Cloud Native News - CW14
A lot is going on this week in the open source community, new projects joining the CNCF, new member support the development and integration of cloud native tools and a new SIG is in its forming process.
A lot is going on this week in the open source community, new projects joining the CNCF, new member support the development and integration of cloud native tools and a new SIG is in its forming process. In addition to that we have a long list of interesting articles, checkout the capabilities of the new K8s topology manager, the impact of operators and learn how to use Ansible for Kubernetes.
CNCF & Community
- #CloudNativeSummit gathers CNCF projects, SIGs, and working groups to update each other on the latest cloud native technologies, updates on CNCF projects, and hands on technical sharing. Save the 7th of April.
- SIG Observability
A new SIG is in its forming process: SIG Observability focuses on topics pertaining to the observation of cloud native workloads. Goals are the creation of supporting material and best practices for end-users, provide guidance and coordination for CNCF projects working within the SIG’s scope. - Kubernetes Event-driven Autoscaling (KEDA)
Keda is now an official CNCF Sandbox project 🎉. KEDA serves as a Kubernetes Metrics Server and allows users to define autoscaling rules using a dedicated Kubernetes custom resource definition. It integrates with the Horizontal Pod Autoscaler and has no external dependencies. - HashiCorp Joins the CNCF
HashiCrops goal is improving the integration of their tooling with Kubernetes and other CNCF projects. We definitely advocate for joining the CNCF it. - CNCF projects surpass one billion lines of code: A Q&A with DevStats creator Łukasz Gryglicki
DevStats "... downloads several petabytes of data representing every public GitHub action of the last six years, and throws out nearly all of it except for the ~1,400 repositories of CNCF-hosted projects. It processes the data and stores it in a Postgres database, and downloads updated data every hour.".
Processes / Guides / Articles
- They told me I could be anything, so I became a Kubernetes node – Using K3s for command and control on compromised Linux hosts
In CNN #9 we covered a Talk of Ian Coldwater and Brad Geesaman about Advanced Persistence Threats: The Future of Kubernetes Attacks. This article digs into the technical implementation of using K3S as a C2 to remotely control compromised Linux machines. - Challenges using Prometheus at scale
While Prometheus emerged as a defacto standard for visibility in Cloud-Native, it is still relatively hard to operate it at scale. Sysdig explains some challenges on the way to scale to production needs. - Evaluating Predictive Autoscaling in Kubernetes
Jamie Thompsons writeup comparing the Horizontal Pod Autoscaler with his implementation of a Predictive Horizontal Pod Autoscaler. - Edge Computing Requires Cloud Native Thinking Today
"Using Kubernetes and other cloud native technologies to run edge computing is required to make the operational and business models work, but it is still in its infancy. Getting involved today puts you on the ground floor to shape this exciting future." - Kubernetes Topology Manager Moves to Beta - Align Up!
The Topology Manager is a novel mechanism for resource allocation decisions within Kubernetes. This article sheds some light. - Provisioning cloud resources (AWS, GCP, Azure) in Kubernetes
"You can create and connect to managed cloud resources from Kubernetes using the Service Catalog, a tool such as Kubeform or cloud-specific operators such as Config Connector and AWS Operator Service." - How to Secure Your Kubernetes Cluster on GKE
Deploying a default GKE is pretty easy. Though, easy is rarely secure. Lewis Marshall gives some GKE security recommendations. - NATS Messaging - Part 1
A series of posts about messaging patterns and implementing them with NATS. - With Kubernetes Operators comes great responsibility
An article covering some of the security implications of creating an Operator. The digest: "Be sure to review the permissions required by Operators that you are deploying to all namespaces and never allow an unprivileged user to read secrets in a namespace that has a cluster-wide Operator deployed."
Tools
- Introducing Gruntwork’s AWS Landing Zone Solution
AWS Account setup is hard. There are quite a few Landing Zone solutions out there. This is Gruntworks, based on Terraform and designed for security! - PromCat: A resource catalog for enterprise-class Prometheus monitoring
"PromCat is a resource catalog in which you can find curated, documented and supported monitoring integrations for Kubernetes platforms and cloud-native services." - Rancher release 2.4
They now support 2000 clusters, 100,000 nodes, full management of imported K3S clusters, CIS scans. Also OPA integration in preview. - Kpt
Google announced a new tool for Kubernetes packaging, which uses a standard format to bundle, publish, customize, update and apply configuration manifests. This is the official site. - Improvements to the Ingress API in Kubernetes 1.18
1.18 Ingresses introducepathType,IgressClassand wildcards in hostnames. - Kupie
Kupie aims to improve management of multiple cluster configs. In contrast to kubectx or kubens it doesn't mess with your kubeconfig.
Videos, Audios and Specials
- A hacker has wiped, defaced more than 15,000 Elasticsearch servers
Ooops... - Ansible for Kubernetes by Jeff Geerling Free until end of April
As covered in CNN #12, Jeff Geerling was giving away his Devops/Kubernetes with Ansible books in March. Due to the sponsorship of Device42, this offer has been extended for another month, to the end of April! - WireGuard® 1.0 for Linux 5.6
Not specifically “Cloud-Native”, but noteworthy: Wireguard® and its availability in the 5.6 version of the Linux Kernel will most likely influence how we will do secure networking. Tailscale is just one example of whats possible with Wireguard®.
Photo by Mike Erskine on Unsplash