Cloud Native News - CNN21/38
Community
- DoK Day North America 2021 @ KubeCon - Data on Kubernetes Community
"Kubernetes is increasingly used to run databases and other stateful workloads, unlocking new potential for leveraging your data. Join experienced practitioners from the Data on Kubernetes Community (DoKC) who are at the forefront of running data on Kubernetes. Learn the use cases, techniques, and best practices from those who have been there, done that." - It is a 100% virtual event.
Tutorials
- Triggering Terraform Cloud runs from GitHub
Terraform cloud is the managed service of Terraform by HashiCorp, and in this blog, you will learn how to trigger the cloud runs from GitHub to maintain and manage your infrastructure. - Introduction to Hippo: the WebAssembly PaaS
Hippo is an Open Source self-hosted Platform as a Service (PaaS) solution that aims to simplify the development and staging experience. Hippo is powered by WebAssembly, which enables a high level of isolation between your workloads. Β The following site from their article should be enough to raise your interest in it: "10ms to load an application and instantiate the WebAssembly runtime from a cold start". This sounds promising! π₯
Editorial
- Why data scientists shouldn't need to know Kubernetes
Who should know Kubernetes, and to what extend? Lately, it seems to be expected that more and more developers and data scientists are required to understand how to deal with Kubernetes. But: is this correct, or did we fail in implementing a proper abstraction? - How Linkerd uses iptables to transparently route Kubernetes traffic
"This blog post will look at how Linkerd uses iptables to intercept the TCP traffic to and from Kubernetes pods and route it through "sidecar" proxies without the application knowing." - How to mitigate kubelet's CVE-2021-25741: Symlink exchange can allow host filesystem access
Sysdig does once again a fantastic job in explaining a serious Kubernetes CVE. If you cannot yet update your Kubernetes cluster right away, here is a tutorial on how to mitigate it using OPA and Falco.
Tools
- Apache Kafka 3.0 - Major Improvements, Breaking API Changes, and New Features
AK 3.0 introduces significant improvements to KRaft (Kafka's ZooKeeper replacement), KStreams, Kafka Connect, MirrorMaker 2, the strongest producer delivery guarantees, and more. - im2nguyen/rover
"Interactive Terraform visualization. State and configuration explorer." - danielfoehrKn/kubeswitch
"kubeswitch [...] takes Kubeconfig context switching to the next level, catering to operators of large scale Kubernetes installations. Designed as a drop-in replacement for kubectx." - sse-secure-systems/connaisseur
"A Kubernetes admission controller to integrate container image signature verification and trust pinning into a cluster." - great to see more and more development in making container signing more accessible. - datreeio/datree
The CLI integration provides a policy enforcement solution for Kubernetes to run automatic checks on every code change for rule violations and misconfigurations. When rule violations are found, Datree produces an alert that guides the developer to fix the issue inside the CI process β or even earlier as a pre-commit hook β while explaining the reason behind the rule.
π¨ LOOK WHAT SHOWED UP π¨
β Vallery Lancey (@vllry) September 21, 2021
The @NetworkAndK8s book has been a year and a half in the making. Iβm really overwhelmed to be able to hold a copy at last. pic.twitter.com/KtkIBo0iwf
Photo by Tim Marshall on Unsplash