Cloud Native News - CNN21/10
Explaining the KubeCons schedule selection, comparing Crossplane to LLVM, and learning magic with OPAs Rego...
CNCF & Community
- A look inside the KubeCon + CloudNativeCon schedule selection process
After the announcement of the KubeCon + CloudNativeCon schedule, multiple voices raised that their talks were not included. This article describes the decision process and its criteria. Myself (Max) was part of the process and reviewed around 70 talks. I would have loved to see so many proposals live on stage, but there are simply not enough slots. It is hard to decide by a simple proposal which might be a good talk and which not. Consequently, it is often a question of how well the proposal is structured: does it describe clearly what the community will learn? Which further information is given? Does it contain relevant links to the projects, blog posts, or other sources? - Flux growth and is now a CNCF Incubation project
40k+ contributors, 16k+ commit, and over 12k+ stars on GitHub - flux strongly moves on in the community and towards its process to GA.
Security
- Docker Security - OWASP Cheat Sheet Series
Let's face it: Docker is the most used container runtime out there. Even independently from Kubernetes. However, running workloads securely is not trivial at all. - 10 Kubernetes Security Context settings you should understand
runAsNonRoot,capabilitiesandfsGroupturn your head? In this cheat sheet, the most importantsecurityContextsettings are explained. Explore what they mean and how you should use them.
Containers & Orchestration
- Is Crossplane the Infrastructure LLVM?
Crossplane is an open-source Kubernetes add-on that supercharges your Kubernetes clusters, enabling you to provision and manage infrastructure, services, and applications from kubectl. Crossplane itself is the customizable translation layer, and Crossplane's Providers are the backends that target infrastructure APIs, similar to the LLVM backends - Ask an OpenShift Admin (Ep 21): Etcd - the heart of the control plane
The hosts Andrew Sullivan and Chris Short answeres in this episode your questions about etcd, how does the heart of the Kubernetes control plane work and which secrets it keeps. - Introduction to k3d: Run K3s in Docker
k3d is a small program made for running a K3s cluster in Docker. K3s is a lightweight, CNCF-certified Kubernetes distribution and Sandbox project. A reliable and fast way to get started locally with K8s. - [YouTube ] Flake Finder Fridays
Dan Mangum and Rob Kielty running through the Kubernetes releases from a CI perspective and show you how to run the K8s end-to-end test locally. Great insights, don't miss it!
Development
- Rust vs. Go: Why They're Better Together
Rust and Go are often seen as competitors, while their community actually sees them as a perfect love story; how they motivate and complement each other will be found in this article.
Storage
- Object Storage as a Service with MinIO's Operator and Kubernetes
Object storage as a service is the hottest concept in storage today, and this post outlines how to quickly and easily enable it using MinIO and Kubernetes.
Other
- jetstack/preflight
Automatically perform Kubernetes cluster configuration checks using Open Policy Agent (OPA). - Linting Rego with... Rego!
This post explores how linters could be useful for Rego, Open Policy Agent's policy language, and how to build a policy linter. - Toward Confidential Cloud Computing - ACM Queue
"Cloud providers systematically encrypt data in transit (on the network) and at rest (on disks and backups) using keys associated with tenants: even if attackers gain access to a data center, they cannot see the plaintext of tenant data unless they also manage to compromise their managed keys. This trend of increasing security in the cloud will continue; the next step is confidential computing, extending hardware-enforced cryptographic protection to data while in use (i.e., during computation)."