News

Cilium 1.12 GA: Cilium Service Mesh and other major new features for enterprise Kubernetes — www.cncf.io

The Cilium Project is excited to announce the general availability of Cilium 1.12.

Exploring Cilium Layer 7 Capabilities Compared to Istio — www.solo.io

Learn about the differences between Layer 7 security in Cilium vs. Layer 7 security in Istio

How to apply GitOps to everything with Crossplane and Flux — www.cncf.io

Diagram as Code — blog.bytebytego.com 6 different ways to turn code into beautiful architecture diagrams

Amazon Prime Day 2022 — aws.amazon.com

SQS 70.5 million messages per second

Kernel Pwning with eBPF: a Love Story We cover the basics of eBPF and the verifier component, which is supposed to make sure the code is safe to run.

Assets

GitHub - awslabs/git-secrets — github.com

Prevents you from committing secrets

GitHub - trufflesecurity/trufflehog — github.com

Find credentials all over the place.

Know. Before it matters — canarytokens.org

Canarytokens is a free tool that helps you discover you’ve been breached by having attackers announce themselves.

AWS Console open source: React components for Cloudscape Design System — github.com

React components for Cloudscape Design System.

Skills

How to design better APIs — r.bluethl.net 15 language-agnostic, actionable tips on REST API design

An Overview of Distributed Caching — learncsdesign.medium.com

CPUs that run your applications have fast, multilevel hardware caches to reduce main memory access times. S

Don't forget to join me every Friday to discuss a Kubernetes book in our BookClub, this week we are discussing Chapter 8 "Policy" from the Hacking Kubernetes book.

Hope you're not melting with this hot summer, stay hydrated.

News

Demystifying the Kubernetes Iceberg: Part 8 | Anton Sankov's Blog — asankov.dev Kubernetes is like an iceberg. You learn the basics, only to see there is a lot more to learn. The more you learn, the more you see there is to know. This series of articles explains all the concepts listed in the "Kubernetes Iceberg" diagram by Flant.

Kubernetes Podcast from Google: Episode 185 - Writing, Learning and Tech, with Ian Miell — kubernetespodcast.com Ian Miell is a partner at consultancy Container Solutions, and an author of books on Bash, Git, Terraform and Docker. He explains to Craig how writing - whether runbooks, blog posts, training courses, or "real" books, can help you learn and make your team more effective.

Operating efficiently at scale. By Brian Armstrong, CEO and Co-founder | by Coinbase | Jul, 2022 | The Coinbase Blog — blog.coinbase.com As companies scale, they usually slow down and become less efficient. It takes more dollars, more people and more time to get anything done. Coordination headwinds increase, vetocracies emerge, risk…

SLSA • General Availability of SLSA 3 Go native builder for GitHub Actions — slsa.dev A couple of months ago, Google and GitHub demonstrated how to generate non-forgeable SLSA 3 provenance for packages/binaries created via GitHub Actions (1, 2). Since then, we’ve been working hard to turn the reference example into a production-ready system for everyone to use. Today, we’re announcing the v1 release of the trusted builders that can be used in GitHub Actions and verification tools.

Optimizing CI/CD Credential Hygiene - A Comparison of CI/CD Solutions - Cider Security Site — www.cidersecurity.io Attackers are always on the lookout to gain access to credentials, which are a critical asset to protect and are widespread throughout the organization.

Use Cases and Tips for Using the BusyBox Docker Official Image - Docker — www.docker.com The BusyBox Docker Official Image can help jumpstart your next Linux development project. Learn about use cases, best practices, and setup, here.

Minimal Container Images: Towards a More Secure Future — blog.chainguard.dev This post walks through the typical approaches in this space — minimal distributions, scratch and “distroless” — finishing with a look at Chainguard’s new, improved version of distroless.

Why Mercedes-Benz runs on 900 Kubernetes clusters | InfoWorld — www.infoworld.com The German automaker runs a massive fleet of Kubernetes clusters to support a wide range of project teams around the world. ‘For us, managing Kubernetes is not that hard.’

Assets

GitHub - infracost/infracost: Cloud cost estimates for Terraform in pull requests💰📉 Love your cloud bill! — github.com Cloud cost estimates for Terraform in pull requests💰📉 Love your cloud bill! - GitHub - infracost/infracost: Cloud cost estimates for Terraform in pull requests💰📉 Love your cloud bill!

Showing how to go from source code to container image using melange+apko — github.com

Demo app duplicated in 5 languages (Go/JavaScript/Python/Ruby/Rust) showing how to go from source code to container image using melange+apko

GitHub - fonoster/fonoster: 🚀 The open-source alternative to Twilio — github.com 🚀 The open-source alternative to Twilio. Contribute to fonoster/fonoster development by creating an account on GitHub.

GitHub - mingrammer/diagrams: Diagram as Code for prototyping cloud system architectures — github.com :art: Diagram as Code for prototyping cloud system architectures - GitHub - mingrammer/diagrams: Diagram as Code for prototyping cloud system architectures

Skills

Living with Kubernetes: 12 Commands to Debug Your Workloads – The New Stack — thenewstack.io Kubernetes can’t fix broken code. But if your container won’t start or the application gets intermittent errors, here’s where you can start.

Fixing the Developer Experience of Kubernetes Port Forwarding – Inlets – The Cloud Native Tunnel — inlets.dev Alex shows you some of the frustrations of using kubectl for port-forwarding and how to fix the developer experience.

How to Deploy Java Microservices on Amazon EKS Using Terraform and Kubernetes | Okta Developer — developer.okta.com Deploy a cloud-native Java microservice stack on Amazon EKS using Terraform and Kubernetes.

News

Scaling Container Technologies at Coinbase with Kubernetes — blog.coinbase.com Tl;dr: Our recent evaluation of Kubernetes underscored its suitability for scaling Coinbase into the future. In the past, a migration to Kubernetes raised concerns due to the operational burden of…

Chainguard Secure Software Supply Chain Images Arrive — thenewstack.io

Chainguard Images, are container base images designed for a secure software supply chain.

How to manage Kubernetes secrets with GitOps? | Akuity — akuity.io How to manage Kubernetes secrets with GitOps? Your guide on selecting a proper method.

Breaking Changes in Argo CD 2.4. — blog.argoproj.io

Argo CD 2.4 includes some awesome improvements and also gave the Argo CD team an opportunity to clean up some tech debt.

