Cloud Native News - CNN22

CNCF & Community

Processes / Guides / Articles

  • Highly available Kubernetes with batteries for small business
    “Kindie (Kubernetes Individual) is an opinionated Kubernetes cluster setup for individuals or small businesses.” While it might not necessarily be “production-ready” for you (does a small business even need Kubernetes?), it is still an excellent case study for bare-metal cluster setup.
  • How We Built SELinux Support for Kubernetes in Gravity 7.0
    The result of this work is a base Kubernetes cluster policy that confines the services (both Gravity-specific and Kubernetes) and user workloads.
  • Amazon EKS Best Practices Guide for Security
    While EKS certainly enables you to create production ready Kubernetes clusters, AWS shared responsibility model leaves a big bunch of security configuration up to the user (for good reason!). Though, their “EKS Best Practices” site have valuable recommendations to make a cluster bullet proof.
  • Kubernetes Apply vs. Replace vs. Patch
    As the article proofs, there seems to be some confusion about what each does and when to use apply, edit, patch, and replace. David Dooling gives a bit of explanation when to use which operation.
  • How VOI went DARK
    Operating Grafana as a stateless application and feeding it with Dashboards from a configmap is nothing new. DARK now allows us to define dashboards as custom resources and therefore store and version Dashboards in a Kubernetes-native way.
  • Helm 3, the Good, the Bad and the Ugly
    Banzai Cloud diggs into some details of their experience in transitioning between Helm 2 to Helm 3 and of using Helm as a Kubernetes release manager.

Tools

  • IcePanel
    Visualize dependencies of your Kubernetes resources with this VSCode plugin. It parses your Helm or YAML manifests and draws a beautiful dependency graph. Great for those more complex helm charts!
  • Every AWS Service in one sentence
    “Currently, there are 163 (!) different services that are available from the Amazon Dashboard, each with their way of working, difficulties, catches and best practices.” - This attempts to summarize them in one sentence.
  • KubiScan
    is a tool for scanning Kubernetes cluster for risky permissions in Kubernetes’s Role-based access control (RBAC) authorization model
  • HashiCorp launches a new Terraform provider for Kubernetes
    and supports all API resources in a generic fashion. Currently, it is in an alpha/experimental stage, so that the HashiCorp team would be happy about feedback!
  • Terraform v0.13.0
    The next version Terraform will finally support functions like for_each or depends_on.

Book

Security specialist Liz Rice wrote a new book about Container Security. Her company Aqua lets you trade personal information for a branded PDF copy or you can buy it at O’Reilly.

Container Security
To facilitate scalability and resilience, many organizations now run applications in cloud native environments using containers and orchestration. But how do you know if the deployment is secure? This practical … - Selection from Container Security [Book]

Photo by Dayne Topkin on Unsplash