Conftest joins the Open Policy Agent project Conftest is a CLI tool using OPA to check on demand the conformance of yaml files. Joining OPA means that some of the features will be moved to OPA, however conftest will still be there to improve the developer experience.
Chaos Mesh® Joins CNCF as a Sandbox Project The cloud native chaos engineering platform for Kubernetes joins the CNCF community. Leveraging operators, also called the chaos-operator, to disarrange workload and configs on Kubernetes.
Nomad vs Kubernetes without the complexity Nomand is an orchestrator for, but not only for, non-containerized workload, like legacy applications, micro services and batch applications.
Making a Mesh in Multi-Cloud with Consul Consul is not only a reliable key-value store and service discovery, but also brings strong service mesh capabilities which shouldn't be underestimated. Learn how to utilize Consul for multi-cloud solutions.
Observability & Telemetry
How block storage in Cortex reduces operational complexity for running Prometheus at massive scale While Cortex runs massive scaled observability clusters, and does this blazing fast for millions over millions of entries; the internal complexity increases as well as by the current implementation many new features are blocked. Now, the community introduces the usage of block storage and two new components that solve some of their issues.
Logging in Kubernetes: EFK vs PLG Stack The EFK (ELK) stack is for many years the default setup for logging infrastructure. However, since Grafana Loki enters the game, the momentum can turn. This short comparison gives you a good comprehensive overview and when which solutions fit best.
Cloud Native Development
UPDATE: UBER DELETED ORIGINAL POST - Introducing Domain-Oriented Microservice Architecture Uber moved a couple of years ago from their monolithic architecture over to a microservice architecture but lately discovered a difficult to manage complexity. Therefore Uber developed the Domain-Oriented Microservice Architecture, which logically outlines services with high cohesion and packs them together into layers that have clearly described interfaces. No innovation, but a great approach!
GKE Networking Best Practices for Security and Operation Googles managed Kubernetes is by default still quite open, as with every K8s you need to take actions in preventing the possibility to abuse these threads and lock down the access to various resources on the GKE.
The Seccomp Notifier – New Frontiers in Unprivileged Container Development With secure computing, you can restrict the syscalls down to a very limited/specific set of functions. The notifier gives you more transparency about the filters loaded and, therefore, more insights into the actual task handling.
Two Quick Ways to Apply Zero Trust in Kubernetes Zero Trust means, well ..., to not trust anyone at any time on any infrastructure. Within K8s this can be fast achieved by the utilization of Network Policies and SPIFFE/SPIRE.
Networking
Baremetal Loadbalancer Porter Porter is an open source load balancer designed for bare metal Kubernetes clusters. It's implemented by a physical switch and uses BGP and ECMP to achieve the best performance and high availability.
How we migrated Dropbox from Nginx to Envoy Dropbox is on their way to migrate from Nginx to Envoy for many reasons, read about their journey and why you should think about it too.
Tools
kvdi A Kubernetes-native Virtual Desktop Infrastructure