Cloud Native News - CW15

CNCF & Community

• TOC Welcomes Argo into the CNCF Incubator
  "In joining CNCF, the Argo team will continue to grow the Argo community by focusing on the continuous and progressive delivery of microservice and machine learning applications (MLOps) on Kubernetes."
• CNCF looking for Release Team Member
  The Kubernetes v1.19 release cycle is going to start, and the release team is look for helping hands. Tracking enhancements, working on the CI, document the changes or support teams communicating newest features, where do you can support?
• k8s.gcr.io moving from gcr.io/google-containers to gcr.io/k8s-artifacts-prod in early April
  Moving Kubernetes Images away from Google Infrastructure to Community-owned Infra is planned since 2017!
• Introducing A New Tool to Make Finding Your Favorite CNCF Videos Easier
  CNCF has added a new powerful search and indexing tool for our YouTube channels. Please follow this way for some CNCF-Cinema highlights ;)

Processes / Guides / Articles

• Embrace and Replace: Migrating ZooKeeper into Kubernetes
  HubSpot recently migrated hundreds of ZooKeeper instances from individual server instances to Kubernetes without downtime. Their approach used Kubernetes features like endpoints to ease the process. In this post HubSpot shares a high level outline of their approach.
• Saving Cloud Costs with Kubernetes on AWS
  This article guides how to clean your cluster from unused resources, scale down during non-work hours, using horizontal autoscaling, use AWS Spot instances as well as reduceing resource slack.
• Docker Images : Part III - Going Farther To Reduce Image Size
• Kubernetes 1.18 Feature Server-side Apply Beta 2
  Server-side Apply enables new features like conflict detection, so the system knows when two actors are trying to edit the same field. The most common way to use this is through kubectl: kubectl apply --server-side.
• Your own Kubernetes controller - Improving and deploying
  This is part three of Nicolas Fränkels series about creating an own Controller in Java. We already covered part 1 and 2 in previous editions of CNN!
• Controlling outbound traffic from Kubernetes
  It is always a great idea to do everything to keep malicious software from your cluster. Even the bad guys made it: don't let them communicate home!
• Attack matrix for Kubernetes
  Microsoft came up with this list of Kubernetes attack vectors. Their approach is based on the MITRE ATT&CK framework and is a great starting point for an overview and prioritization for mitigation of those.

Tools

• Cortex v1.0 released: The highly scalable, fast Prometheus implementation is generally available for production use
  A release I'm particularly excited about! This brings production grade documentation, ready-to-use Grafana Dashboards and Prometheus alerts, backwards compatibility guarantees.
• Introducing Sidekick - A High Performance Load Balancer
  "While some of the software-defined load balancers like NGINX, HAProxy, and Envoy Proxy are full-featured and handle complex web application requirements, they are not designed for high-performance, data-intensive workloads." - this is Sidekick aiming to fix.
• Amazon Elastic Container Service now supports Amazon EFS file systems
  "This new capability will help customers containerize applications that require shared storage such as content management systems, internal DevOps tools, and machine learning frameworks. A whole new set of workloads will now enjoy the benefits containers bring [...]"
• aind
  AinD launches Android apps in Docker, by nesting Anbox containers inside Docker. Unlike VM-based similar projects, AinD can be executed on IaaS instances without support for nested virtualization. This allows Android compatibility (via cloud) for iOS and Windows tablets
• Tekton goes beta🎉
  Finally the hidden champion behind many initiatives and platforms moves to beta, without the clumbsy PipelineResources . The functionalities are now covered by git-clone, pullrequest and workspaces. Get started with an interactive session and get your hands on Tekton!
• Alcide published sKan
  An open source tool for scanning Kubernetes resource files, and helm charts for security configurations issues and best practices. It's supposed to support developers and DevOps in their work process to make security checks easier.

Read of the Week

Google released their third book on Site Reliability Enigneering "Building Secure and Reliable Systems" for free. It is written by Heather Adkins, Paul Blankinship, Ana Oprea, Piotr Lewandowski, Adam Stubblefield and - as the two before - also edited by Betsy Beyer.

This nearly 500 pages strong bible of modern systems design/building/operating brings together cloud native approaches and best practices used at Google. Not saying it is a blue print for every company, but it is definetly a good read during the easter holidays!

Photo by Daniel Cheung on Unsplash