Cloud Native News - CNN23
CNCFs new general manager Priyanka Sharma, Kubernetes CVE MITM Attack, new K8s CKA exam curriculum, K8s & 5G, NIST guide to build secure microservices, OWASP Kubernetes Security Testing Guide
CNCF & Community
- Priyanka Sharma takes over the seat as General Manager at CNCF
Dan Kohn moves on to a new Linux Foundation project to support to the public health sector. Priyanka was before Director Technical Evangelism at GitLab.
- CVE-2020-8555 man in the middle attack on Kubernetes This CVE is a Server Side Request Forgery (SSRF) vulnerability in kube-controller-manager that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master’s host network (such as link-local or loopback services). Several websites reported about it:
- The curriculum of the CKA exam will get an update in September 2020
The new curriculums for the CKA 2020 Update bring some changes, we compared the current and the future version in a previous blog post. - CNCF and Linux Foundation Announce New Cloud Engineer Bootcamp
which covers Linux system administration, networking, container fundamentals, CICD implementation, and Kubernetes fundamentals. The Bootcamp ends by Linux Administrator certification as well as Certified Kubernetes Administrator. - OWASP started a project to develop a K8s security testing guide
and is looking for some helping hands, check out the project, and how you can support the team!
Processes / Guides / Articles
- 5G Rollout: How Kubernetes and Edge Computing Is Making 5G a Reality
Every generation has its breakthroughs, and 5G has found one of its own: Kubernetes. Combined with edge technology, it has seen tremendous growth over the last few years. - EKS vs GKE vs AKS - June 2020 Update
AKS brings K8s 1.18 in preview and now have admissions enforcer to implement admission controller, EKS wents live in GovCloud and GKE leverage container threat detection to beta. - Attaching an Elastic IP to EKS worker node
The problem is that EKS does not allow you to create separate instances, but instead directs you to use Auto Scaling Groups. Thus you have no opportunity to assign Elastic IP to specific EKS workers statically, but you can do that dynamically. - Optimizing Kubernetes Resource Requests/Limits for Cost-Efficiency and Latency - Highload++
Old but gold, learn from Henning Jacobs to optimize your K8s through CPU throttling and overcome latency issues. - NIST - Building Secure Microservices-based Applications Using Service-Mesh Architecture
The proposal of this document is to provide deployment guidance for proxy-based Service Mesh components that collectively form a robust security infrastructure for supporting microservices-based applications. - How we use HashiCorp Nomad
Cloudflare runs in more than 200 edge cities worldwide. This blog outlines you how HashiCorp Nomad, helped them to improve the availability of services in each of those data centers, and the challenges they overcame along the way. - Log Monitoring and Alerting with Grafana Loki
In this post, Ruturaj, will walk you through the steps to deploy Grafana Loki in a Kubernetes environment. Grafana Loki consists of three components Promtail, Loki, and Grafana (PLG), which you will get introduced in brief before proceeding to the deployment. - Dynamic DNS and LoadBalancing without cloud provider
When running on a Cloud provider, you often get a Load Balancer out of the box. When running on bare metal or VMs, your load balancers stay in a pending state. Throughout this guide, you learn to set up CoreDNS, External DNS, Nginx Ingress, and MetalLB, to provide a dynamics experience like the one supplied with Cloud architecture. - How we solved our need to override Prometheus alerts
Prometheus lacks an option to override alert rules. This is how you overcome this.
Tools
- K8s KPIs with Kuberhealthy
An operator for synthetic monitoring on Kubernetes. By creating a custom resource (a khcheck) in your cluster, you can easily enable various synthetic test containers. - PlanetScale open-sources Kubernetes operator for Vitess
The operator allows you to quickly deploy Vitess in your Kubernetes clusters. To get started with the Vitess Operator, you can try out these getting started examples on the Vitess website and review the documentation here. - Cluster Turndown
Cluster Turndown is an automated scaledown and scaleup of a Kubernetes cluster's backing nodes based on a custom schedule and turndown criteria.
Books
Discover the basics of message-based architectures, render the same state in different shapes to fit the task at hand, and learn what it is that makes something a monolith (it has nothing to do with how many machines you deploy to).
Photo by Clark Tibbs on Unsplash