Cloud Native News - CNN21/14
Power to the community - Kubernetes 1.21 released, Docker without Docker, ArgoCD v2 with new major features, K8s SSO with Keycloak & OpenLDAP
CNCF Community & Industry
- The Distributed Operating System Void
Thoughts on missing parts at the node level below “kubernetesland” by Kris Nova.
Containers & Orchestration
- PodSecurityPolicy Deprecation: Past, Present, and Future
With the Kubernetes release v1.21, the PSPs enter the depreciation lifecycle before they are removed in K8s v1.25. Why is this happening? Well, others (OPA, Kyverno) are better at managing policies and applying validations or mutations. - Kubernetes Single Sign-On - A detailed guide
The full solution uses Keycloak, backed by OpenLDAP, and enables OIDC based SSO for kubectl. - Kubernetes 1.21: Power to the Community
Kubernetes 1.21, the first release of 2021, is out. This release consists of 51 enhancements: 13 enhancements have graduated to stable, 16 enhancements are moving to beta, 20 enhancements are entering alpha, and 2 features have been deprecated. This release cycle saw a major shift in ownership of processes around the release team. - What’s new in MicroK8s v1.21?
Kubernetes v1.21 has been released this week. This post is not about what's new in Kubernetes, but the news of MicroK8s, a distribution targeting workstations, edge, and CI/CD workflows. - Docker without Docker
Using containers for workload isolation is an established standard. However, it is known that isolation, as provided by container runtimes, isn't super strong. Here is how Fly.io uses the best of OCI and integrates it with AWS Firecracker.
Development
- Practical Go Lessons
A free and open Go book as a website.
CI/CD
- Argo CD 2.0 Released!
Argo CD 2.0 is the first major release in over a year comes fully packed with some hot new features: Cross-cluster application management with application sets, rich notifications framework, better UI visibility for large applications with pod view, and many more - Announcing HashiCorp Waypoint 0.3
"Git repository polling and remote runners come to HashiCorp Waypoint to enable powerful workflows such as GitOps, along with more major improvements."
Security
- CNCF Provides Insights into Secrets Management Tools with Latest End User Technology Radar
A new quarter a new CNCF end-user technology radar: Secrets Management Tools. The radar describes the adoption of several secrets and sensitive data management solutions throughout major end-users of the cloud-native tech stack. - ory/keto
Ory Keto is the first and only open-source implementation of "Zanzibar: Google's Consistent, Global Authorization System". It integrates perfectly with other Ory products and is, therefore, a building block for a holistic identity platform.
Networking
- Generating Kubernetes Network Policies By Sniffing Network Traffic
"This blog post is about an experiment to automate the creation of Kubernetes Network Policies based on actual network traffic captured from applications running on a Kubernetes cluster." - An interesting approach.
Storage
- Kubernetes Storage Options Can Be Overwhelming — Pick the Right One
"A new open-source project called Kubestr provides a simple way to identify, validate and evaluate storage options for Kubernetes applications. Kubestr can evaluate the relative performance levels of various storage configurations across cloud providers."
Observability
- How we use meta monitoring. Prometheus servers to monitor all other Prometheus servers at Grafana Labs
"If you rely on Prometheus for your monitoring, what is monitoring Prometheus?" Here’s the story of how Grafana Labs solved this.
Photo by Nicolas Lobos on Unsplash