Cloud Native News - CNN21

CNCF & Community

• Open Policy Agent Survey Summary
  The survey reveals that OPA is used for multiple purposes: besides controls within K8s, application authorization is becoming an increasingly relevant domain.
• Red Hat, AWS Launch Managed Kubernetes Service
  The new managed Red Hat OpenShift service will allow customers to deploy fully operational and managed Red Hat OpenShift clusters by “leveraging the full breadth and depth of AWS.”
• Kubernetes Release Cycle for v1.19 got extended by 4-5 weeks
  To give the development teams an not so tight time plan in these difficult times. The release is expected to happen now at the 04.08.2020.

Processes / Guides / Articles

• You don't need an image to run a container
  We already covered Ivan Velichko articles in one of our last issues. He continuous to investigate and explain inner workings of container technologgy. Every wondered what happens behind the curtains of an image build?
• How to describe 100 Gitlab jobs in 100 lines using Jsonnet
  While HELM helps specifically for Kubernetes manifests, JSONNET is a more general approach to help generating complex JSON (which then can easily be transformed to YAML).
• The Past, Present, and Future of API Gateways
  "The edge has evolved from simple hardware load balancers to a full stack of hardware and software proxies that comprise API Gateways, content delivery networks, and load balancers. In this article, we’ll trace the evolution of the data center edge as application architecture and workflows have evolved."
• Improving the Prometheus exporter for Amazon CloudWatch
  In the context of their Prometheus solution, Sysdig improved YACE (Yet Another CloudWatch Exporter) to increase its stability, prevente API throttling (na who knows what I'm talking about? :D) and optimizing API calls to reduce the costs of the AWS Cloudwatch metrics usage. This is a walkthrough on how they achieved this.
• What a typical 100% Serverless Architecture looks like in AWS!
  "We recommend to go full AWS with event-driven micro-services written in Typescript", hi vendor lock-in!
• The case of the missing DNS packets: a Google Cloud support story
  A customer support ticket reporting unfunctional DNS. Well written and reads like a criminal case!
• There’s More to GitOps Than Meets the Eye
  "Cloud-native operations is a set of practices that allow us to manage highly distributed software that is experiencing constant change."
• Canary deployment with ArgoCD
  Partial rollouts based on metric checks will be the new standard. Argo provides an easy to use interface to deploy with confidence.
• How to run Jenkins agents with cross-account ECR images using instance roles on EKS
  "We all have a love and hate relationship with Jenkins" - I couldn't agree more. Guilherme Souza wanted one AWS account holding all his images in ECR and enable another one to to run Jenkins agents based on it. Turns out it is less intuitive than you might think!
• Continuous GitOps, the way to do DevOps in Kubernetes
  "This blog is an attempt to demystify the Why? What? and How? of 'Continuous GitOps'."
• Ambassador: Quay.io outage and switching to the Docker Hub container registry
  After several hours of outage if the container registry Quay, Ambassador now moved all their images to Dockerhub.
• Kubernetes Security 101: Risks and 29 Best Practices
  A highlevel introduction to most relevant Kuberentes security measures.

Tools

• Grafana 7
  The latest release comes with an optimized UX/UI, Tracing support for Jaeger, and support for AWS CloudWatch Logs. It now furthermore allows simple data transformations to get more out of your data and an advanced plugin platform.
• Loki v1.5.0
  With its latest release, Loki removes its dependency on a separate index store like DynamoDB or Cassandra. It now allows you to run Loki with only an object store (S3, GCS, Filesystem, etc.)! Awesome achievement!
  https://grafana.com/go/grafanaconline/loki-future/
• Cortex v1.1
  Cortex now supports the Prometheus /api/v1/metadata API and regular expression selectors with many chained OR cases, which Grafana likes to use.
• Istio 1.6
  Continuous its path on increased simplicity and closed this transition now by removing separate deployments for Citadel, the sidecar injector, and Galley and replaces them by istiod.
• GitLab released another round number with v13
  The new release brings Gitaly Clusters, Epic Hierarchy on Roadmaps, and Auto Deploy to ECS.
• loginsrv
  Is a standalone minimalistic login service providing a JWT login for multiple login backends.

Photo by Екатерина Король on Unsplash