Cloud Native News - CNN21/04
About Pod Privilege Escalation, building a custom ingress controller, pros and cons of Mono Repos and in-depth etcd knowledge.
Containers & Orchestration
- Scaling Kubernetes to 7,500 Nodes
"Scaling a single Kubernetes cluster to this size is rarely done and requires some special care, but the upside is a simple infrastructure that allows our machine learning research teams to move faster and scale up without changing their code." - A visual guide on troubleshooting Kubernetes deployments
An updated version of the famous visual guide on troubleshooting Kubernetes. It's that easy! Isn't it? - containers/crun
"crun aims to be also usable as a library that can be easily included in programs without requiring an external process for managing OCI containers." - Kubernetes - How to Debug CrashLoopBackOff in a Container
"If you've used Kubernetes (k8s), you've probably bumped into the dreaded CrashLoopBackOff. Learn how to debug this scenario." - Exploring Kubernetes Operator Pattern
"When it comes to operators, there is a lot of buzz. But actually, most of the time it's just a pod (or a few pods) running a custom controller and one or more custom resources to interact with it." - How to use Harbor Registry to Eliminate Docker Hub Rate Limits
While Dockers' rate-limiting on image pulls is annoying, it is not too hard to work around it without signing a paid subscription. Use Harbor as a pull-through registry! - Onwards to the Core: etcd
A very detailed journey into the inner workings of etcd and how the Kubernetes API server uses it.
Infrastructure
- Multi-cluster Kubernetes Management Solutions
An overview of popular SaaS solutions, including Rancher, Google Anthos, Azure Arc, and Volterra, as well as open-source alternatives. - Terraform Mono Repo vs. Multi Repo: The Great Debate
"Learn about the pros and cons of using mono repositories and multi repositories along with the most logical use case for each." - How we live-migrated massive Cortex clusters to blocks storage with zero impact to Grafana Cloud customers
"A lot of companies rely on Grafana Cloud Hosted Metrics as the core of their observability stack. The migration was meticulously planned and patiently executed."
Security
- Pomerium — open-source identity-aware access proxy — now supports TCP
Pomerium now supports internal access for any TCP-based application or service such as SSH, RDP, or any Databases like Redis, MySQL, Postgres! And as with HTTP, every session is authenticated, authorized, and encrypted. Click here to see the demo - Bad Pods: Kubernetes Pod Privilege Escalation
Seth Art discusses the impact of overly permissive pod security policies and the importance of applying restrictive controls around pod creation by default
Networking
- Building a Kubernetes Ingress Controller with Caddy
How Dgraph built a Caddy based Ingress Controller for Kubernetes
Observability
- Basics and best practices for getting started with PromQL
Grafana Labs software engineering intern Atibhi Agrawal shares her takeaways from a training course on the Prometheus query language."
Photo by Chris Rosiak on Unsplash