Cloud Native News - CNN48
About challenging decisions that come with Gitops, a lot of thoughts about Service Discovery and security threats for containers and Kubernetes...
Observability
- First-class Kubernetes Integration for Vector
Vector is the one-stop-shop to collect, transform, and route your logs, metrics, and events. The observability collector powerhouse comes now as Kubernetes first-class integration. But this is just the beginning; the dev team also announced to do further integrations regarding OpenTelemtry and features in combination with Prometheus.
Storage
-
Scaling Datastores at Slack with Vitess
MySQL is a fundamental part of the Slack architecture. With Slacks growing success, also its database demands grew, so they needed to move from three single nodes on to Vitess. The slack engineering team summarized their story and learnings, and give you an insight on how to move from active-active DBs sets to global distributed Vitess clusters. -
An introduction to the Raft consensus mechanism
This visualization gives you a perfect introduction to the raft consensus mechanism and logs replication, making it so resilient for dynamic environments.
Containers & Orchestration
- Kubernetes will drop Docker, here is why you shouldn't panic
To be precise, Docker is not CRI compliant, and therefore the community build dockershim, which integrates Docker with K8s. The docker shim lately experienced poor support, and consequently, the team decided to drop this "workaround". However, Docker's container images will still work as Docker wraps containerd, which is also a CRI compliant runtime.
Follow this FAQ for answers to even more questions.
Development
- GitOps Decisions
GitOps is an exciting trend that can solve real problems at scale. Like with most trends, there is not much maturity in the area, and there are plenty of approaches on how to implement GitOps. This article raises a few questions that you will encounter during implementation.
Security
- Threat Alert: Fileless Malware Executing in Containers
Aqua detected a fileless malware attack that executes/runs from container memory. It can only be detected by dynamically scanning images before deploying. - CVE-2020-8554: Man in the middle using LoadBalancer or ExternalIPs
"An attacker that is able to create a ClusterIP service and set the spec.externalIPs field can intercept traffic to that IP. [...] This issue is a design flaw that cannot be mitigated without user-facing changes."
Networking
- Service discovery in Kubernetes - combining the best of two worlds
"Kubernetes goes even further and provides a very reliable and elegant solution for the in-cluster service discovery and load balancing problems out of the box."
Photo by Marvin Meyer on Unsplash