PyPI package 'keep' mistakenly included a password stealer — www.bleepingcomputer.com PyPI packages 'keep,' 'pyanxdns,' 'api-res-py' were found to contain a password-stealer and a backdoor due to the presence of malicious 'request' dependency within some versions.

Introducing Envoy Gateway. Today we are thrilled to announce Envoy — blog.envoyproxy.io Today we are thrilled to announce Envoy Gateway, a new member of the Envoy Proxy family aimed at significantly decreasing the barrier to entry when using Envoy for API Gateway (sometimes known as…

Oops, That Almost Happened - Jeli — www.jeli.io

At this point you’ve seen all the reasons why learning from incidents is good for you and your org.

GitHub brings supply chain security features to the Rust community | The GitHub Blog — github.blog The Rust community can now discover, report, and prevent security vulnerabilities.

Introducing Gitsign. Keyless Git commit signing — blog.sigstore.dev

With Gitsign, we aim to bring the best of Sigstore to Git with “keyless” signing and transparency log support 

The Surreal Case of a C.I.A. Hacker’s Revenge | The New Yorker — www.newyorker.com A hot-headed coder is accused of exposing the agency’s hacking arsenal. Did he betray his country because he was pissed off at his colleagues?

Scalable self-hosted runner system for GitHub actions — hectormrejia.medium.com

Hello everyone! This article is intended for organizations that develop on private repositories and the minutes available from GitHub are not enough for their CI/CD needs.

Assets

GitHub - iovisor/bcc: — github.com

BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more -

GitHub - kubeshop/testkube: ☸️ — github.com ☸️ Kubernetes-native framework for test definition and execution - GitHub - kubeshop/testkube: ☸️ Kubernetes-native framework for test definition and execution

GitHub - redhat-developer/vscode-didact — github.com

Framework and tools for providing interactive tutorials with active links that call VS Code commandson markdown

WireGuard Transparent Encryption — Cilium 1.11.5 documentation This guide explains how to configure Cilium with transparent encryption of traffic between Cilium-managed endpoints using WireGuard®.

Reproducible Builds — reproducible-builds.org Reproducible builds are a set of software development practices that create an independently-verifiable path from source to binary code.

reprotest · PyPI — pypi.org Build packages and check them for reproducibility.

Skills

How NAT traversal works · Tailscale — tailscale.com In this post, we’ll talk about how to establish a peer-to-peer connection between two machines, in spite of all the obstacles in the way.

How to Troubleshoot Applications on Kubernetes — blog.alexellis.io Learn how to troubleshoot applications on Kubernetes. Because if it's not working, wouldn't it be great if you could find out why and fix it yourself?

How Go Mitigates Supply Chain Attacks - The Go Programming Language — go.dev Go tooling and design help mitigate supply chain attacks at various stages.

Kubernetes Workload Identity with AWS SDK for Go v2 | by Jimmy Ray | Jun, 2022 | Medium — blog.jimmyray.io In the context of Cloud Service Providers (CSP), a Kubernetes workload identity is the concept of pods assuming authenticated principals, to perform operations using CSP services. When using Amazon…

Escaping the Nested Doll with Tailscale — raesene.github.io

I came across a scenario recently (for a workshop in Kubecon) where I needed to access a GUI application deployed in a KinD cluster running in an EC2 instance on AWS, from my laptop.

We resume the Kubernetes BookClub this week, we are reading the Hacking Kubernetes book and will discuss Chapter 3 on June 3rd. If you want to join get an invite here https://www.santana.dev/book-club

News

Letter in Support of Responsible Fintech Policy — concerned.tech Dear Members of Senate Finance Committee...

Chainguard raises $50M Series A for supply chain security – TechCrunch — techcrunch.com Software supply chain startup Chainguard today announced that it has raised a $50 million Series A led by Sequoia.

Announcing the Refreshed Cloud Native Security Whitepaper | Cloud Native Computing Foundation — www.cncf.io The CNCF Security Technical Advisory Group (TAG) has just released a refreshed Cloud Native Security Whitepaper v2 to help educate the community about best…

Graviton 3: First Impressions – Chips and Cheese — chipsandcheese.com

In late May of 2022, AWS released Graviton 3 to the general public. Graviton 3 was the first ARM CPU to introduce the SVE instruction set to a widely accessible server CPU.

KubeCon EU 2022 Summary: Cloud Novices, Golden Paths, and Software Supply Chains | by Daniel Bryant | May, 2022 | Ambassador Labs — blog.getambassador.io Summary of KubeCon EU 2022 in Valencia, with a focus on cloud education, golden paths and platform engineering, and security and software supply chains

Breaking Into Cloud Security - Nick Jones

Cloud security is an area of the industry with some of the biggest skill shortages.

What Made GoLang So Popular? The Language’s Creators Look Back – The New Stack — thenewstack.io

Since the day it was open sourced in 2009, the Go programming language has consistently grown in popularity.

How To Start Programming In Go: Advice For Fellow DevOps Engineers — iximiuz.com "Starting programming", "Starting programming in Go", and "Starting programming Kubernetes controllers in Go" are there different challenges with the exponentially increasing level of complexity.

Introducing DigitalOcean Functions: A powerful serverless computing solution — www.digitalocean.com DigitalOcean is committed to providing products that serve developers throughout their journey, and access to serverless computing has been one of the most popular requests from DigitalOcean users ...

The Open Future : Spotify Engineering — engineering.atspotify.com Spotify’s official technology blog

Kubernetes Annual Report 2021 | Cloud Native Computing Foundation — www.cncf.io This is a summary of the Kubernetes project’s contributor community and activities. This report documents both quantitative measures of community health…

Announcing the First Images Designed for a Secure Software Supply Chain — blog.chainguard.dev We’re building a suite of products with the goal of simplifying security for all developers.

npm security update: Attack campaign using stolen OAuth tokens | The GitHub Blog — github.blog npm's impact analysis of the attack campaign using stolen OAuth tokens and additional findings.

Red Hat Releases Open Source StackRox to the Community — cloud.redhat.com

Today, Red Hat is excited to announce that Red Hat Advanced Cluster Security for Kubernetes (RHACS) is now open sourced as StackRox.

Five Things to Prepare for Cgroup v2 with Kubernetes - Kintone Engineering Blog — blog.kintone.io

By Daichi Sakaue (@yokaze) Above all the effort of the community, Kubernetes is now ready to run with cgroup v2.

