Cloud Native News - CNN28
The cloud native community is busy these days: KubeCon/CloudNativeCon goes virtual, SUSE acquires Rancher Labs, Operator Framework & Contour joining the CNCF Incubating Project,
CNCF + Community
- KubeCon + CloudNativeCon North America 2020 goes virtual
Thanks to COVID-19 KubecOn NA will also be a virtual event. The positive aspect: "Now where you live and your ability to travel is no longer a barrier to participating!" - PromCon 2020
The registration for PromCon Online 2020 is now open and free of charge! The virtual conference takes place from July 14 – 16. - Announcing the updated CNCF Storage Landscape Whitepaper
"The whitepaper’s goal is to help end-users better understand cloud native storage terminology, options, attributes, and architectures." Direct Link to the Whitepaper. - Why IBM doesn’t agree with Google’s Open Usage Commons
Google announced the creation of the Open Usage Commons (OUC), which is contrary to the original idea of contributing Istio to the CNCF when it is mature enough. The OUC doesn’t align with the expectation of the community for open governance. As a founding member of the Istio Project IBM publicly disagrees. - SUSE to acquire Rancher Labs
Yet another significant acquisition: Rancher will continue to run as its own entity and will continue supporting multiple Kubernetes distributions and operating systems in the used open manner. Apropos Rancher: here is almost all you need to know about it - Statement of direction: IBM intends to deliver containers and Kubernetes orchestration support for IBM z/OS
IBM intends to deliver a container runtime for IBM z/OS in support of Open Containers Initiative compliant images comprising z/OS software. It furthermore integrates those containers on z/OS-Kubernetes. - Cloud Native Computing Foundation Scales Sandbox Approval Process to Meet Growing Demand from New Projects
"CNCF TOC has put in place a great new process that simplifies the barrier to entry for worthy projects and increases innovation, which recently led to 11 new Sandbox projects being accepted." - Deepening End User Engagement with an Enhanced Ecosystem Program
The end user community is one of the important supporters of the open source community and provide direct feedback to the development of the CNCF ecosystem. This feedback will be streamlined through the enhanced ecosystem program, a vendor-neutral safe space to strengthen the collaboration and idea creation. - TOC approves Operator Framework as Incubating Project
The Operator Framework, which is made up of two main components Operator SDK and Operator Lifecycle Manager (OLM), is an open source toolkit for managing Kubernetes native applications, called Operators, in an automated and scalable way. - Gartner’s 2020 Market Guide to Cloud Workload Protection Platforms
Gartner notes that: “Protection requirements for cloud-native applications are evolving and span virtual machines, containers and serverless workloads in public and private clouds. Security and risk management leaders must address the unique and dynamic security requirements of hybrid cloud workloads.” - TOC Accepts Contour as Incubating Project
Contour is a high-performance ingress controller for Kubernetes that provides a control plane for Envoy.
Articles
- CoreBGP - Plugging in to BGP
Due to BGPs flexibility and extensibility it’s challenging to summarize exactly how/where BGP is used. This post introduces the CoreBGP library, which can be used to build the next generation of BGP-enabled applications. - GKE brings Node Local DNS cache to GA
NodeLocal DNSCache improves Cluster DNS performance by running a DNS caching agent on cluster nodes as a DaemonSet. It is now generally available for GKE users! - No Humans Involved: Mitigating a 754 Million PPS DDoS Attack Automatically
Cloudflare built its own DDoS protection system, which drops packets inside the Linux kernel for maximum efficiency in order to handle massive floods of packets. Their systems were able to mitigate a massive DDoS attack without any human intervention. Truly Remarkable! - OIDC issuer discovery for Kubernetes service accounts
"The new integration, which is what this blog post is about, wires OIDC in the opposite direction; the Service Account Issuer Discovery feature enables the federation of Kubernetes service account tokens issued by a cluster (the identity provider) with external systems (relying parties) based on the OIDC Discovery Spec. Projected Service Account Tokens are required for this feature to be enabled." - The Flaw in BGP Load-balancing in MetalLB
An interesting analysis of a shortcoming in a popular Kubernetes bare-metal loadbalancer implementation. - Building Cloudflare TV from scratch
Cloudflare TV is inspired by television shows of the 90s that shared the newest, most exciting developments in computing and music videos. The article explains their motivation and approach of implementation based on clever reuse of existing tech like Zoom, Brave and Contentful CMS. - Restricting Flux permissions
A nice little reminder that security can be achieved with board tooling. - Ensure Content Trust on Kubernetes using Notary and Open Policy Agent
This blog post shows you how to enforce image trust on your Kubernetes Cluster by fully relying on two well-known CNCF hosted open source solutions: Notary and Open Policy Agent (OPA). - A comprehensive guide to managing secrets in your Terraform code
It can not be highlighted enough: keep your Terraform state secure, as it contains your secrets in plain text! This article discusses how to deal with it. - Innovating Infrastructures with HashiCorp Nomad and Podman
This is a what, why, and how Thomas Weber implemented a Nomad <-> Podman interoperability prototype plugin. The Podman task driver plugin for Nomad uses the daemon less container runtime for executing Nomad tasks. - CKA/CKAD exam: Managing ETCD cluster
A crucial part of operating K8s is the ETCD and its maintenance, running updates, backups and to know how to troubleshoot the database cluster.
Tools
- wordpress-operator
WordPress operator for Kubernetes - Flux 1.20.0
"This minor version release updates dependencies, and includes some quality of life improvements, such as having a cooldown for rate limiting." - The Open Guide to Amazon Web Services
"This guide is by and for engineers who use AWS. It aims to be a useful, living reference that consolidates links, tips, gotchas, and best practices. It arose from discussion and editing over beers by several engineers who have used AWS extensively." - Porter: An Open Source Cloud Native Load Balancer in CNCF Landscape
Porter, a load balancer designed for bare metal Kubernetes clusters, was officially included in CNCF Landscape last week. There is also a comparison to MetalLB.
Photo by Markus Winkler on Unsplash