Cloud Native News - CNN21/21
About service mesh benchmarking, a v1.0 release of Argo Rollouts, solid SRE practices, and abusing ConfigMaps as OCI Image Cache.
CNCF Community & Industry
- Virtual Cloud Native Students
Join the Official Cloud-Native Students Community group. A place for everyone to learn, grow, network, and collaborate.
Containers & Orchestration
- Using a ConfigMap as an OCI Image Cache
Daniel Mangum shows in this short post how he stores, as an experiment, OCI images in a Configmap in Kubernetes. This reduces the burden of running too many components for Crossplane and simplifies the hosting. - Using Kubernetes to rethink your system architecture and ease technical debt
"When you're weighing the risk and reward of replacing architecture, it can take several attempts to find a solution that works for you." - Confucius, an ancient Chinese philosopher. - open-cluster-management/policy-collection
A valuable collection of policy examples for Open Cluster Management
Observability
- Why (and how) GitHub is adopting OpenTelemetry
GitHub implements OpenTelemetry to allow you are gaining tracing insights into your application. OpenTelemetry introduces a standard, vendor-neutral format for telemetry signals: OTLP. It also enables telemetry signals to be easily correlated with each other.
Security
- TeamTNT Targets Kubernetes, Nearly 50,000 IPs Compromised in Worm-like Attack
Trendmicro found and confirmed close to 50,000 IPs compromised by this attack perpetrated by TeamTNT across multiple clusters. A simple solution applies here: don't let your KubeAPI hang around on the public internet... Yep, it's easy as that!
Development
- Kubernetes Schema Validation
"Specialized tools and a "shift-left" approach make it possible to verify a Kubernetes schema before they're applied to a cluster. In this article, I'll address how you can avoid misconfigurations and which tools are best to use."
Networking
- Benchmarking Linkerd and Istio
The team around Buoyant repeated their performance experiments with the latest versions of Linkerd and Istio projects. The results show that Linkerd not only remains dramatically faster than Istio but now also consumes an order of magnitude less data plane memory and CPU while doing so. What a success!
CI/CD
- Introducing Argo Rollouts v1.0. Progressive delivery done right!
The Argo team launches Argo Rollouts v1.0, a tool supporting you in different styles of deploying your containers. To foster automation, the focus lies on progressive delivery, a metrics-based rollout, and traffic shift. This requires a solid integration into your network. The Argo project team managed to integrate with an extensive selection of service meshes and metric providers.
Other
- Four steps to jumpstarting your SRE practice
Read about Google's four first tiny steps to SREism. Looking at the fourth step, I think this is where most companies don't pay attention too.
tried something new and wrote an LPE exploit for CVE-2021-3490, a bug in the Linux Kernel eBPF verifier. was fun and learned a lot - blog post + PoC coming soon. happy memorial day! pic.twitter.com/6kKWX2jw5W
— chompie (@chompie1337) May 29, 2021
Photo by Maarten van den Heuvel on Unsplash