Jetstack Helps Turn Security Policies into Actions – The New Stack — thenewstack.io Jetstack, a cloud native security company, has released its Jetstack software supply chain toolkit -- a comprehensive, web-based interactive program for securing software supply chains.

Assets

ttl.sh | An anonymous & ephemeral (and free) Docker image registry An anonymous & ephemeral (and free) Docker image registry.

GitHub - chainguard-dev/ssc-reading-list: A reading list for software supply-chain security. — github.com A reading list for software supply-chain security. - GitHub - chainguard-dev/ssc-reading-list: A reading list for software supply-chain security.

Creates PolicyReports based on the different Trivy Operator CRDs like VulnerabilityReports — github.com Creates PolicyReports based on the different Trivy Operator CRDs like VulnerabilityReports - GitHub - fjogeleit/trivy-operator-polr-adapter: Creates PolicyReports based on the different Trivy Operator CRDs like VulnerabilityReports

GitHub - ContainerSolutions/delayed-jobs-operator — github.com Contribute to ContainerSolutions/delayed-jobs-operator development by creating an account on GitHub.

GitHub - iovisor/bcc: BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more — github.com BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more - GitHub - iovisor/bcc: BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more

Skills

Getting GitOps: A practical platform with OpenShift, Argo CD, and Tekton | Red Hat Developer — developers.redhat.com A practical guide through the jungle of modern development with Kubernetes, with a focus on application distribution via continuous integration/continuous delivery (CI/CD) and GitOps on Red Hat OpenShift.

Introducing native support for OpenTelemetry in Jaeger | by Yuri Shkuro | JaegerTracing | May, 2022 | Medium — medium.com The latest Jaeger v1.35 release introduced the ability to receive OpenTelemetry trace data via the OpenTelemetry Protocol (OTLP), which all OpenTelemetry SDKs are required to support. This is a…

Migrations Done Well: Typical Migration Approaches - The Pragmatic Engineer — blog.pragmaticengineer.com A guide for executing migrations well, at both small and large scales.

Control Group APIs and Delegation Intended audience: hackers working on userspace subsystems that require direct cgroup access, such as container managers and similar.

If you plan to be at KubeConEU at Valencia and see me, don't be a stranger and come say hello and let's take a selfie together. I missed selfies at conferences 😭

News

Kubernetes 1.24: Stargazer | Kubernetes — kubernetes.io

Authors: Kubernetes 1.24 Release Team We are excited to announce the release of Kubernetes 1.24, the first release of 2022! This release consists of 46 enhancements:

A Community Group for Web-interoperable JavaScript runtimes — blog.cloudflare.com Cloudflare is excited to be a part of the launch of the Web-interoperable Runtimes Community Group, a new effort that brings contributors from Cloudflare Workers, Deno, and Node.js together to collaborate on common Web platform API standards.

Argo CD v2.4 release candidate — blog.argoproj.io It has been three months since the v2.3 release. A perfect time for a new release candidate that brings a set of fantastic Argo CD improvements! More than 80 contributors worked hard on building new…

Next-Generation Mutual Authentication with Cilium Service Mesh — isovalent.com Introduction to Mutual Authentication with Cilium & Cilium Service Mesh

The secret gems behind building container images, Enter: BuildKit & Docker Buildx — kubesimplify.com In this post, we discussed various things about Buildkit, its internals, how to interact with BuildKit and its benefits in container image building. Feel fr

Apple, Google and Microsoft Commit to Expanded Support for FIDO Standard to Accelerate Availability of Passwordless Sign-Ins - FIDO Alliance — fidoalliance.org Faster, easier and more secure sign-ins will be available to consumers across leading devices and platforms  Mountain View, California, MAY 5, 2022  – In a joint effort to make the web […]

Kubernetes Gateway API — A successor to existing Kubernetes Ingress! — sanjimoh.medium.com The Ingress resource created a diverse ecosystem of Ingress controllers which were used across hundreds of thousands of clusters in a standardised & consistent way that helped users to adopt…

Logbook - 2022-05-05 · Fly — fly.io What's new at Fly,io

Assets

GitHub - stern/stern: ⎈ Multi pod and container log tailing for Kubernetes — github.com

⎈ Multi pod and container log tailing for Kubernetes

GitHub - Shopify/kubeaudit: kubeaudit helps you audit your Kubernetes clusters against common security controls — github.com kubeaudit helps you audit your Kubernetes clusters against common security controls - GitHub - Shopify/kubeaudit: kubeaudit helps you audit your Kubernetes clusters against common security controls

GitHub - go-gitea/gitea: Git with a cup of tea, painless self-hosted git service — github.com Git with a cup of tea, painless self-hosted git service - GitHub - go-gitea/gitea: Git with a cup of tea, painless self-hosted git service

GitHub - controlplaneio/kubesec: Security risk analysis for Kubernetes resources — github.com Security risk analysis for Kubernetes resources. Contribute to controlplaneio/kubesec development by creating an account on GitHub.

Skills

sigstore, the local way — blog.chainguard.dev

If you've been following the Chainguard blog, you might ask yourself: how do I run the open-source sigstore stack on my machine?

Automatic SBOMs with ko — blog.chainguard.dev

For those unfamiliar with ko, it “is a simple, fast container image builder for Go applications;” its objective is to enable developers to stop worrying about containers and focus on their application. 

I will be leading up Release Notes v1.25 and we are still accepting shadow applications until May 6th.

This newsletter edition is heavier on assets than news since I suspect a lot of projects and companies are holding their announcements for KubeConEU the week of May 16th.

If you are using Knative in your company I'm conducting user interviews for the User Experience Working Group, please reach out by volunteering your time for a short and simple interview.

