Cloud Native News - CNN21/16

CNCF Community & Industry

• 4 cloud-native trends to watch at Kubecon + CloudNativeCon Europe
  "Watch these sessions to learn how hands-on experts solved some thorny native-cloud problems in the areas of systems resilience, GitOps, and others."

Infrastructure

• Announcing Pulumi 3.0
  Pulumi hits another milestone!

Networking

• Hunting down the stuck BGP routes
  A surprisingly visual explanation to an edge case in the BGP protocol leading to stuck routes.
• Evolving Kubernetes networking with the Gateway API
  "... five years after the creation of Ingress, there are signs of fragmentation into different but strikingly similar CRDs and overloaded annotations. The same portability that made Ingress pervasive also limited its future." - Gateway API to the rescue!
• Upcoming networking changes in Istio 1.10
  "Starting with Istio 1.10, the networking behavior is changed to align with the standard behavior present in Kubernetes." - you might be impacted - intentionally or accidentally!

Containers & Orchestration

• Living with Kubernetes: Cluster Upgrades
  A discussion of high-level patterns of Kubernetes cluster upgrades - with nice visuals :)
• Annotating Kubernetes Services for Humans
  Are you a cluster administrator and ever wondered "who the hell owns this service?". The blog post covers a nice proposal to manage Kubernetes service annotations.
• loft.sh - vcluster
  loft.sh introduced vcluster: "Create fully functional virtual Kubernetes clusters - Each cluster runs inside a Kubernetes namespace and can be started within seconds".
• Heroku-style deployments with Docker and git tags
  An opinionated but "simple" approach to zero-downtime container deploys based on git-tags. Always nice to read how "the others" are doing it.

Security

• Revealing the secrets of Kubernetes secrets
  This article is a nice overview of different layers that need to handle Kubernetes secrets securely.
• Falcosidekick + OpenFaas = a Kubernetes Response Engine, Part 2
  Falcosidekick now does not only work with kubeless, but also with OpenFaaS. We are pleased to see ongoing development in this area and excited about the things that might come!
• Kyverno Policies
  A set of predefined policies based on Kyverno. Kyverno is a Kubernetes-based alternative solution to (Open Policy Agent's) Gatekeeper which works with yaml-based and therefore readable policy descriptions.

Photo by Marvin Meyer on Unsplash