Cloud Native News - CW9

Editorial

• Kubernetes is popular, complex, a security risk – and destined for invisibility
  As Joe Beda admits: Kubernetes is complex. This Blog posts sketches what and why things related to Kubernetes need to get more approachable.

Industry

• Alcide Kubernetes security platform supports PCI and GDPR security regulations
  "Alcide, a Kubernetes security leader, now supports compliance scans for  PCI and GDPR, enabling DevOps to deliver regulatory compliance checks  rapidly and seamlessly alongside Alcide’s Kubernetes security  capabilities."
• Mirantis acquires Kontena Three months after Mirantis acquired Docker, they hunt down their new objective of desire: Kontena, the open source container and micro service developer platform.
• Linkerd team propose service mesh-free way to run multi-cluster Kubernetes Ever heard of service mirroring? No? Linkerd maintainer Thomas Rampelberger introduced this idea of a service mirror operator which mirrors a remote service locally and configures endpoints to route traffic to the right IP. All without a service mesh!

Tools

• CNCF Tools Overview: Fluentd – Unified Logging Layer
  A great overview about Fluentd. its configuration and also alternatives. This way I learned about vector!
• Introducing the Calico eBPF dataplane
  The Calico team merged a new dataplane option to Calico, based on eBPF. This new dataplane will be included as a Tech Preview capability in the next version of  Calico, v3.13.
• Bring your ideas to the world with kubectl plugins
  Adding functionality to kubectl? Possible with kubectl plugins! There is even krew, a kubectl plugin manager!

Processes

• Logging FOMO is real and it hurts. Here’s how to overcome it
  Everyone will know sooner or later: more logs do not necessarily lead to better logging...
• Docker Images : Part II - Details Specific To Different Languages
  The successor of Jérôme Petazzonis blog series about Docker Images. The first one was about Docker Image sizes.
• How to monitor kube-controller-manager
  The kube-controller-manager is one of the key components of every Kubernetes Cluster. Sysdig already explained us how to monitor kubelet, as covered in CNN-6.
• Advanced Persistence Threats: The Future of Kubernetes Attacks
  "What could an attacker who understands Kubernetes at a deep level be capable of?" - Ian Coldwater and Brad Geesaman try to give an answer.
• The Difference Between API Gateways and Service Mesh
  Marco Palladino, CTO of Kong, the API Gateway wrote a lengthy article about the goals of API Gateways and Service Meshes and - more importantly - when to chose what.
• Cloud Cost Optimization at Scale: How we use Kubernetes and spot instances to reduce EC2 billing up to 80%
  Saving costs of your Kubernetes cluster is possible via spot instances. This is a field report how it can be approached.
• Kubernetes Journey — Up and running out of the cloud — How to setup the HAProxy Cluster with high availability
  A deep into how to configure HAProxy Cluster with high availability with the help of Corosync and Pacemaker to load balance the kube-apiserver.

Photo by Rinson Chory on Unsplash