Cloud Native News - CNN37
About CNI Benchmarks and live migrations, enforcing Network Security Policies with OPA and Mult-Tenancy with Thanos Receiver.
Cloud-Native Industry
- Our $26.5M Round — Growth Built on Sea Change of Kubernetes and DevSecOps
"StackRox announces $26.5M round of funding, enabling us to meet rapidly growing demand driven by Kubernetes and DevSecOps". Well, congratulations, well deserved!
Containers & Orchestration
- Kubernetes YAML Generator
An interesting concept of generating YAML for Pods, Deployments, and Statefulsets. I can imagine it does an excellent job of teaching about the manifests internals! - Performing a Live CNI Migration
Changing the CNI of a running cluster, without any service interruption, is a non-trivial effort. Jetstack (popular for their famous cert-manager) wrote an article about how they switched from Canal to Cilium in a running cluster. - Kalm
I haven't used Kalm on my own, but it looks like a pretty decent UI for creating and adjusting Kubernetes resources. I bet there is a market for this kind of tool, especially as it is Open Source.
Networking
- Benchmark results of Kubernetes network plugins (CNI) over 10Gbit/s network
(Updated: August 2020)
This is the third consecutive year Alexis Ducastel performs his Kubernetes CNI Benchmark of state-of-the-art CNIs. Exciting insights! - Unimog - Cloudflare’s edge load balancer
"Unimog is the Layer 4 Load Balancer for Cloudflare's edge data centers. This post explains the problems it solves and how it works." - Performance Benchmark Analysis of Egress Filtering on Linux
Kinvolk performed a benchmark of the common Linux technologies. "This blog post presents the methodology and results from benchmarking some of the Linux filtering technologies: eBPF, IP sets, and iptables."
Security
- Easier Troubleshooting of cert-manager Certificates
A short tour of cert-managers new kubectl plugin. So handy, I'm sure I will use it! - How to enforce Kubernetes network security policies using OPA
Network Security Policies are a good idea to implement. With Open Policy Agent, it is possible to enforce their existence to follow security guidelines.
Observability
- Achieving multi-tenancy in monitoring with Prometheus & the mighty Thanos Receiver
"One of the common challenges of distributed monitoring is to implement multi-tenancy. Thanos receiver is a Thanos component designed to address this common challenge.". Thanos' Receiver component is now GA, so thanks for this article! - CNCF End User Technology Radar: Observability, September 2020
The second edition of the quarterly CNCF technology radar has been released. This time it covers observability technologies with many unsurprising solutions in the "adopt" corner :)
Development
- Why do we hit a wall when introducing microservice architecture?
"Understanding various technical issues and pitfalls of microservice architecture". - CRAFT
"Creating a Kubernetes operator requires domain knowledge of abstraction and expertise in Kubernetes and Golang. With CRAFT, you can create operators without a dependent layer and in the language of your choice!"
— David Bell (@dastbe) September 10, 2020
Photo by Thomas Jensen on Unsplash