News

Chainguard Enforce: Software Supply Chain Security for K8s – The New Stack — thenewstack.io

Zero-trust security company Chainguard has shipped the beta release of Chainguard Enforce, its first product

Kubernetes Release Shadow Program Twitter Space — twitter.com

Listen to the recording of the Twitter Space with members of the Kubernetes Release Team v1.25 https://twitter.com/i/spaces/1dRKZleNdzVJB

New GraalVM 22.1: Developer experience improvements, Apple Silicon builds, and more — medium.com

Today we’re releasing GraalVM 22.1! This release brings new features and lots of improvements —

Addressing latency and data transfer costs on EKS using Istio — aws.amazon.com

Data transfer charges are often overlooked when operating Amazon Elastic Kubernetes Service (Amazon EKS) clusters; understanding these charges would help reduce cost

Installing an Apache Kafka cluster on Kubernetes using Strimzi and GitOps – Civo.com — www.civo.com Strimzi is a Kubernetes operator which acts as a dedicated SRE for running Apache Kafka on Kubernetes

servicemesh.es | Service Mesh Comparison — servicemesh.es Service Mesh Feature Comparison — including Istio, Linkerd 2, AWS App Mesh, Consul, Maesh, Kuma, Open Service Mesh (OSM)

Exploring container security: Vulnerability management in open-source Kubernetes — cloud.google.com The Kubernetes Privacy Security Committee follows these steps when a vulnerability is reported.

Prevent Kubernetes misconfigurations during development with this open source tool — opensource.com Explore how the principles behind open source--collaboration, transparency, and rapid prototyping--are proven catalysts for innovation.

Assets

GitHub - The Kubernetes Security Profiles Operator — github.com The Kubernetes Security Profiles Operator. Contribute to kubernetes-sigs/security-profiles-operator development by creating an account on GitHub.

GitHub - SocketCAN Kubernetes device plugin — github.com SocketCAN Kubernetes device plugin. Contribute to collabora/k8s-socketcan development by creating an account on GitHub.

GitHub - Collection of gadgets for debugging and introspecting Kubernetes applications using BPF — github.com Collection of gadgets for debugging and introspecting Kubernetes applications using BPF - GitHub - kinvolk/inspektor-gadget: Collection of gadgets for debugging and introspecting Kubernetes applications using BPF

GitHub - OCI hook to trace syscalls and generate a seccomp profile — github.com OCI hook to trace syscalls and generate a seccomp profile - GitHub - containers/oci-seccomp-bpf-hook: OCI hook to trace syscalls and generate a seccomp profile

GitHub - Kernels for testing ebpf — github.com Kernels for testing tracee CO-RE feature. Contribute to aquasecurity/tracee-test-kernels development by creating an account on GitHub.

Skills

Self-Care is Not the Solution for Burnout — The Beautiful Truth — thebeautifultruth.org Psychologist Justin D. Henderson makes the case that we need to address the systemic and cultural dimensions of burnout.

TAG Observability Whitepaper — github.com

This paper aims to get you quickly started with different kinds of observability you might need to work within the cloud-native world.

CKAD Scenarios Kubectl-Contexts | Pod-Resources | ConfigMap Access — wuestkamp.medium.com In the CKAD exam you need to breath kubectl. Kubectl is a client for the Kubernetes Apiserver and allows you to perform all kinds of operations. A kubectl context contains connection information to a…

You Don't Need an Image To Run a Container — iximiuz.com How to run container without an image? Why do you need container images? What problems container images solve?

It is only Monday, and there is so much going on already.

News

Don’t Panic: A Playbook for Handling Account Compromise with Sigstore — blog.sigstore.dev

Despite your best efforts, you may no longer trust artifacts, keys, or identities when signing software.

OSS Capital Announcement: $200M For An Open Future - COSS Community — www.coss.community Today, OSS Capital is thrilled to publicly announce our first and second funds with $200M dedicated... Tagged with coss, funding, vc, opencore.

Istio has applied to become a CNCF project

The Istio project is pleased to announce its intention to join the Cloud Native Computing Foundation (CNCF). 

Welcome to IstioCon 2022! — events.istio.io

IstioCon is the community conference for the industry’s most popular service mesh.

How to Model Your Gitops Environments and Promote Releases between Them — codefresh.io Learn how to model your GitOps environments using different folders on the same Git branch, and how to handle environment promotion.

Time to patch nginx-ingress controllers to fix 2 recent critical CVEs, CVE-2021-25745 and CVE-2021-2576 they allow any user with ingress permissions to access the service account secret token of the main shared controller.

Chainguard Whitepaper All About That Bade Image

Resources to build Kubernetes Operators Resources to build Kubernetes Operators

'Restricting cluster-admin Permissions' by Marcus Noble — marcusnoble.co.uk

Generally, and by default, operators of the cluster are assigned to the cluster-admin ClusterRole.

eBPF for Service Mesh? Yes, but Envoy Proxy is here to stay - Solo — www.solo.io Our goal here at Solo.io is to bring valuable solutions to our customers around application networking and service connectivity. Back in October, we announced our plans to enhance our enterprise […]

Webamp · Winamp 2 in your browser — webamp.org Winamp 2.9 reimplemented in HTML5 and JavaScript

American Phone-Tracking Firm Demo’d Surveillance Powers by Spying on CIA and NSA — theintercept.com Anomaly Six, a secretive government contractor, claims to monitor the movements of billions of phones around the world and unmask spies with the press of a button.

Removing the stigma of a CVE | The GitHub Blog — github.blog Do you worry that a CVE will hurt the reputation of your project? In reality, CVEs are a tracking number, and nothing more. Here's how we think of them at GitHub.

Assets

GitHub - kubernetes-sigs/scheduler-plugins: Repository for out-of-tree scheduler plugins based on scheduler framework. — github.com Repository for out-of-tree scheduler plugins based on scheduler framework. - GitHub - kubernetes-sigs/scheduler-plugins: Repository for out-of-tree scheduler plugins based on scheduler framework.

GitHub - backube/volsync: Asynchronous data replication for Kubernetes volumes — github.com Asynchronous data replication for Kubernetes volumes - GitHub - backube/volsync: Asynchronous data replication for Kubernetes volumes

twitter/the-algorithm · GitHub — github.com

Future home of twitter algorithm

Skills

Building functions with Knative and Tekton - DEV Community Knative was recently accepted as a CNCF incubation project and there are so many exciting things... Tagged with knative, functions, tekton, faas.

How to Bring your own Scheduler into OpenShift with the Secondary Scheduler Operator — cloud.redhat.com The Kubernetes scheduler is an enterprise grade stable component in Kubernetes that decides where to place the incoming pods by a two step operation of filtering and scoring.

Best Practices for Multi-tenancy in Argo CD | by Dan Garfield | Argo Project — blog.argoproj.io This blogpost is co-authored by Dan Garfield and Jesse Suen. Special thanks to Alexander Matyushentsev, Jann Fischer, Henrik Blixt, and the amazing community for all their hard work in making Argo CD…

Some news around Kubernetes, The Release team 1.24 is working very hard to get a quality build out the door, but due to a bug in golang the final 1.24 release date was moved to May 3rd ⏲

I'm the new release notes lead for 1.25 and the shadow application is open for people to apply. 🚀

News

The Principle of Ephemerality — blog.chainguard.dev TL;DR: Everything that can be ephemeral, should be ephemeral.

