Cloud Native News - CNN27

CNCF & Community

• Introducing Cloud Native Community Groups!
  CNCF Meetup Groups and the Kubernetes Community Days program have been combined to "Cloud Native Community Groups (CNCG)". "CNCGs provide an easy way to host a community meetup or cloud native event. These events provide a great way to connect with other community members who are interested in all things cloud native, all over the world."
• LitmusChaos in CNCF Sandbox
  Open Source Kubernetes-Chaos Engineering tool Litmus is now a CNCF Sandbox project.

Processes / Guides / Articles

• AWS Lambda abuse
  "We will talk about strategies to mitigate the impact of DDoS attacks and create fail-safe serverless applications."
• Infrastructure as code: A non-boring guide for the clueless
  "We’re explaining infrastructure as code and the concepts that surround it. It’s aimed at people with little or no experience in tech infrastructures."
• How Cilium Protects Against Common Network Attacks
  Remember the IPv6 Router Advertisement vulnerability from a few weeks ago? In this post, Cilium explains its approach to be "secure by default", which lead to the fact that Cilium wasn't vulnerable to the mentioned CVE.
• Docker and Kubernetes — root vs. privileged
  "Docker offers a seemingly similar --privileged flag, which is actually much different from casual sudo usage, that might expose your applications to unnecessary risk. I’m (Bryant Hagadorn) going to show you how this is much different than running as root (and how to avoid running as root!) as well as what privileged actually means."
• Naming Applications and Microservices
  "Naming is hard. Naming is communication. Going bananas with naming microservices? Probably something you will regret! This post proposes a few guidelines to follow when naming internal applications and components."
• Kubernetes Operators Explained
  A high-level introduction to Operators. Use it to explain it to your boss!
• Replace AWS VPC-CNI with Calico on AWS EKS cluster
  What a lot of people do not know: it is possible to remove the default AWS-CNI from EKS, which potentially removes some limitations. The article gives an example of how to run Calico on EKS.
• A First Look at The Podman 2.0 API
  The new Podman API is going to unlock your ability to move more smoothly from Docker to Podman. This article covers some internals.
• Containers the hard way: Gocker: A mini Docker written in Go
  "Gocker is an implementation from scratch of the core functionalities of Docker in the Go programming language. The main aim here is to provide an understanding of how exactly containers work at the Linux system call level."
• Mettle: Our resilient Etcd setup
  "As a platform engineer I want to be confident in the self-healing nature of our Etcd cluster So that it automatically heals without human intervention". Also worth watching: Mettles journey towards throw-away clusters with Steve Wade
• When it’s not only about a Kubernetes CVE…
  This is the background story of CVE-2020–8555. Brice Augras and Christophe Hauquiert, Zero-Day Hunters, are explain everything in detail: from finding the vulnerability to the public disclosure.
• Verify your Kubernetes Cluster Network Policies: From Faith to Proof
  Implementing Network Policies is one thing. Ensuring that they are permitting and blocking exactly what they are supposed to is a totally different deal.
• I Found A Painless Way To Manage Secrets In Google Kubernetes Engine
  This article explains how to manage Secrets within GKE utilizing Google Berglas.
• Efficient Model Training in the Cloud with Kubernetes, TensorFlow, and Alluxio
  "This article presents the collaboration of Alibaba, Alluxio, and Nanjing University in tackling the problem of Deep Learning model training in the cloud."
• openSuse Leap 15.2 Release brings new AI, Machine Learning and Container packages
  For the first time, Kubernetes is an official package in the release. This gives a huge boost to container orchestration capabilities, allowing users to automate deployments, scale, and manage containerized applications.

Tools

• A Journey building a fast JSON parser and full JSONPath, Oj for Go
  "This is a tale of journey that ended with a Parser that leaves the Go JSON parser in the dust and resulted in some useful tools including a complete and efficient JSONPath implementation."
• konstraint
  A policy management tool for interacting with Gatekeeper
• starboard
  The Kubernetes-Native Toolkit for Unifying Security.
• Checkov
  An IaC analysis tool to scan Kubernetes manifests and identify security and configuration issues in Kubernetes workloads.

How to quarantine your pods - via learnk8s

Photo by bert sz on Unsplash