Cloud Native News - CNN47
etcd is finally graduating, topology aware service routing, a lot of Kubernetes security and AWS EKS-D
CNCF & Community
- Cloud Native Computing Foundation Announces etcd Graduation
"To officially graduate from incubating status, the project was certified for CII Best Practices Badge, completed security audits and addressed vulnerabilities, defined its own governance, and adopted the CNCF Code of Conduct."
Cloud-Native Industry
- Amazon EKS Distro
AWS released their Kubernetes Distribution "EKS-D" which follows the same Kubernetes version release cycle as Amazon EKS. That's a big thing!
Also interesting: ECR can now publicly provide container images.
Networking
- Topology-Aware Service Routing on Kubernetes with Linkerd
Matei David discusses what Service Topology is, how Linkerd supports it, and some of the challenges he encountered as a "newbie open source contributor.".
Security
- SPIFFE – Secure Production Identity Framework for Everyone
Have you heard about SPIFFE, the standard for service identity, and its reference implementation SPIRE? Still not sure what it is used for? Read the free eBook! - Announcing the Cloud Native Security White Paper
The CNCF Security Special Interest Group (SIG) has just released a new Cloud Native Security Whitepaper to educate the community about best practices for securing cloud-native deployments. - Authentication between microservices using Kubernetes identities
Use Service Account Token Volume projection to associate non-global, time-bound, and audience bound service tokens to Kubernetes workloads.
Containers & Orchestration
- Upgrade a K3s Kubernetes Cluster with System Upgrade Controller
Automate K3s Upgrades with System Upgrade Controller. - A better Kubernetes, from the ground up
An opinion about Kubernetes, its short-comings, and some ideas on what to do better. I agree on mainly two points: it has many terrible security defaults, and networking is incredibly complicated.
Photo by Annie Sprat on Unsplash