What's New in Talos 1.0 | Talos Linux List of new and shiny features in Talos Linux.

3 CloudOps Companies That Want You To Destroy Kubernetes in Prod | by Molly Sheets | Apr, 2022 | Medium — medium.com In the last month, I investigated the portfolios of newer companies in devops and liveops because I had a hunch something interesting was happening in the world of reliability — is chaos engineering…

Kubernetes Removals and Deprecations In 1.24 | Kubernetes — kubernetes.io

Cloud Native Is The New Architecture Mantra For Core Banking Solutions — vedcraft.com Cloud Native technologies are in mainstream adoption and Cloud native is the new architecture mantra for core banking solutions. Read more.

Achieving SLSA 3 Compliance with GitHub Actions and Sigstore for Go modules | The GitHub Blog — github.blog Learn how to build packages with SLSA 3 provenance using GitHub Actions.

Measuring Argo Workflow Costs with Kubecost - Learn how you can use Argo and Kubecost together to optimize your Kubernetes workflows and gain insights and visibility into your cloud costs.

Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators — github.blog

On April 12, GitHub Security began an investigation that uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI

Scaling containers on AWS in 2022 :: Vlad Ionescu — www.vladionescu.me Comparing how fast containers scale up in 2022 using different orchestrators on AWS

My adventure with Helm as GitOps in a distributed architecture | by Axel Gendillard | Feb, 2022 | Medium — medium.com The “DevOps” community has brought me useful knowledge since I started my career. Now it’s my turn to give back to the community. I would like to share some of my experience about Helm configuration…

An update to Raspberry Pi OS Bullseye - Raspberry Pi — www.raspberrypi.com Over the years, we have gradually ramped up the security of Raspberry Pi OS. Here's Simon Long to tell you what has changed.

Announcing Docker SBOM: A step towards more visibility into Docker images - Docker Learn from Docker experts to simplify and advance your app development and management with Docker. Stay up to date on Docker events and new version announcements!

Argo CD Best Practices | Container Hub — medium.com Discover key best practices for Argo CD that allow you to leverage GitOps easily within your deployment workflow.

The differences between Docker, containerd, CRI-O and runc - Tutorial Works — www.tutorialworks.com Let’s answer the question of Docker vs CRI-O, and other common questions about different container runtimes.

9 reasons you have technical debt and how to reduce it | The Enterprisers Project — enterprisersproject.com Don’t let technical debt hinder your organization’s digital transformation. Here are nine leading causes and a four-step strategy to overcome technical debt

Google Online Security Blog: Improving software supply chain security with tamper-proof builds — security.googleblog.com Posted by Asra Ali and Laurent Simon, Google Open Source Security Team (GOSST) Many of the recent high-profile software attacks that have al...

Announcing AWS Lambda Function URLs: Built-in HTTPS Endpoints for Single-Function Microservices — aws.amazon.com

Assets

Using Fio to Tell Whether Your Storage is Fast Enough for Etcd | IBM — www.ibm.com The short story: fio and etcd

GitHub - kris-nova/kaar — github.com Kubernetes Application Archive. Contribute to kris-nova/kaar development by creating an account on GitHub.

Build smaller, faster, and more secure desktop applications with a web frontend | Tauri Studio — tauri.studio Tauri is a framework for building tiny, blazing fast binaries for all major desktop platforms. Developers can integrate any front-end framework that compiles to HTML, JS and CSS for building their user interface.

GitHub - disneystreaming/ssm-helpers — github.com Help manage AWS systems manager with helpers. Contribute to disneystreaming/ssm-helpers development by creating an account on GitHub.

GitHub - patrickdappollonio/tabloid — github.com tabloid is a simple command line tool to parse and filter column-based CLI outputs from commands like kubectl or docker - GitHub - patrickdappollonio/tabloid: tabloid is a simple command line tool to parse and filter column-based CLI outputs from commands like kubectl or docker

Functional Web App (FWA) The Functional Web App (FWA) is an architectural pattern for building dynamic web applications and APIs.

GitHub - CaravanaCloud/task-tree — github.com Automating maintenance and troubleshooting tasks for Cloud Computing - GitHub - CaravanaCloud/task-tree: Automating maintenance and troubleshooting tasks for Cloud Computing

Skills

Kubernetes events | Kube Events — kube.events Curated meetups, conferences, training and webinars on Kubernetes

Automate CI/CD on pull requests with Argo CD ApplicationSets | Red Hat Developer — developers.redhat.com Use Argo CD's ApplicationSets and pull request generator with Tekton and Red Hat OpenShift tools to bring GitOps workflows into your CI/CD processes.

New Kube blog site — kubesimplify.com On a mission to teach cloud native to everyone.

Securing Grafana with Keycloak SSO — medium.com In this story i will show how to deploy and configure Keycloak in a local Kubernetes cluster, then deploy Grafana and use the Keycloak instance for authentication and authorization. I already wrote…

Load balancing and scaling long-lived connections in Kubernetes — learnk8s.io Kubernetes doesn't load balance long-lived connections and some Pods might receive more requests than others. Learn how to fix that.

Deploy a coloring page generator in minutes with Cloud Run In this post, you'll see how to create an image processing service and make it available online using minimal resources.

HowTo: Make a Reviewing Guide | CNCF Contributors

Modeling & Analyzing Lambda vs. Fargate Breakeven — Nuvalence — nuvalence.io

Hardening Kubernetes Multi-Cluster Environments - Container Journal — containerjournal.com Increased visibility into all Kubernetes platforms and tighter RBAC is necessary to keep cloud-native architecture safe and secure.

If you are a new person to open source and want to participate in Google Summer of Code (GSOC) this year with one of the CNCF projects, including Kubernetes, Knative, and many others, I hosted a Twitter Space you can listen to the recording.

PS: If you plan to attend KubeCon and KnativeCon, I'm giving two talks. Please don't be shy, say hi, and take a selfie with me 🤗

News

Virtual Kubernetes clusters: A new model for multitenancy | Opensource.com — opensource.com Try vcluster, an open source implementation that tackles certain aspects of typical namespace- and cluster-based isolation models.

