Cloud Native News - CNN18

CNCF & Community

• Helm reaches the final letter of the CNCF projects and graduated. The package manager for Kubernetes deployments is used by over 70% of all projects and gained additional adoption with its Helm 3 release.
• KubeCon + CloudNativeCon will be a virtual event
  One of CNCFs main events this year will take place virtually from August 17-20, 2020. We are happy, that it won't be canceled in spite of the adverse situation and are excited for the new virtual experience!

Processes / Guides / Articles

• Infrastructure monitoring with Prometheus at Zerodha
  Zerodha explains their monitoring stack for a hybrid on-prem / AWS infrastructure. They set up a HA Prometheus cluster across the bare metal and Kubernetes clusters. They chose Victoria Metrics for long-term storage of metric data and developed quite a few metric exporters to collect all sorts of systems information.
• Tagging Docker Images for Fun and Profit
  Major.Minor.Patch is not always sufficient for tagging Containers. Most often we see using the PATCH version as some kind of “build number”, even if a breaking change is introduced. I like to see, that others also like to incorporate the Git hash to the tag, as this gives a direct relation to the actual code that is running. I’m doing this for my private stuff for a couple of years.
• Packaging LXD for Arch Linux
  Morten Linderud explored what it takes to bring Canonicals Container Manager LXD to Arch Linux (and potentially other Distros). Interesting read!
• How does a TCP Reset Attack work?
  "A TCP reset attack is executed using a single packet of data, no more than a few bytes in size. A spoofed TCP segment, crafted and sent by an attacker, tricks two victims into abandoning a TCP connection, interrupting possibly vital communications between them."
• Simulating Clock Skew in K8s Without Affecting Other Containers on the Node
  Clock skew refers to the time difference between clocks on nodes within a network. Containers usually inherit the time of their Host, so how to simulate clock skew between containers on the same host?
• Paxos vs Raft: Have we reached consensus on distributed consensus?
  Wouldn't we need a third consensus algorithm to reach consensus? 🤪
• WireGuard on K8s (road-warrior-style VPN server)
  Having Wireguard in the Linux Kernel offers new possibilities! Stephen Levine shows us how easy it is, to have a WireGuard server within Kubernetes without adjusting the node. All we need is `NET_ADMIN` security capability.
• Why Testing is No Longer Sufficient for Cloud-Native Pipelines by Alex Zhitnitsky about why the move of innovating at speed and scale is stressing software quality and exposing the limitations of testing.
• Kubernetes state management with Pulumi and Python
  Pulumi recently gets quite some traction. It seems to solve some issues people see in Terraform. Since the latest major release, Pulumi even supports Go. I'm intrigued will give it a try in the upcoming days.
• Encrypting and storing Kubernetes secrets in Git
  This is a walkthrough of how you can store secret information encrypted in Git and use Kubeseal for decrypting it within Kubernetes.
• Why strace doesn't work in Docker
  Spoiler: strace does work in newer versions of Docker. However, it is still interesting why it doesn't in versions before Docker 19.03.

Tools

• clientgofix
  A tool for adjusting k8s.io/client-go invocations for k8s.io/client-go v0.18.0+ versions. It can be run on a codebase before or after updating the k8s.io/client-go dependency.
• Vitess 6 released
  Improving SQL support, utilizing the Kubernetes topology manager reducing  etcd dependencies and finally moving VReplication Workflow to GA.
• Announcing Flatcar Linux Support on vSphere
  "With VMware and Kinvolk’s collaboration to bring Flatcar Container Linux to vSphere, Flatcar is a supported path forward for CoreOS users."

Videos, Audios and Specials

• Borg: The next Generation
  Here you can find slides as well as the paper.

Read of the Week

In the past few years, going cloud native has been a big advantage and adventure for many companies. But there are complex technologies to get right, especially for enterprises with critical legacy systems. This practical hands-on guide examines effective architecture, design, and cultural patterns to help you transform your organization into a cloud native enterprise—whether you’re moving from older architectures or creating new systems from scratch.

Cloud Native Transformation

In the past few years, going cloud native has been a big advantage for many companies. But it’s a tough technique to get right, especially for enterprises with critical legacy … - Selection from Cloud Native Transformation [Book]

O’Reilly Online LearningPini Reznik, Jamie Dobson, Michelle Gienow

Photo by Honey Yanibel Minaya Cruz on Unsplash