Cloud Native News - CNN26
Open Source Summit, KubeCon Schedule is out, 15.000 node Clusters, cross-cluster traffic mirroring with istio, Cilium 1.8 release
CNCF & Community
- Open Source Summit
OSS starts this week and goes from the 29th of June till the 02nd of July. For $50 you can attend the #ossummit online and explore the virtual schedule. - KubeCon + CloudNativeCon EU Virtual – NEW schedule is live!
Sadly we can't meet in person in Amsterdam, however, the new schedule is out! - Announcing Harbor graduation
As the 11th graduating CNCF project Harbor proves its stability, community support and reach. - SPIFFE/SPIRE moves on to Incubating
The Secure Production Identity Framework For Everyone and its implementation SPIRE leaving the Sandbox to join the Incubating class of CNCF.
Processes / Guides / Articles
- Persistent Volumes: Separating Compute and Storage
"The logical separation of compute and storage has become increasingly formalized in Kubernetes via subsystems like the Container Storage Interface (CSI), and in this article, I [Brian Pawlowski] argue that the physical separation of compute and storage leads to improved economics and more efficient operations; and so it is a powerful strategy to employ with Kubernetes." - Bayer Crop Science seeds the future with 15.000-node GKE clusters
The documented limit of nodes in a Kubernetes cluster is at 5.000. This post explains what was necessary to make GKE operate with three times the amount. Including an answer to the question: what do you do with a 15.000 node cluster? - Cross-Cluster Traffic Mirroring with Istio
Mirroring production traffic to a staging cluster: possible with Istio and done at Trivago. - How To Enforce Kubernetes Network Security Policies Using OPA
In a nutshell, a network policy in Kubernetes enables you to enforce restrictions on pod intercommunication. However, a policy is only as good as its implementation. - Implementing LDAP authentication for Kubernetes
"This article shows how to implement LDAP authentication for Kubernetes with the Webhook Token authentication plugin. The article includes a tutorial taking you from zero to the complete system with step-by-step instructions. No previous knowledge about Kubernetes authentication is required." - ConfigMaps in Kubernetes: how they work and what you should remember
Kubernetes ConfigMaps marked the beginning of a new era of configuring applications. The article is focusing on different approaches of application configuration. - Using AWS NLB manually targeting an EKS Service exposing UDP traffic
With EKS 1.16 it is currently not easily possible to create a Kubernetes service of type Network Loadbalancer for routing UDP traffic. This article analyzes the issue and proposes a workaround.
Tools
- Cilium 1.8
Comes with a huge load of new features and improvements: eXpress Data Path (XDP) Load Balancing support, Cluster-wide Flow API, performance optimizations across the board, better policy visibility and control and so on. - Thanos 0.13
A whole bunch of fixes improve the general stability of Thanos. Also the querier performance has increased. - D2IQ: KUDO for Kubeflow
Brings you a secure, scalable and portable deployment of Kubeflow. The predefined configurations and deployments cover best practices and prevent, like happened in many cases the last months, the exposure of dashboard to the internet.
Photo by Jonas Jacobsson on Unsplash