Amazon EKS now supports Kubernetes 1.22 | Amazon Web Services — aws.amazon.com

Amazon EKS, Amazon EKS Distro, and Amazon EKS Anywhere can now run Kubernetes version 1.22.

Spring4Shell: The zero-day RCE in the Spring Framework explained | Snyk — snyk.io Security resources like Lunasec, Rapid7 and Praetorian confirmed that the vulnerability is real, and in the meantime Spring has already released a new version

Announcing Grafana Mimir, the most scalable open source TSDB in the world | Grafana Labs — grafana.com Our new open source project allows you to scale to 1 billion metrics and beyond.

How Go Mitigates Supply Chain Attacks - The Go Programming Language Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.

Is Platform Engineering the New DevOps or SRE? | by Daniel Bryant | Mar, 2022 | Ambassador Labs — blog.getambassador.io Almost every day we hear about another organization building an internal developer platform or developer control plane. We’re not alone in observing this trend in platform engineering; when Humanitec…

Migrate from PodSecurityPolicy to PodSecurity Admission Controller (Updated) — kubernetes.io

This page describes the process of migrating from PodSecurityPolicies to the built-in PodSecurity admission controller.

Trivy new SBOM subcommand

Comprehensive Vulnerability Scanner Trivy currently supports SBOM formats.

Kubernetes-in-Kubernetes and the WEDOS PXE bootable server farm | Kubernetes — kubernetes.io

Author: Andrei Kvapil (WEDOS) When you own two data centers, thousands of physical servers, virtual machines and hosting for hundreds of thousands sites, Kubernetes can actually simplify the management of all these things.

Generics can make your Go code slower — planetscale.com Go 1.18 is here, and with it, the first release of the long-awaited implementation of Generics is finally ready for production usage. Generics are a frequently requested feature that has been highly contentious throughout the Go community.

Is Your Cluster Ready for v1.24? | Kubernetes — kubernetes.io

Author: Kat Cosgrove Way back in December of 2020, Kubernetes announced the deprecation of Dockershim.

Announcing Postgres Container Apps: Easy Deploy Postgres Apps With Postgres Container Apps you can, from directly inside Postgres with a simple function call, spin up a container that is running right alongside your Postgres database!

Assets

Console Do Not Track (DNT)

This is a proposal for a single, standard environment variable that plainly and unambiguously expresses LACK OF CONSENT by a user of that software to any of the following:

Kubernetes scheduler written in less than 100 lines of bash — github.com Kubernetes scheduler written in less than 100 lines of bash :grimacing: :laughing: - GitHub - rothgar/bashScheduler: Kubernetes scheduler written in less than 100 lines of bash

A Kubectl plugin that can detect if any of your workloads or manifest files are mounting the docker.sock volume — github.com

A Kubectl plugin that can detect if any of your workloads or manifest files are mounting the docker.sock

Validate your Kubernetes configuration files, supports multiple Kubernetes versions — github.com Validate your Kubernetes configuration files, supports multiple Kubernetes versions - GitHub - instrumenta/kubeval: Validate your Kubernetes configuration files, supports multiple Kubernetes versions

A FAST Kubernetes manifests validator, with support for Custom Resources! — github.com A FAST Kubernetes manifests validator, with support for Custom Resources! - GitHub - yannh/kubeconform: A FAST Kubernetes manifests validator, with support for Custom Resources!

Skills

Technical FAQ on the Digital Markets Act | Matrix.org — matrix.org We've been flooded with questions about the DMA since it was announced last week, and have spotted some of the gatekeepers jumping to the wrong conclusions about what it might entail. Just in case you don't want to wade through yesterday's sprawling blog post, we've put together a quick FAQ to cover the most important points based on our understanding.

Parca from Binary | Parca

Parca is a continuous profiling project for applications and infrastructure. It helps you save money, improve performance and understand incidents better.

Finding an intro to maths for cryptography | by Liz Rice | Medium — medium.com If you’re looking for an introduction to the mathematics that make cryptography work, perhaps this list might help. I’m currently writing a book about Container Security for O’Reilly Media, and one…

I hope the war ends soon; writing this phrase is surreal.

Talking about surreal, this is how actors felt at the Oscars this Sunday.

News

GoReleaser And Software Supply Chain Security | by developer-guy | Mar, 2022 | GoReleaser — blog.goreleaser.com Before talking about the security of the software supply chains, we should mention what should come to our minds first when we are talking about software supply chains. In most basic terms, you can…

Introducing Caddy-SSH

Pure-Go, general-purpose SSH server

Favoring Podman over Docker Desktop | by Peter Butkovic | Mar, 2022 | Medium — medium.com Since the announcement, that docker desktop won’t be available for free for the bigger organizations, I’ve been looking for the open source alternative with smooth migration option. Podman did a…

Get the Best of Both Worlds With the KKP 2.19 CNI Strategy — www.kubermatic.com Find out how you can expect greater control and flexibility by selecting a CNI plugin with KKP 2.19.

The shortcomings of rootless containers | Opensource.com — opensource.com Explore how the principles behind open source--collaboration, transparency, and rapid prototyping--are proven catalysts for innovation.

Understanding root inside and outside a container — www.redhat.com Do you run your containers as root, or as a regular user? It’s such a deceptively simple question. You might be tempted to answer too quickly. Is the threat model really crystal clear in your mind? I have a suspicion that it might not be.

Privilege Escalation in gVisor, Google's Container Sandbox tl;dr gVisor is Google’s sandboxing technology for containers running less-than-fully-trusted code. It’s a Golang reimplementation of the Linux kernel that r...

containerd CRI plugin: Insecure handling of image volumes · Advisory · containerd/containerd · GitHub — github.com GitHub is where people build software. More than 73 million people use GitHub to discover, fork, and contribute to over 200 million projects.

Assets

GitHub - box/kube-exec-controller: — github.com

An admission controller service and kubectl plugin to handle container drift in K8s clusters -

GitHub - genuinetools/bane: Custom & better AppArmor profile generator for Docker containers. — github.com Custom & better AppArmor profile generator for Docker containers. - GitHub - genuinetools/bane: Custom & better AppArmor profile generator for Docker containers.

