Cloud Native News - CNN22
Terraform provider for K8s resources, Liz Rice Container Security Book, EKS best practices guide for security, Helm project report
CNCF & Community
- Why is Kubernetes getting so popular?
Kubernetes got named on place three of the Stackoverflow Developer Survey, but why it get so popular this days? - Docker expands relationship with Microsoft to ease developer experience across platforms
“The idea of the integration is to make it easier, faster and more efficient to include Docker containers when developing applications with the Microsoft tool set” - My exciting journey into Kubernetes’ history
Sascha is part of the SIG Release as Release Manager, and spend the last months to use data science tools to unveil the secrets out of over 90.000 issues and PRs for the K8s repo. - Helm Project Journey Report
The Helm Project Journey Report sums up the development of Helm over the past years. As the most famous package manager for K8s, it is downloaded over 2m times per month, build on the shoulders of over 13k contributors. - An Introduction to the K8s-Infrastructure Working-Group
In 2019, the K8s-Infrastructure Working-Group was officially founded. The group took over Kubernetes tooling and operation from Google to the community. This article is the beginning of a small series about the WG and its achievements.
Processes / Guides / Articles
- Highly available Kubernetes with batteries for small business
“Kindie (Kubernetes Individual) is an opinionated Kubernetes cluster setup for individuals or small businesses.” While it might not necessarily be “production-ready” for you (does a small business even need Kubernetes?), it is still an excellent case study for bare-metal cluster setup. - How We Built SELinux Support for Kubernetes in Gravity 7.0
The result of this work is a base Kubernetes cluster policy that confines the services (both Gravity-specific and Kubernetes) and user workloads. - Amazon EKS Best Practices Guide for Security
While EKS certainly enables you to create production ready Kubernetes clusters, AWS shared responsibility model leaves a big bunch of security configuration up to the user (for good reason!). Though, their “EKS Best Practices” site have valuable recommendations to make a cluster bullet proof. - Kubernetes Apply vs. Replace vs. Patch
As the article proofs, there seems to be some confusion about what each does and when to use apply, edit, patch, and replace. David Dooling gives a bit of explanation when to use which operation. - How VOI went DARK
Operating Grafana as a stateless application and feeding it with Dashboards from a configmap is nothing new. DARK now allows us to define dashboards as custom resources and therefore store and version Dashboards in a Kubernetes-native way. - Helm 3, the Good, the Bad and the Ugly
Banzai Cloud diggs into some details of their experience in transitioning between Helm 2 to Helm 3 and of using Helm as a Kubernetes release manager.
Tools
- IcePanel
Visualize dependencies of your Kubernetes resources with this VSCode plugin. It parses your Helm or YAML manifests and draws a beautiful dependency graph. Great for those more complex helm charts! - Every AWS Service in one sentence
“Currently, there are 163 (!) different services that are available from the Amazon Dashboard, each with their way of working, difficulties, catches and best practices.” - This attempts to summarize them in one sentence. - KubiScan
is a tool for scanning Kubernetes cluster for risky permissions in Kubernetes’s Role-based access control (RBAC) authorization model - HashiCorp launches a new Terraform provider for Kubernetes
and supports all API resources in a generic fashion. Currently, it is in an alpha/experimental stage, so that the HashiCorp team would be happy about feedback! - Terraform v0.13.0
The next version Terraform will finally support functions likefor_eachordepends_on.
Book
Security specialist Liz Rice wrote a new book about Container Security. Her company Aqua lets you trade personal information for a branded PDF copy or you can buy it at O’Reilly.
Container Security
To facilitate scalability and resilience, many organizations now run applications in cloud native environments using containers and orchestration. But how do you know if the deployment is secure? This practical … - Selection from Container Security [Book]
Liz RiceToday I’m starting a new YouTube channel with a mini-series on Kubectl Plugins and Krew.
— ahmet alp balkan (@ahmetb) May 27, 2020
I’m shooting 15 bite-size videos each around 2-5 mins, showing you how to use/develop plugins!
Watch my intro: https://t.co/Lyi3WAJs3p, and my first episode below!
Photo by Dayne Topkin on Unsplash