Cloud Native News - CNN31
KubeCon 2 weeks ahead! Google OUC license for Istio confuses the community, reducing Cortex ops complexity with block storage, Ubers Domain-Oriented Microservice Architecture to handle microservice complexity, Dropbox migrating from Nginx to Envoy
Community (CNCF, LF, CD)
- KubeCon/CloudNativeCon EU 2 weeks ahead!
For 75$ you can join us on four days of virtual cloud native content! Don't miss the "co-located" events like AWS Container Days, ServiceMeshCon or Serverless Practitioners Summit. - Google’s Management of Istio Raises Questions in the Cloud Native Community
Istio will not join the CNCF family but got alongside other Google projects, an own license model, the Open Usage Commons (OUC). This causes some stormy times in the open source community, some members go so far to recommend to fork Istio and start over as a new project. - Conftest joins the Open Policy Agent project
Conftest is a CLI tool using OPA to check on demand the conformance of yaml files. Joining OPA means that some of the features will be moved to OPA, however conftest will still be there to improve the developer experience. - Announcing Vitess 7
- Chaos Mesh® Joins CNCF as a Sandbox Project
The cloud native chaos engineering platform for Kubernetes joins the CNCF community. Leveraging operators, also called the chaos-operator, to disarrange workload and configs on Kubernetes. - What you need to know about Kubernetes CKA Exam Updated Syllabus(September 2020)?
Another great write up of the new syllabus of the CKA exam which will be valid from September. Read the guide if you want to do the CKA exam later than September.
Container Orchestration
- Nomad vs Kubernetes without the complexity
Nomand is an orchestrator for, but not only for, non-containerized workload, like legacy applications, micro services and batch applications. - How to track costs in multi-tenant Amazon EKS clusters using Kubecost
Kubecost is an open source tool supporting you in tracking costs in multi-tenant K8s clusters. - Helm 3 Umbrella Charts & Standalone Chart Image Tags — An Alternative Approach
Using umbrella charts in helm is normally, almost in any case, not a good idea. But with the following approach, it can be used without having the downsides of umbrella charts like reprocessing the whole template. - Making a Mesh in Multi-Cloud with Consul
Consul is not only a reliable key-value store and service discovery, but also brings strong service mesh capabilities which shouldn't be underestimated. Learn how to utilize Consul for multi-cloud solutions.
Observability & Telemetry
- How block storage in Cortex reduces operational complexity for running Prometheus at massive scale
While Cortex runs massive scaled observability clusters, and does this blazing fast for millions over millions of entries; the internal complexity increases as well as by the current implementation many new features are blocked. Now, the community introduces the usage of block storage and two new components that solve some of their issues. - Logging in Kubernetes: EFK vs PLG Stack
The EFK (ELK) stack is for many years the default setup for logging infrastructure. However, since Grafana Loki enters the game, the momentum can turn. This short comparison gives you a good comprehensive overview and when which solutions fit best.
Cloud Native Development
- UPDATE: UBER DELETED ORIGINAL POST - Introducing Domain-Oriented Microservice Architecture
Uber moved a couple of years ago from their monolithic architecture over to a microservice architecture but lately discovered a difficult to manage complexity. Therefore Uber developed the Domain-Oriented Microservice Architecture, which logically outlines services with high cohesion and packs them together into layers that have clearly described interfaces. No innovation, but a great approach!
Security
- 5 Kubernetes security incidents and what we can learn from them
What has Capital One, Docker Hub, and Tesla in common? Right, they messed up with their Kubernetes, leading to security incidents that you should have a look at. - GKE Networking Best Practices for Security and Operation
Googles managed Kubernetes is by default still quite open, as with every K8s you need to take actions in preventing the possibility to abuse these threads and lock down the access to various resources on the GKE. - The Seccomp Notifier – New Frontiers in Unprivileged Container Development
With secure computing, you can restrict the syscalls down to a very limited/specific set of functions. The notifier gives you more transparency about the filters loaded and, therefore, more insights into the actual task handling. - Two Quick Ways to Apply Zero Trust in Kubernetes
Zero Trust means, well ..., to not trust anyone at any time on any infrastructure. Within K8s this can be fast achieved by the utilization of Network Policies and SPIFFE/SPIRE.
Networking
- Baremetal Loadbalancer Porter
Porter is an open source load balancer designed for bare metal Kubernetes clusters. It's implemented by a physical switch and uses BGP and ECMP to achieve the best performance and high availability. - How we migrated Dropbox from Nginx to Envoy
Dropbox is on their way to migrate from Nginx to Envoy for many reasons, read about their journey and why you should think about it too.
Tools
- kvdi
A Kubernetes-native Virtual Desktop Infrastructure