Airship 1.0 steers towards secure cloud provisioning

By Julia Schmidt
-
Airship 1.0 steers towards secure cloud provisioning

The community behind OpenStack Foundation supported Airship, a collection of tools for configuring, deploying, and maintaining Kubernetes environments, has released its first major version. Airship 1.0 features security and resiliency improvements over earlier versions, with additional continuous integration and tooling enhancements.

In the last couple of months, Airship has been fitted with etcd backup functionality and better liveness and readiness probes, which are meant – along with additions to MaaS services and networking – to improve the system’s resiliency. Chart linting gates and automation to uplift Airship and OSH components in versions.yaml to the latest master have been included to facilitate a smoother continuous integration process.

The containerisation community’s growing focus on security hasn’t gone unnoticed either, which is why the platform now comes with Kubernetes audit logging and user context tracing, and support for etcd encryption. Airship now also leverages OpenStack-Helm network policy primitives, Kubernetes PodSecurityPolicy admission controllers, and Linux capabilities and pod security contexts for privileged operations.

Moreover it implements admission controller best practices, while HTTP security headers have found their way into the Shipyard API, and document aggregator Pegleg now sports support for YAML encryption at rest in Git repos and random secret/PKI generation amongst other security related enhancements.

To make the adoption of the project easier, the Airship team added a simple definition for getting started, expanded the documentation for individual Airship projects, and added ops-focused guides for configuration updates and troubleshooting.

Meanwhile learning development and gating environment Airskiff’s development and test environments have been aligned with the Treasuremap globals, which should give devs a leg-up when starting off with Airship.

Airship has been an OpenStack Foundation pilot project since May 2018, with the team actively working on getting a production-ready version together for about the same time. It is currently made up of twelve components, and specifically focuses on an implementation of OpenStack on Kubernetes.

The Airship code is protected under the Apache License Version 2.0 and can be found on repository management platform OpenDev.

AWS combines "building block" blueprints with CodeCatalyst for rapid project creation including DevO...
Atlassian takes another step toward full DevOps automation
Podman 5.0 released with native Mac hypervisor support, new features and breaking changes
GitHub autofix progresses to public beta: insecure code corrected with AI, but only for enterprise
Fermyon promises over 5000 WebAssembly applications on one Kubernetes node via new platform
Secret leakage in public GitHub repositories increasing, claims new report
Test launch of TEA open source reward project clouded by repository spam attack 
From Docker to Dagger: Solomon Hykes on modernisation of the DevOps pipeline
Kubecost 2.0 released as reports show persistent Kubernetes over-provisioning
Docker introduces Build Cloud for accelerated local development
Enterprises struggle with Agile methodology, reports long-standing survey of practitioners
Spotlight on GitHub self-hosted runners again as researcher demonstrates attack on PyTorch code