Cloud Native News - CNN21/23
About ingress-less K8s clusters, terraform 1.0, SLOs with Sloth, how Netflix uses eBPF flow logs and CVE-2021-31440 container escape using eBPF
CNCF Community & Industry
- Announcing the Gremlin Chaos Engineering Practitioner Certificate Program
They should have called it "Certified Trouble Maker."
Containers & Orchestration
- The Unexploited Opportunity: Cloud Agnostic Managed Kubernetes
"In this article, I list five reasons why it’s time to challenge that status quo, and what a cloud-agnostic managed Kubernetes service both can and should be." - Kubernetes Resource Limits
A visual well explaining guide to resource limits, their meanings, and impact. Learn how to set and configure them right. - Building Ingress-less Kubernetes Clusters
With IPv6, the concept of Ingress, Service, and the LoadBalancer ServiceType types need to be revised. Learn why!
Infrastructure
- Announcing HashiCorp Terraform 1.0 General Availability
This finally marks a major milestone for interoperability, ease of upgrades, and maintenance for your automation workflows. Terraform is a much-underappreciated tool and came a long way since its initial release. - Learn how to manage your functions with kubectl
"Learn an alternative to the OpenFaaS API for managing your serverless functions."
CI/CD
- Giterministic CLI tool
The CLI tool gluing Git, Docker, Helm & Kubernetes with any CI system to implement CI/CD and Giterminism. werf not only builds & deploys but also continuously syncs the current Kubernetes state with changes made in Git.
Observability
- How Netflix uses eBPF flow logs at scale for network insight
Netflix about its network observability tool based on eBPF to capture TCP flows at "near real time" with less than 1% CPU and memory consumption. Unfortunately not open-sourced (yet?). - Grafana 8.0: Unified Grafana and Prometheus alerts, live streaming, new visualizations, and more!
The new Grafana 8 is out with unified alerts, enhanced support for tracing, real-time streaming, and the official support of histograms. - SLOs should be easy, say hi to Sloth
Sloth generates SLOs for Prometheus based on a spec/manifest that scales. It is easy to understand and maintain. - Prometheus vector matching rules visualized A visual guide to the prometheus mathcing rules and the powerful PromQL. + the author has more useful drawings around prometheus!
Security
- CVE-2021-31440: Kubernetes container escape using eBPF
A new vulnerability allows a local privilege escalation, which means an attacker with non-root access to the system can gain higher privileges by exploiting this vulnerability. Learn more about the CVE in this article. - Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments
"Siloscape is heavily obfuscated malware targeting Kubernetes clusters through Windows containers. Its main purpose is to open a backdoor into poorly configured Kubernetes clusters in order to run malicious containers."
Development
- Disasters I've seen in a microservices world
"Distributed systems are hard to grasp, and only recently most software engineers have been consistently exposed to them." - In my opinion, most organizations start too early to distribute services. Premature optimization is the root of all evil.
Photo by Ryunosuke Kikuno on Unsplash