Cloud Native News - CNN38
What are the challenges to become cloud native? Orchestrate VMs with K8s, Open Service Mesh accepted as CNCF sandbox, Detecting CVE-2020-14386 with Falco
CNCF & Community
- Open Service Mesh (OSM) accepted into CNCF as a sandbox
Just a couple of months after the release of the Open Service Mesh (OSM), it got now accepted into the CNCF sandbox program. OSM is a lightweight, extensible, Cloud Native service mesh.
- TOC Approves KubeEdge as Incubating Project
Also, this week the CNCF Technical Oversight Committee (TOC) voted to accept
KubeEdge as an incubation-level hosted project. KubeEdge is an open-source
system for extending the containerized application to the Edge.
- Top 7 challenges to becoming cloud native
Cloud native is a challenge for organizations, professionals and the IT market. The slightly different way of approaching new platforms & applications seems to be a major (mile)stone and causes struggles.
- Detecting CVE-2020-14386 with Falco and mitigating container escapes
Falco is an open-source cloud-native runtime security project, which detects unexpected application behavior and alerts on threats at runtime. Sysdig explains how you can configure falco to detect this freshly found CVE.
Containers & Orchestration
- 5 Problems with Kubernetes Cost Estimation Strategies
A recurring problem in highly dynamic infrastructures: cost estimation. This post explains nicely why there is no perfect fit between apps and the infrastructure resources, but what you can take away to get a very well match!
- Using Kubernetes to orchestrate VMs
Baremetal Server + K8s + Calico = K8s orchestrated VMs(yes VM, not container), with the help of KubeVirt. Learn how you can fast & easy spin up VMs from K8s on your bare metal hosts.
- Raking the floods: my intern project using eBPF
SYN-cookies help to mitigate SYN-floods for TCP, but how can we protect services from similar attacks that use UDP? The authors of this blog post designed an algorithm and a library to fill this gap, and it’s open source!
- Simplify Kubernetes Resource Access Control using RBAC Impersonation
The Kubernetes RBAC includes an
impersonateverb, that can be used to allow Subjects (i.e., Users, Groups, ServiceAccounts) to acquire other Kubernetes User or Group identity.
- How to Create Ephemeral Environments using Crossplane and ArgoCD?
Learn how to create & manage with GitOps and Crossplane GKE based K8s clusters for short term development needs, which can preinstall all your needed tools and configurations.
Photo by Martijn Baudoin on Unsplash