Cloud Native News - CW13
Kubernetes v1.18 is released, KubeCon EU will be in summer, getting introduced to dgit and panther
KubeCon/CloudNativeCon Europe was supposed to happen upcoming week in Amsterdam. Due to the COVID-19 pandemic CNCF postponed the conference to August. However, some KubeCon sponsors start virtual summits & conferences, for example D2IQ has his Cloud Native Virtual Summit on 1st of April featuring Kelsey Hightower and Liz Rice.
Kubernetes v1.18 is released! We selected some of our favourite features in this previous post. Now it's time to upgrade our clusters.
CNCF & Community
- KubeCon/CloudNativeCon Europe is posponed to the 13th-16th of August
- Helm requested/started the graduation process to do its very earned step from incubating to graduated. Every wondered what are the criterias for each of these graduations? The CNCF TOC summarized the outline in its latest version short and crisp.
- Kubernetes Release Team for v1.19 is slowly grouping up for the next release cycle, if you are interested in contributing keep your eyes and ears open!
- Knative Crowds out Other Serverless Software (and Other CNCF Survey Takeaways)
Another evaluation of the CNCF Survey (we reported in CW10. Another, interesting take on the data.
Processes / Guides / Articles
- 14 Kubernetes interview questions: For hiring managers and job seekers
Looking for inspiration to improve your Kubernetes talent search? This article gives some ideas - please just don't use the same questions ;) - Pentesting a banking FTP service
It is 2020 and banks still seem to rely on FTP for syncing files between large financial entities in order to track, for instance, foreign banks' cash withdrawal. Scary. - Serverless Service Mesh with Knative and Linkerd
Knative lets you use LinkerD instead of Istio. Whoop whoop! - Speeding up Linux disk encryption
"Encrypting data at rest is vital for Cloudflare with more than 200 data centres across the world. In this post, we will investigate the performance of disk encryption on Linux and explain how we made it at least two times faster for ourselves and our customers!" - I also recommend the Hacker News discussion on this topic. - Build a scalable, online recommender with Keras, Docker, GCP, and GKE
"With new open-source technology, it is now easier than ever to build scalable, AI-powered content-based product recommendations, with highly personalized suggestions." - Quality of Service and OOM in Kubernetes
"First, we go through the different quality of services that a pod can fall into, and then analyze how going over container and node memory limits affect your containers." - diving a bit deeper into pod/container resource limits. - Kubernetes secrets
"First, we go through a quick review of the architecture, explore how the values are stored in Kubernetes’ datastore, and then finally, look into how the kubelet deals with secrets in a node." - Setting up a ProxySQL Sidecar Container
"The sidecar design pattern is an easy solution to SPOF (single point of failure) because each application container gets its very own ProxySQL. For applications that are already containerized this is a simple and effective approach." - A Guide On The Installation Of Spinnaker in Kubernetes Cluster
"Installation of Spinnaker in a kubernetes cluster using Halyard. Halyard is a command-line administration tool that manages the lifecycle of your Spinnaker deployment, and it's a recommended way to install, configure and update Spinnaker." - Amazon's Arm-based Graviton2 Against AMD and Intel: Comparing Cloud Compute
The tl;dr: you should run your code on ARM infrastructure, as it is much cheaper. - Using UBI images to minimize container vulnerabilities
UBI Images are "... nearly identical to Red Hat Enterprise Linux images, which means they have great security, performance, and life cycles. [...] — It’s possible to build a containerized application using UBI, push it to any registry server, easily share it with others – and because it’s freely redistributable — even deploy it on non-Red Hat platforms."
Tools
- A Bit Quarky Kubernetes Release 1.18
We covered the most interesting features in a blog post. - panther
Detect threats with log data and improve cloud security posture https://runpanther.io/ - Hacker News discussion. - dgit
Git is decentralized. Git is awesome. Why is everyone using a centralized server to host it? - Writing Kubernetes network policies with Inspektor Gadget’s Network Policy Advisor
Writing network policies isn't easy. Kinvolks tool "Inspektor Gadget" (kudos for the awesome name!) now has functionality to trace network traffic and generate NWPs for your application. - spanner.fyi
Jaana Dogan (also known for 'Go, the unwritten parts') is joining the Google's Cloud Spanner team and will use this medium to document her day-to-day work on the team to share insights about Spanner. - mkit
"MKIT is a Managed Kubernetes Inspection Tool that validates several common security-related configuration settings of managed Kubernetes cluster objects and the workloads/resources running inside the cluster." by Darkbit - fahclient
Remember Folding@home? This client has NVIDIA GPU support.
Videos, Audios and Specials
- The Magical Aqua World
The current lock down is hard not only for all the families. Aqua published this drawing book for the little ones.
Hard at work testing eBPF NodePort by running @ioquake3 server behind Cilium eBPF NodePort.#WFHHappyHour pic.twitter.com/VYMH1Peo72
— Cilium (@ciliumproject) March 27, 2020
Photo by Daniel Cheung on Unsplash