Cloud Native News - CNN21/05
3 min read

Cloud Native News - CNN21/05

About the pain of GitOps, Docker Distribution donated to CNCF and OPA graduates, building container images with Go, meet Hildegard - the cryptojacking malware targeting K8s
Cloud Native News - CNN21/05

CNCF Community & Industry

  • KubeCon Early Bird Tickets!
    Don't miss the early bird ticket for just 10$ for the KubeCon EU. This is also a great hack: buying a ticket, you'll get a 50% discount on the next Kubernetes exam.
  • Announcing the Linkerd Steering Committee
    "The Linkerd Steering Committee has one simple goal: to ensure that Linkerd meets the needs of its current and future users. Thus, rather than representing vendors, Linkerd's steering committee members represents Linkerd users. Members of the Linkerd Steering Committee will work with maintainers to ensure that Linkerd's roadmap is always focused on solving concrete, immediate problems for its current—and future—adopters."
  • Donating Docker Distribution to the CNCF
    The core container image distribution system (basically what drives docker hub) is going to the CNCF.
  • Open Policy Agent graduates in the Cloud Native Computing Foundation
    "The number of users on slack.openpolicyagent.org has grown by 3x (to over 3,600 users) and the number of Docker image downloads surpassed 39M (a 1000% increase!) We attribute much of this growth to the need for a robust policy-as-code solution in the cloud native ecosystem."

Containers & Orchestration

  • Killing Containers at Scale
    As a big fan of repl.it I really appreciate insights into their infrastructure. This article is about how repl.it solved the issue of slow container shutdowns across their backend infrastructure.
  • Assessing Reliability Risks on Kubernetes Clusters
    VMWare announced a Reliability Scanner engine, which includes an extensible set of reliability assessments, or checks, performed against various cluster components, such as Pods, Namespaces, Services, etc.. This engine can be used, e.g., as a Sonobuoy Plugin!
  • Kubernetes at WeTransfer
    These are field notes on WeTransfers journey upgrading Kubernetes 1.11 to 1.18 using kOps. Operating kOps clusters on my own for a couple of years now, I already appreciate this kind of report.

Networking

  • Analyzing gRPC messages using Wireshark
    "In this post, you'll learn how to configure and use the Wireshark gRPC dissector and the Protocol Buffers (Protobuf) dissector, which are protocol-specific components that allow you to analyze gRPC messages with Wireshark."

CI/CD

  • Vamp.io Introduces Research Report The 2021 State of Cloud-Native Release Orchestration
    "In our report, we dive into challenges, trends, and opportunities for improvement in releasing and validating software in production. Backed by 250+ responses from DevOps and SREs across the world."
  • The pains of GitOps 1.0
    While it is a fascinating idea to deploy and operate software, it only takes care of a subset of the software release process. Using GitOps in production for over a year, I recognize quite a few problems mentioned in this article. This is a sincere evaluation of the current state of GitOps.

Development

  • Building container images in Go
    Ahmet Alp Balkan explains how to build OCI container images by building the layers and image manifests programmatically using the go-containerregistry module (without Docker!).
  • Why Helm never felt like it belonged
    "Kubernetes is one the largest and fastest growing open-source projects. Since its inception in 2014, Kubernetes received tens of thousands of contributions from the community, and enhanced by plethora of new tools. But that doesn't come without its downsides. Namely, every now and then, there's a tool that doesn't adhere to Kubernetes core principles, and I think one such tool is Helm."

Security

  • Hildegard: New TeamTNT Cryptojacking Malware Targeting Kubernetes
    "Unit 42 researchers detected a new malware campaign targeting Kubernetes clusters. The attackers gained initial access via a misconfigured kubelet that allowed anonymous access. Once getting a foothold into a Kubernetes cluster, the malware attempted to spread over as many containers as possible and eventually launched cryptojacking operations."" - Maybe today is a good idea to check your kubelet and cluster configurations? 😉
Production Kubernetes

Photo by Ray Hennessy on Unsplash