GitHub - lizrice/running-with-scissors: Resources from my KubeCon + CloudNativeCon keynote — github.com Resources from my KubeCon + CloudNativeCon keynote - GitHub - lizrice/running-with-scissors: Resources from my KubeCon + CloudNativeCon keynote

Rootless Containers | Rootless Containers Rootless Containers

Running Kubernetes Node Components as a Non-root User | Kubernetes — kubernetes.io

FEATURE STATE: Kubernetes v1.22 [alpha] This document describes how to run Kubernetes Node components such as kubelet, CRI, OCI, and CNI without root privileges, by using a user namespace.

Deprecated API Migration Guide | Kubernetes — kubernetes.io

As the Kubernetes API evolves, APIs are periodically reorganized or upgraded. in v1.

Introduction - EKS Best Practices Guides

Welcome to the EKS Best Practices Guides.

Skills

Hacking Your Product Leader Career | by Gibson Biddle | Medium — gibsonbiddle.medium.com A few years ago, I watched an Olympic gymnast deliver a speech, “How to Score a Perfect Ten.” He gave his talk while doing his pommel horse routine! He vaulted onto the horse, did a series of moves…

gVisor Performance Guide

gVisor is designed to provide a secure, virtualized environment while preserving key benefits of containerization, such as small fixed overheads and a dynamic resource footprint.

Your visual how-to guide for SELinux policy enforcement | Opensource.com — opensource.com Explore how the principles behind open source--collaboration, transparency, and rapid prototyping--are proven catalysts for innovation.

GitHub - genuinetools/contained.af — github.com A stupid game for learning about containers, capabilities, and syscalls. - GitHub - genuinetools/contained.af: A stupid game for learning about containers, capabilities, and syscalls.

I'm helping plan KnativeCon and the Kubernetes Contributor Summit for KubeCon EU, I hope to be in Spain during May to finally meet some of my Cloud Native peeps in person.

News

Kubernetes container runtime CRI-O has make-me-root flaw • The Register — www.theregister.com Cr8escape priv-escalation bug opens the door to cluster takeovers

sigstore, the local way — blog.chainguard.dev If you've been following the Chainguard blog, you might ask yourself: how do I run the open-source sigstore stack on my machine? While sigstore is often deployed using Kubernetes, it is flexible enough to run nearly anywhere: from a Raspberry Pi to an IBM mainframe. This article will demonstrate how

Senate votes to make daylight saving time permanent — news.yahoo.com The Senate approved legislation Tuesday that would make daylight saving time permanent in the U.S. starting next year.

Guillaume's Security Notebook In this article, we will explore and test Defender for Containers against a vulnerable environment and see what it can detects or prevent and how we can leverage it to make our Kubernetes workloads safer.

Explore client-go Informer Patterns | by Stefanie Lai | CodeX | Feb, 2022 | Medium — medium.com In platform development, our cluster runs operators involving multiple teams and various GCP resources, for querying which we often need to write various code including but not limited to bash…

Open sourcing the Kubernetes security audit | Cloud Native Computing Foundation — www.cncf.io Last year, the Cloud Native Computing Foundation (CNCF) began the process of performing and open sourcing third-party security audits for its projects in order…

Want a better DevOps career? Learn the business | GitLab — about.gitlab.com A better DevOps career starts with a thorough understanding of business. Here's how to get started.

Go 1.18 Release Notes - The Go Programming Language Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.

SLSA vs. Software Supply Chain Attacks — blog.chainguard.dev Past Attacks and How SLSA Helps

The future of Kubernetes – and why developers should look beyond Kubernetes in 2022 Kubernetes is ubiquitous in container orchestration, and its popularity has yet to weaken. This does, however, not mean that evolution in the container orchestration space is at a stand-still.

Backstage project joins the CNCF Incubator | Cloud Native Computing Foundation — www.cncf.io The CNCF Technical Oversight Committee (TOC) has voted to accept Backstage as a CNCF incubating project. Backstage is an open platform for building developer…

Introduction to Taskfile: a Makefile alternative - DEV Community — dev.to Easier and simpler than Makefile. Tagged with automation, make, productivity.

Google Docs update lets you draft emails and send them to Gmail with a click - The Verge — www.theverge.com Google is rolling out a new feature in its Docs that’s designed to make it easier to draft emails. It’s accessible via the @ menu in Google Docs.

The biggest data breach fines, penalties, and settlements so far | CSO Online — www.csoonline.com Hacks and data thefts, enabled by weak security, cover-ups or avoidable mistakes have cost these companies a total of nearly $1.3 billion and counting.

LINUF FOUNDATION

STATEMENT AGAINST TEXAS DISCRIMINATION

Secure your software supply chain using Sigstore and GitHub actions - Marco Franssen

With the rise of software supply chain attacks it becomes more important to secure our software supply chains.

Tim Seagren on LinkedIn: #sops #git #sigstore | 11 comments — www.linkedin.com In the past 48 hours, the DoD Platform One Ironbank Pipelines and Operations (POPs) team has made two huge strides forward in the areas of day-to-day operations... 11 comments on LinkedIn

OpenSSL Security Advisory [15 March 2022]

Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)

CDK Day 2022: Call for Speakers/Papers @ Sessionize.com — sessionize.com A Cloud Development Kit (CDK) is a developer tool built on the open source Constructs model. We now have multiple CDKs in AWS CDK, CDK for Terraform, ...

Assets

GitHub - madhuakula/kubernetes-goat: Kubernetes Goat 🐐 is a "Vulnerable by Design" — github.com

Kubernetes Goat 🐐 is a "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security 🔐security 🔐

GitHub - kubearmor/KubeArmor: Cloud-native Runtime Security Enforcement System — github.com Cloud-native Runtime Security Enforcement System. Contribute to kubearmor/KubeArmor development by creating an account on GitHub.

GitHub - magnologan/cncf-security-audits: List of all previous CNCF Project's Security Audit Reports — github.com List of all previous CNCF Project's Security Audit Reports - GitHub - magnologan/cncf-security-audits: List of all previous CNCF Project's Security Audit Reports

Releases · go-task/task · GitHub — github.com A task runner / simpler Make alternative written in Go - Releases · go-task/task

Skills

Introducing apko & melange

Research - Linux Foundation — www.linuxfoundation.org Expert guidance to manage open technology projects and put you on the path to success

Stripe: Equity for employees — stripe.com Understand the mechanics, decisions, and trade-offs related to issuing equity to employees

Success Story: Cloud Engineer Bootcamp Enables a Music Teacher to Become a DevOps Engineer - Linux Foundation - Training — training.linuxfoundation.org Michael Rossiter was a long time Linux enthusiast working as a music teacher in the north of England. He had dreamed of a role working in IT, but wasn’t sure...

