Cloud Native News - CNN21/42
About the future of shipping infrastructure alongside software, CUE - a new language for data validation, how to debug K8s with 8 commands and the ingress-nginx CVE-2021-25742
Editorial
- Infrastructure in Your Software Packages
Terraform's Law: the larger an organization grows, the more the process for deploying applications and provisioning infrastructure diverges. This post explores what a future of shipping infrastructure alongside software may look like by detailing where we are today and evaluating how software delivery has evolved over time. - A look inside how the Prometheus Conformance Program works and why it's important
"Is that service really Prometheus friendly? The new Prometheus Conformance Program helps answer that question." - 3 Reasons to Choose a Wide Cluster over Multi-Cluster with Kubernetes
"There are certainly many other considerations, but this should serve as a quick primer." - as this I consider it "ok" ;)
Tools
- Cue: A new language for data validation
The very promising CUE project had its first Live Town Hall this week, discussing a high-level review of the roadmap, upcoming releases, and major proposals. Find the recording on YouTube! - Kyverno Fundamentals Certification
"This Kyverno Fundamentals Certification will test you the basic concepts of Kyverno, along with installation, policy definitions, results, and security." - It's free, so why not?
Tutorials
- How to Deploy a Highly Available WireGuard® Network Management Server on Kubernetes
A WireGuard Network Management solution based on Netmaker. Probably something a few of you are looking for? - Living with Kubernetes: Debug Clusters in 8 Commands
Probably not sufficient to find complex root causes, but the proposed commands are indeed the ones I find myself often using to investigate a problem :)
A little bonus from our side: kubectl run netshoot --image=nicolaka/netshoot -- /bin/sh -c 'sleep infinity'
Other
- CVE-2021-25742: Ingress-nginx custom snippets allow retrieval of ingress-nginx serviceaccount token and secrets across all namespaces · Issue #7837 · kubernetes/ingress-nginx
"A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster." Whoops! - A guide to choosing an Ingress Controller, part 1: identify your requirements
How do you find a suitable ingress controller? What are the requirements you have to take into account? Are there things you maybe didn't consider? This guide gets you started to identify your needs, compares different options and how future-proofed some options are. (handle with care, it's a bit nginx opinionated) - Deleting an S3 Bucket Costs Money
I bet you rarely consider the costs of deprovisioning infrastructure. In fact, deleting an S3 bucket introduces unexpected costs because you first need to delete every single object before getting rid of the bucket itself.
Photo by Suzanne Emily O’Connor on Unsplash