Skip to content

Commit a69047a

Browse files
mikumiku
committed
#48 wrapup
1 parent 61b5a9f commit a69047a

File tree

1 file changed

+9
-8
lines changed

1 file changed

+9
-8
lines changed

content/posts/meetup-48-wrapup.md

Lines changed: 9 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
---
22
title: "Hybrid Meetup #48 wrap-up"
3-
date: 2025-02-25T13:00:00+01:00
4-
draft: true
3+
date: 2025-03-12T08:00:00+01:00
4+
draft: false
55
tags:
66
- summary
77
- meetup
@@ -29,19 +29,19 @@ focussed on container/cluster security and was acquired by Red Hat in
2929
There are three security layers on the cluster:
3030

3131
* build time (CVE handling, image checks, ...); supported by [roxctl](https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.0/html-single/roxctl_cli/index#check-policy-compliance_cli-getting-started)
32-
* deploy time (admission controllor)
32+
* deploy time ([admission controller](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/))
3333
* runtime (agent collecting telemetry from nodes)
3434

3535
Interestingly, the core application can run on a single node, using a single
3636
Postgres instance (up to 300GB); vertically scaled to (in the order of) 32
37-
cores, 64GB RAM. While this can be a bottleneck, clusters up to 3000 nodes and
38-
40,000 cores are well supported by the application.
37+
cores and 64GB RAM. While this can be a bottleneck, clusters up to 3000 nodes and
38+
40,000 cores are currently well supported by the application.
3939

4040
Some compute intensive parts of the application include the database, spikes
4141
from user queries, long running queries or analytics.
4242

4343
StackRox will use other tools, such as [falco](https://falco.org/)
44-
([source](https://github.com/falcosecurity/falco)).
44+
([source](https://github.com/falcosecurity/falco)) for event [monitoring](https://falco.org/docs/#what-does-falco-check-for).
4545

4646
> At its core, Falco is a kernel monitoring and detection agent that observes
4747
> events, such as syscalls, based on custom rules. Falco can enhance these
@@ -63,10 +63,11 @@ We briefly looked at [criu](https://criu.org/Main_Page):
6363
> this functionality, application or container live migration, snapshots,
6464
> remote debugging, and many other things are now possible.
6565
66-
...
67-
6866
More on that topic:
6967

7068
* [Forensic Analysis of Container Checkpoints - DevConf.CZ 2023](https://www.youtube.com/watch?v=pySOkAqlGtY)
7169
* [Forensic container checkpointing and analysis](https://www.youtube.com/watch?v=hpoWOc8QAzU) (ASG23)
7270

71+
Thanks again to
72+
[Simon](https://www.linkedin.com/in/simon-b%C3%A4umer-a61042177/) for the great
73+
high-level archtectural overview.

0 commit comments

Comments
 (0)