake domains, including:

 * circle-ci[.]com

 * emails-circleci[.]com

 * circle-cl[.]com

 * email-circleci[.]com

According to CircleCI themselves, legitimate addresses will only ever be at
circleci.com or a subdomain. 

Multi-factor authentication with hardware security keys mitigates these attacks.
If you’re concerned that you’ve already been hit, CircleCI recommends rotating
your credentials for both CircleCI and GitHub and performing a system audit. You
also want to watch out for new users and new SSH keys created within potentially
compromised systems—these are strategies phishers use to maintain access even if
you’ve changed your passwords.

Check out the podcast for more of this week's stories.




SIGN UP FOR OUR NEWSLETTER

SUBSCRIBE

More from Mirantis


TECHNICAL TRAINING

Learn Kubernetes & OpenStack from Deployment Experts

Prep for certification!

View schedule


WHITEPAPER

The Definitive Guide to Container Platforms



READ IT NOW


MIRANTIS WEBSTORE

Purchase Kubernetes support



SHOP NOW

 * 
 * 
 * 
 * 

900 E Hamilton Avenue
Suite 650
Campbell, CA 95008
+1-650-963-9828

Privacy Policy

PRODUCTS

 * Mirantis Flow
 * Mirantis Container Cloud
 * Mirantis Kubernetes Engine
 * Mirantis Secure Registry
 * Mirantis Container Runtime
 * Mirantis OpenStack for Kubernetes

RESOURCES

 * Login to Support
 * What Is Kubernetes?
 * What is the Software Defined Data Center?
 * Getting Started: k0s
 * Getting Started: Lens
 * Training

ABOUT

 * Contact
 * Careers
 * Company
 * Locations
 * Meet the Team

© 2005 - 2022 Mirantis, Inc. All rights reserved. “Mirantis” and “FUEL” are
registered trademarks of Mirantis, Inc. All other trademarks are the property of
their respective owners.



Close


suggested results





Feedback



PRIVACY PREFERENCE CENTER

When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
More information
Allow All


MANAGE CONSENT PREFERENCES

STRICTLY NECESSARY COOKIES

Always Active

These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to block
or alert you about these cookies, but some parts of the site will not then work.
These cookies do not store any personally identifiable information.

PERFORMANCE COOKIES

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.

FUNCTIONAL COOKIES

Functional Cookies

These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then some
or all of these services may not function properly.

TARGETING COOKIES

Targeting Cookies

These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.


BACK BUTTON PERFORMANCE COOKIES



Vendor Search Search Icon
Filter Icon

Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label

Confirm My Choices



COOKIE NOTICE

Our website uses cookies. By clicking “Accept All”, you agree that they can be
stored on your device for ensuring all website functions and analytical,
statistical and marketing purposes as described in our Privacy Policy and Cookie
Policy.

Accept All

Cookies Settings