nfs-ganesha-server-and-external-provisioner
falco
nfs-ganesha-server-and-external-provisioner | falco | |
---|---|---|
5 | 42 | |
397 | 6,913 | |
1.3% | 1.4% | |
3.1 | 9.8 | |
3 months ago | 3 days ago | |
Shell | C++ | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
nfs-ganesha-server-and-external-provisioner
- Alternative to Longhorn RWX?
-
How to Deploy and Scale Strapi on a Kubernetes Cluster 2/2
Now, for the purposes of this article, in case you don't have an NFS server available, we will use a simple NFS Server Provisioner, which we'll use only for example purposes. As mentioned before, using a managed solution from a cloud provider or a properly configured HA NFS server in your infrastructure is highly recommended. We'll install not the most up-to-date solution, but it should work for example purposes. We will follow the Quickstart found in the repo, mixed with this repo which does some small tweaks to make it work with K3d, which is summarized in the following commands run from the helm folder:
-
How to scale nginx pod when pod is mounting a volume
Some people just setup an NFS share. There's one that uses existing NFS and another that also provides NFS. This becomes a single point of failure though.
-
NFS volume mount on Kubernetes
Conceptually to attach your storage to your pod, you have to go through 2 objects, the PVC that attaches to the PV, which itself must have a physical support, so the nfs mount on your nodes in hostpath, which is globally disgusting, it is better to inform the NFS server in your PV. Maybe I'm wrong but it seems clear to me. However, if you ask this kind of questions, you might be missing two or three things about K8. I advise you to read the documentation about PV, PVC, SC etc... Also NFS is not POSIX and by nature slow, which can cause inconsistencies in your data, but this is an extreme case. In a logic of automation you can use this: https://github.com/kubernetes-sigs/nfs-ganesha-server-and-external-provisioner Help yourself with this . https://www.linuxtechi.com/configure-nfs-persistent-volume-kubernetes/
-
NFS server provisioner deprecated - what's the replacement?
I found something similar that seems to be a continuation of the nfs-server-provisioner- https://github.com/kubernetes-sigs/nfs-ganesha-server-and-external-provisioner
falco
-
Cisco Acquires Splunk
https://github.com/falcosecurity/falco
Like snort, but looks at system calls.
-
Kubernetes security projects for entry grad roles in DevSecOps/Cloud security
From one noob to another - I had a lot of fun setting up Falco (https://falco.org) and creating custom policies & alerts.
-
An Overview of Kubernetes Security Projects at KubeCon Europe 2023
Falco is a well-known open source security solution originally created by Sysdig. Itβs a CNCF incubating project and one of the few (as far as I can tell) options on this list that uses eBPF to scan for vulnerabilities.
-
K8s secret management
Use some kind of SIEM or Falco to alert you to threats (you can't stop them, but a human can always intervene)
-
How to Deploy and Scale Strapi on a Kubernetes Cluster 2/2
Falco, is a security project that can help you detect threats from within your cluster.
- Opensource IDS for Kubernetes??
-
Go based eBPF projects
https://falco.org/ is a security-focused monitoring and alerting with an eBPF option
- Is there a utility that can send shell command to all pods?
- eBPF β Running sandboxed programs in a privileged context such as OS kernel
-
My GoLab 2022 experience
On the cgo side I want to highlight two talks: one from Loris Cro about dealing with cross-complition difficulties, that the usage of cgo brings, using the Zig language and the other from Jason Dellaluce and Leonardo Grasso about how to extend Falco, a Kubernetes threat detection engine, which is written in C++, with plugins written in Go, explaining the challenges of integrating cgo in both C and Go.
What are some alternatives?
nfs-subdir-external-provisioner - Dynamic sub-dir volume provisioner on a remote NFS server.
trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
longhorn - Cloud-Native distributed storage built on and for Kubernetes
Kyverno - Kubernetes Native Policy Management
csi-s3 - A Container Storage Interface for S3
OSQuery - SQL powered operating system instrumentation, monitoring, and analytics.
csi-driver-nfs - This driver allows Kubernetes to access NFS server on Linux node.
gatekeeper - π Gatekeeper - Policy Controller for Kubernetes
GlusterFS - Gluster Filesystem : Build your distributed storage in minutes
kubescape - Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources.
local-path-provisioner - Dynamically provisioning persistent local storage with Kubernetes
istio - Connect, secure, control, and observe services.