Cloud Native News - CW11

CNCF & Community

• CNCF starts new artifact hub‌‌
  "The CNCF Hub is currently in pre-alpha stadium, but aspires to become a central place for Kubernetes users to find packages and configurations.". You can find it here.

Editorital

• How Visa built its own container security solution
  "The homegrown solution takes advantage of the native capabilities that already exist on container orchestration platforms and is primarily built on top of open-source tools and libraries."
• Open Policy Agent’s Mission to Secure the Cloud
  "OPA is an open-source tool that enables the enforcement of a wide range of policies across domains and all layers in the stack. This policy engine supplies users with greater control over their environment while eliminating the need to write a different policy language, API, or model for each product and service."
• Our migration journey from AWS to Google Cloud — Part 1‌‌
  Migrating a Ruby Application from EC2 and AWS Aurora MySQL to Google Kubernetes Engine and Google Cloud SQL. The Application is now operated in an Istio service mesh.
• OpenShift is Kubernetes‌‌
  Burr Sutter has produced a video explaining how Kubernetes and OpenShift  relate to one another, and why OpenShift is Kubernetes, not a fork  there of.

Processes

• Using EKS encryption provider support for defense-in-depth
  EKS now supports using a master key stored in AWS KMS to encrypt Kubernetes Secrets. The master key is utilized for data key generation in the Kubernetes API server, that in turn are used to encrypt/decrypt sensitive data stored in Kubernetes secrets.
• Helping You and Your Development Team Build and Ship Faster‌‌
  Docker just launched a Container Roadmap.
• Redefining extensibility in proxies - introducing WebAssembly to Envoy and Istio‌‌
  "It allows adding functionality to the Envoy proxy without recompiling it, without forking, and without difficult rollouts. Istio can distribute extensions to proxies and load them without even restarting. This really brings together the best of both worlds in terms of extensibility—choice of language and great performance." - from the Google Open Source Blog
• NTP in a Kubernetes cluster
  ‌‌"I was curious if it is possible to run NTPD using openntpd in the Kubernetes cluster."
• What makes a good Operator?‌‌
  While Operators mature best practices emerge. This articles covers some of them like "One Operator per managed application" or "do not hard-code namespaces".
• What Is A Service Mesh?
  Mohamed Ahmed's take on explaining the origins and need for Service Meshes. Pretty good Introduction.
• A ‘No-BS’ Checklist for Kubernetes‌‌
  "All of the “must-haves” for a future-ready Kubernetes strategy are included in the list."
• Rego design principle #1: Syntax should reflect real-world policies‌‌
  "In this multi-part post we lay out the results of that journey — the key  design principles for Rego, why they’re important, and how they  influenced the language. This is not intended to be an introduction to  Rego but rather an explanation of the key principles it was founded on."

Tools

• Admission Control: A helpful micro-framework for Kubernetes
  "Admission Control (GitHub)  is a micro-framework written in Go for building and deploying dynamic  admission controllers for your Kubernetes clusters. It reduces the  boilerplate needed to inspect, validate and/or reject the admission of  objects to your cluster, allowing you to focus on writing the specific  business logic you want to enforce."
• Bottlerocket‌‌
  An operating system designed for hosting containers; Amazons answer to Flatcar Linux and the recently deprecated CoreOS Container Linux.
• Connecting AWS managed services to your Argo CD pipeline with open source Crossplane
  "Crossplane’s functionality can be included in your CI/CD pipeline, giving a singular approach to defining and deploying any resource, whether that resource is Kubernetes-native or a component of a managed service."
• statusbay‌‌
  Kubernetes deployment visibility "like a pro".
• Amazon EKS unterstützt jetzt Kubernetes Version 1.15‌‌
  While Kubernetes 1.18 is right around the corner, AWS EKS now supports 1.15 with their managed service.
• D2iQ Delivers CI/CD Platform for Kubernetes‌‌
  Dispatch combines a range of open source tools including the Argo workflow engine, Kudo toolkit for building Operators and Tekton pipelines to create a CI/CD platform that strikes a balance between accelerating productivity and being mildly opinionated about how DevOps workflows should be constructed

Photo by Aleks Dahlberg on Unsplash