Learning Go by examples: part 2 - Create an HTTP REST API Server in Go - DEV Community — dev.to Serie of article in order to learn Golang language by concrete applications as example. Tagged with go, beginners, api, tutorial.

This week I will be hosting the Kubernetes Office Hours again, this time will be learning about SIG-Docs

News

Cloud Native Computing Foundation Unveils Schedule for KubeCon + CloudNativeCon Europe 2022 | Cloud Native Computing Foundation — www.cncf.io Back in-person in Valencia, Spain in May, technology enthusiasts will meet to share and educate around cloud native innovation SAN FRANCISCO, Calif. – March 9…

Red Hat co-founded project Knative accepted as CNCF incubating project — www.redhat.com

This begins a new chapter in the evolution of a leading containerized serverless platform.

Release v0.12.0 · kubernetes-sigs/kind — github.com Kubernetes IN Docker - local clusters for testing Kubernetes - Release v0.12.0 · kubernetes-sigs/kind

Google to Acquire Mandiant | Mandiant — www.mandiant.com Your description for this link...

Software Supply Chain Security: Tearing Down the Silos – The New Stack — thenewstack.io Both application and infrastructure security are required to keep a cloud native system safe. A single solution can integrate both to foil hackers.

Visualising the Cost of Kubernetes | by Mitchell Rowling | Streamotion Tech Blog | Mar, 2022 | Medium — medium.com Containerisation is still an emerging technology in many organisations across the world and Here at Streamotion, the adoption of containers has promoted rapid acceleration of our journey of Kayo…

The future of Kubernetes – and why developers should look beyond Kubernetes in 2022 Kubernetes is ubiquitous in container orchestration, and its popularity has yet to weaken. This does, however, not mean that evolution in the container orchestration space is at a stand-still.

Dirty Pipe Linux Vulnerability: Overwriting Files in Container Images CVE-2022-0847 Dirty Pipe in the Linux kernel allows users on Linux hosts running containerized applications to modify files in container images on the host

Assets

GitHub - cert-manager/istio-csr: istio-csr is an agent that allows for Istio workload and control plane components to be secured using cert-manager. — github.com istio-csr is an agent that allows for Istio workload and control plane components to be secured using cert-manager. - GitHub - cert-manager/istio-csr: istio-csr is an agent that allows for Istio workload and control plane components to be secured using cert-manager.

Cloud Managed Redpanda | A Kafka alternative — redpanda.com Choose a fully managed solution or bring your own cloud. Pay only for what you use. Infinite data retention. Global read replicas.

tmate • Instant terminal sharing Your description for this link...

Kubernetes Workload Identity with AKS – baeke.info — blog.baeke.info When you run a workload, no matter how simple or complex, you often need to access protected resources in both a secure and manageable way. Often, a resource's security is integrated with an identity store. Azure resources, for instance, can be secured with roles assigned to Azure Active Directory (AAD) users, groups, or service principals.…

Skills

Join the Monthly Kubernetes Office Hours this Wednesday, March 16th, with hosts @csantanapr and @rawkode

This month is SIG-Docs edition with guest @Divya_Mohan02

See Cloud Native Live: Optimizing Istio with eBPF at CNCF CNCF Online Programs — community.cncf.io CNCF CNCF Online Programs presents Cloud Native Live: Optimizing Istio with eBPF | Mar 16, 2022. Find event and ticket information.

Principles & Best practices of REST API Design | by Love Sharma | Dev Genius — blog.devgenius.io This best-practices article intends for developers interested in creating RESTful Web services that provide high reliability and consistency across multiple service suites; following these…

If you wonder how can you help with the conflict in Ukraine there are many organizations you can donate to, and also encourage your employer to donate to help the large number of refugees.

News

Knative accepted as a CNCF incubating project | Cloud Native Computing Foundation — www.cncf.io The CNCF Technical Oversight Committee (TOC) has voted to accept Knative as a CNCF incubating project. Knative is an open source, Kubernetes-based platform for…

Liz Rice on Programming the Linux Kernel with eBPF, Cilium and Service Meshes — www.infoq.com Charles Humble discusses eBPF, a way of making the Linux kernel programmable, with Liz Rice.

Using Machine Learning to Actively Secure Cloud Native Apps – The New Stack — thenewstack.io It's not enough to simply ward off threats. Tigera's Calico Cloud now uses machine learning to actively find and mitigate vulnerabilities.

Introducing apko: bringing distroless nirvana to Alpine Linux — blog.chainguard.dev

Earlier today, Chainguard released version 0.1 of our apko tool. This tool allows for the composition of so-called “distroless” images from APK-based software distributions, such as Alpine Linux, using a declarative configuration. 

Acquisitions Are Good for the Developer Ecosystem – The New Stack — thenewstack.io A look at Mirantis' acquisition of Docker Enterprise and Lens, and the benefits to the developer and Kubernetes ecosystem that it's created in the past two years.

buildkit-machine: A brand new project to enable building/pushing container images without requiring a Docker Daemon based on BuildKit | by developer-guy | Mar, 2022 | Medium — batuhan-apaydin-11378.medium.com In the previous blog post, we talked about a brand new toolkit (lima + nerdctl + rancher-desktop) that we can use to work with container images, and in that blog post, we mentioned the…

Podman v4.0.0 Released

Podman v4.0.0, a brand-new major release, is now available. Podman 4.0 is one of our most significant releases ever, featuring over 60 new features.

ArgoCD v2.3.0 Released — github.com Declarative continuous deployment for Kubernetes. Contribute to argoproj/argo-cd development by creating an account on GitHub.

Exploring eBPF – Part 3: Getting Started with Hubble — nicovibert.com Welcome to the third post in my eBPF series: in my first post, I introduced eBPF and walked through how to use a sample code, in the second post, I talked about Cilium, an eBPF-based networking plugin for Kubernetes. In this third post, we're going to jump straight from the previous post and leverage Cilium's…

Suborbital Launching Sat Beta-1: Still tiny, still mighty — blog.suborbital.dev Today we're happy to announce that our open source WebAssembly edge compute server Sat is now in beta! We've spent the past few months testing, refining, and simplifying it to enable some essential cloud computing use-cases. