Cloud Native News - CNN29

CNCF

• Certified Kubernetes Security Specialist CKS
  The Linux Foundation and Cloud Native Computing Foundation worked on reshaping the K8s certifications. Now they announced the Certified Kubernetes Security Specialist (CKS). We analyzed the current curriculum and wrote a guide on how to prepare for the exam.
• OKD (OpenShift) 4 is GA
  OKD4 now uses Fedora CoreOS as a base OS for the nodes. It enables the cluster with recent security fixes, new features (like cgroups v2 support) and updated software.
• Site Reliability Engineering (SRE) 101 with DevOps vs SRE
  "SRE is what happens when you ask a software engineer to design an operations team," Benjamin Treynor Sloss, Google.
• CNCF Ambassador Spotlight: Alex Ellis
  "My goal is to help companies and individuals understand how CNCF projects fit together and when to adopt them." - "Cloud native took over my career, and now I spend most of my time consulting with companies that are adopting Kubernetes or cloud computing and helping them speak to developers about their products."

Articles

• Etcd, or, why modern software makes me sad
  It was a huge discussion, this week on Hacker News: Is it okay that simple technology gets more complex once it gets more popular? We are not sure if we find an answer within this discussion, but for sure, you will find a lot of opinions!
• How to architect for Kubernetes: Part 1
  Looking for advice for Kubernetes network design on AWS? Here you'll find a baseline.
• Kubernetes and Networks - why is this so dang hard?
  A brief look at models for integrating Kubernetes clusters into existing networks.
• Serverless Rendering with Cloudflare Workers
  Cloudflares serverless "Workers" allow users to deploy applications to load lightweight and static html, with all application logic residing on the network edge. This is an introduction to their capabilities.
• How would I proceed with Kubernetes deployments?
  Helm-free Kubernetes application deployments? This article is going to show you a world of "template-free customizations and single-purpose deployment tools!"
• Monitoring AWS Lambda with Prometheus and Sysdig
  Using the YACE exporter it is possible to gather metrics from any CloudWatch namespace - therefore also information of AWS Lambda.
• Proxy WebSocket through Kubernetes API server
  Kubernetes API server can proxy HTTP connections between a client and any service running on a cluster. Banzai Cloud dug a bit deeper and came across a bunch of issues trying to stream Loki query results via Websocket using `kubectl proxy`.
• Apache Spark Performance Benchmarks show Kubernetes has caught up with YARN
  Apache spark is as fast on Kubernetes as it is on YARN. With this statement, a big chunk of the BigData-on-Kubernetes-movement is proven to follow the right trend.
• Standing up a Calico powered Kubernetes cluster using kops
  Kops and Calico are two very mature projects that work well together. Give it a try with this article!
• Enforce Ingress Best Practices Using OPA
  OPA can be used on different levels of policy enforcement. This article explains how to avoid ingress route conflicts utilizing a bit of rego.
• CRD is just a table in Kubernetes
  Custom Resources and their definitions are topics that are barely touched by CKA or CKAD. Even though it is almost impossible to get around them in a production-grade cluster, as a lot of typical applications like Velero or Certificate Manager are relying on them.

Tools

• sinker
  A tool to sync images from one container registry to another
• shell-operator: project status & news
  Allowing you to run custom scripts (written in Bash, Python, etc.) triggered by specific events in the K8s cluster.
• CDK for Terraform: Enabling Python & TypeScript Support
• kubelive
  "kubectl tool reinvented to be more reactive and interactive".
• AWS EKS 1.17
  "Kubernetes 1.17 is now available in Amazon EKS. For more information about Kubernetes 1.17, see the official release announcement."

Photo by Hack Capital on Unsplash