Cloud Native News - CNN21/29
About Aqua Security on container isolation techniques, Changing Kubernetes release cadence, automatic node remediation via Sciuro, and the everlasting question: is Kubernetes too complex to be productive?
CNCF Community & Industry
- Kubernetes Release Cadence Change: Here’s What You Need To Know
The Kubernetes release cycle changes from four releases a year to three releases a year. This blog post provides a high-level overview of what this means for the Kubernetes community's contributors and maintainers. What's changing and starting with the Kubernetes 1.22 release, a lightweight policy will drive the creation of each release schedule. - Krustlet Brings WebAssembly to Kubernetes with a Rust-Based Kubelet
WebAssembly is going to be a big thing not only in the frontend but also in the backend. I bet in the future, we will see it adopted in many use cases where containers are used today. This article gives a little more context about the relevance of WebAssembly and "Krustlet", a kubelet pendant to operate WebAssembly workloads. - Kubernetes is our generation's Multics
Is Kubernetes unproductive and too complex to operate securely? Will it eventually be replaced by something simpler? If you are eager to discuss, an interesting HN Discussion is going on.
Containers & Orchestration
- How etcd works with and without Kubernetes
"Even though etcd is at the heart of how Kubernetes works, it's rare to interact with it directly on a day-to-day basis." - In this article, you will learn why and how Kubernetes uses etcd as a database. - What Are Namespaces and cgroups, and How Do They Work?
"Namespaces and cgroups are the building blocks for containers and modern applications. Having an understanding of how they work is important as we refactor applications to more modern architectures." - Word. - Running Duplicate Batch Jobs in HashiCorp Nomad
Two approaches to injecting variability into your Nomad batch job template without having to modify the template in the future. - Automatic Remediation of Kubernetes Nodes
This post makes a case for a new Open Source tool called Sciuro, used and written by Cloudflare to automatically mitigate node failures. It is meant to replace the famous node-problem-detector, so it is probably worth a closer look!
Security
- Container Isolation Techniques Part One & Two
Setting up containers as security boundary is a nontrivial task. Aqua Security describes the challenges in part one and possible solutions in part two of their series about container isolation. - Enforcing Image Trust on Docker Containers using Notary
This blog post discusses implementing container image trust in Docker using Notary. It furthermore explains what options you have to achieve something similar in Kubernetes. - Upgrade Helm if You Don’t Want to Share Your Username and Password
There is a Helm CVE-2021-32690 which describes a situation where username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository. This is fixed in v3.6.1 - better do the update to be on the secure side!
Networking
- Kubernetes Semaphore: A modular and nonintrusive framework for cross-cluster communication
"Having an environment span 3 clusters across 3 different providers (AWS, GCP and on-prem), we want applications running in different clusters to be able to communicate to each other." - if you have similar problems, this article might be good for you! - An Istio/mutual TLS debugging story
A nice war story about debugging Istios mTLS.
Development
- Admission Control: A helpful micro-framework for Kubernetes · questionable services
"Admission Control is a micro-framework [...] for building and deploying dynamic admission controllers for your Kubernetes clusters. It reduces the boilerplate needed to inspect, validate and/or reject the admission of objects to your cluster, allowing you to focus on writing the specific business logic you want to enforce." - Learn how to simplify application management with Operators with the CNCF Operator White Paper from TAG App Delivery
Because of the growing popularity of Kubernetes Operators, the Operator Working Group (TAG App Delivery) has created a White Paper to help end-users and software vendors adopt operators to simplify application delivery and operations.
Other
- Talos OS v0.11 Updates! - Talos Systems
My new favorite project just got an update! - DevOps and Cloud InfoQ Trends Report - July 2021
"This article summarizes how we [InfoQ] see the "cloud computing and DevOps" space in 2021, which focuses on fundamental infrastructure and operational patterns, the realization of patterns in technology frameworks, and the design processes and skills that a software architect or engineer must cultivate." - Podcast: Committing to Cloud Native
A Cloud-Native Podcast that explores the confluence of open source and cloud-native. The guests include members of CNCF projects, maintainers working on projects at scale at places like Google, Amazon, and NASA, and community members contributing back to awesome projects in the cloud-native ecosystem.
Photo by Mihai Moisa on Unsplash