Cloud Native News - CNN21/15

CNCF & Community

• ‘Master,’ ‘Slave’ and the Fight Over Offensive Terms in Computing
  Offensive terms have often a history-based root, slowly sneaked into our everyday language without questioning the meaning of the terms. The tech community pushes the last months to wipe out offending terms, being more inclusive and set a sign against these words.
• Cilium proposed as an Incubation project - leave a like!
  Thomas Graf and the Cilium community proposed cilium as an incubating project to the CNCF. As the hotshot CNI an awesome move to see! Leave them a like and love.

Observability

• Introducing OpenSearch
  Introducing the OpenSearch project, a community-driven, open source fork of Elasticsearch and Kibana. This initiative mainly driven by Amazon after the license change from Elastic should keep elasticsearch & kibana under a public and open source license, not restricting anyone what and where it can be used.

Networking

• Simplifying multi-clusters in Kubernetes
  This article gives a very good introduction to multi-cluster K8s approaches and pros & cons of the different implementations. However, it focuses on Liqo: The idea behind Liqo is to make multi-cluster topology a single-step operation for cluster administrators. And it looks very promising.

Containers & Orchestration

• How Flant upgraded 150+ of Kubernetes clusters from v1.16 to v1.19
  Flant describes their approach to upgrade over 150 K8s clusters from 1.16 to 1.19, the things they have learned and how they will proceed to move to the next upcoming versions.
• Scaling Kubernetes with Assurance at Pinterest
  With the governance, resilience, and operability efforts, Pinterest was able to significantly reduce sudden usage surges of compute resources, control plane bandwidth, and ensure the stability and performance of the whole platform. The kube-apiserver QPS (mostly read) is reduced by 90% after optimization rollout, which makes kube-apiserver usage more stable, efficient, and robust. These are insane results, a must-read if you scale big!
• Three Tenancy Models For Kubernetes
  "Tenancy" is more than multi-tenancy, that's why Kubernetes supports or allows various approaches: Namespaces, Clusters and Control Planes as a Service. The Kubernetes multi-tenancy workgroup introduces in this blog multiple approaches and guides you to find the right way for your use case.

Security

• Mitigating CVE-2021-20291: DoS affecting CRI-O and Podman
  The CVE-2021-20291 medium-level vulnerability has been found in containers/storage Go library, leading to Denial of Service (DoS) when vulnerable container engines pull an injected image from a registry. Here is how to mitigate this CVE
• Kubesploit: A New Offensive Tool for Testing Containerized Environments
  Kubesploit is a framework written in Golang and builds on top of the Merlin project (by Russel Van Tuyl), a cross-platform post-exploitation HTTP/2 Command & Control server and agent.
• Defend the Core: Kubernetes Security at Every Layer
  "Containers are transforming software development. As the new foundation for CI/CD, containers give you a fast, flexible way to deploy apps, APIs, and microservices with the scalability and performance digital success depend on. But containers and container orchestration tools such as Kubernetes are also popular targets for hackers" - Understood the 5 layers you have to protect

Photo by Nick Fewings on Unsplash