Cloud Native News - CNN21/33
CNCF & Community
KEDA moves from the CNCF Sandbox to become an incubating project
The CNCF Technical Oversight Committee (TOC) has voted to accept KEDA as a CNCF incubating project.
Kubernetes Event-Driven Autoscaling (KEDA) is a single-purpose event-driven autoscaler for Kubernetes that can be easily added to Kubernetes clusters to scale applications. It aims to simplify application autoscaling and optimize for cost by supporting scale-to-zero.
Networking
Getting started using cert-manager with the sig-network Gateway API
The Gateway API, introduced by the sig-network community, is a new API that aims at replacing the Ingress API. In this guide, Jetstack will walk you through the installation of cert-manager, ExternalDNS and Traefik to deploy a simple service using the Gateway API.
Containers & Orchestration
Part IV: Into the Cluster
How does a Kubernetes cluster look like? Sure there are nodes, but how does it work? Understand all the major components of the Kubernetes system in this with illustrations supported post.
Building container images with Nix
Nix captures all required packages of your software and allows you with this information to build customized container images only containing the minimum of needed dependencies.
Mutating Kubernetes resources with Gatekeeper
Gatekeeper is a Kubernetes policy controller that allows you to define policy to enforce which fields and values are permitted in Kubernetes resources. Gatekeeper has recently introduced the ability to mutate resources. Mutation means that policy can change Kubernetes resources based on different criteria.
Smallest distroless nginx container < alpine
In this post, we will see how to make most smallest nginx docker container which is even going to be smaller than alpine nginx.
Security
It’s About Time for Runtime: 2021 Cloud Native Security Survey
Container runtime security protects against sophisticated attacks evading static analysis and is a critical part of holistic cloud native security. The survey results should help DevOps teams, Security and IT departments to understand the real challenges they face when trying to secure cloud native applications.
How to Secure Containers with Cosign and Distroless Images
This short article gives a good introduction to how to use disstroless images and cossign. The need for Cosign is because even with the distroless images there is a chance of facing some security threats such as typosquatting attacks, or receiving a malicious image. If the distroless build process is compromised, it makes users vulnerable to accidentally using the malicious image instead of the actual distroless image.
How to secure your Kubernetes control plane and node components
The control plane is responsible for controlling the cluster. Acting as the nerve center of a Kubernetes cluster, the control plane manages the cluster state and configuration data. However, the control plane is highly susceptible to abuse from attackers because it is not easy to configure.
Development
Stupid Simple WebAssembly
In this blog post, Rancher will introduce you to WebAssembly. It starts with a history lesson on the Assembly language, which was created to make programming easier and boost productivity. Then move on to WebAssemby, a descendent of Assembly, and cover what it is, the problems it solves and how it does that.
Tools
metacontroller/metacontroller
"Metacontroller is an add-on for Kubernetes that makes it easy to write and deploy custom controllers in the form of simple scripts."
Other
Kubernetes Podcast from Google: Episode 159 - Talos, with Andrew Rynhard
In this episode, Andrew Rynhard is telling about the Talos and the Talos operating system, how he came to the idea and what he wants to achieve in the future. Worth listening to it and learning about one of the most promising projects on the market.
A Beginner's Practical Guide to Containerisation and Chaos Engineering with LitmusChaos 2.0
LitmusChaos 2.0 arrived, in this short series, you will learn how to get started.
Photo by Michael Dziedzic on Unsplash