Cloud Native News - CNN30
Join us on Telegram & Keybase! CNCF announced the Advanced Cloud Engineer Bootcamp, AWS EKS CIS benchmark published, certificate management on K8s & Istio
On our own behalf
To engage stronger with you, we opened a Telegram and Keybase group. Share with us links you would like to see in the CNN and get notified when we release a newsletter or blog post.
Join us:
Community (CNCF, LF, CD)
- Cloud Native Computing Foundation Scales Sandbox Approval Process
With the growing demand of the cloud native community the CNCF scales the sandbox approval process and simplifies the submission of new projects. - Advanced Cloud Engineer Bootcamp makes it simple for IT pros to learn cloud
CNCF now also announced an additional course covering advanced topics such as Helm, Service Mesh, Monitoring/Logging, going beyond essential cluster setup topics.
Container Orchestration
- Tanzu Kubernetes Grid air gapped installation on vSphere v6.7
Air gapped (offline/no internet) installation can be a challenge due to many dependencies, community deployment charts and standard base images in container. Tanzu k8s Grid can solve this challenge, learn how. - Kubernetes Resource Management in Production
Having an on-point resource management is also for Kubernetes crucial. Actively dealing with cluster resources increases your cluster stability and usage. - I made a Kubernetes game where you explore your cluster and destroy pods
Pods, deamonsets and CRDs could also be evil villains in a computer game, yet it is part of Kubernetes, but this game makes you they fight. - Multi-Cloud and Multi-Cluster Declarative Kubernetes Cluster Creation and Lifecycle Management
The cluster API (CAPI) is a declarative tool to deploy Kubernetes for different platforms and providers. This article is a first good summary of the CAPI capabilities.
Security
- Introducing The CIS Amazon EKS Benchmark
The Center for Internet Security (CIS) published a benchmark (catalog of adjustments) finally to harden the AWS EKS. AWS EKS, like many other managed K8s, doesn't provide direct access to the control plane. Still, the hardening of K8s, beside the container runtime and host OS, is a security-critical step to be done in any K8s cluster. - How to manage Kubernetes Secrets with Akeyless Vault
Akeyless is a decentralized service for Kubernetes secrets, this is needed as K8s secrets are not encrypted respectively, only Base64 "encrypted" stored in etcd. - 12 Container image scanning best practices to adopt in production
Number 7 will surprise you!
Observability & Telemetry
- Loki tutorial: How to send logs from EKS with Promtail to get full visibility in Grafana
This tutorial gives you an introduction on how to set up and utilize Promtail to ship AWS EKS Logs to Grafana Loki.
Networking
- Certificate management on Kubernetes
With the ACME protocol you can automate the CA creation, signing and injection. Having this done manually leads fast to expired certificates and is impossible to handle with scaling application deployments. - Certificate management on Istio
Istio is one of the service mesh to probably go to. One of the key features is the mTLS encryption of the network communication. Understand how to automate the creation and rolling of CA for your K8s clusters. - Under the hood of Linkerd's state-of-the-art Rust proxy, Linkerd2-proxy
The linkerd2-proxy is designed for one and only one target to be a service mesh sidecar proxy, as it is a critical if not the critical component of a service mesh. Its blazing fast, written in Rust and highly reliable, have a check about Linkerd2 little secret!
Automation & Deployment
- Kubernetes helm gotchas that will drive you mad
Spoiling the concluding sentences: "So before you go and think of opening a bug report on the helm repo, do yourself a favor and do anything except that. You will be a happier person because of it. Just figure out the workaround and pray for the day when helm is a long-forgotten memory." - Open Application Model: Carving building blocks for Platforms
The OAM designs an approach to split the deployment YAML for a K8s App in multiple sections managed by different roles with different interests.
Data, Storage & Co
- Cloud Native Storage (CNS) in vSphere with Kubernetes/Tanzu (Video)
"A short video explaining the role of the vSphere CSI (Container Storage Interface) driver and CNS (Cloud Native Storage) in both the vSphere with Kubernetes/Tanzu Supervisor Cluster and in the Tanzu Kubernetes Grid (TKG) Guest Cluster." - How to modify etcd data of your Kubernetes directly (without K8s API)
There is rarely the case where you should alter etcd data directly. But some times it is necessary, as the people of Flant explain. - Enrich your Ceph Object Storage Data Lake by leveraging Kafka as the Data Source
Learn how to move Kafka messages to Ceph S3 Object Storage using Secor
Tools
- Awesome Kubernetes Resources
A curated list of awesome Kubernetes tools and resources.
Photo by Daniel Korpai on Unsplash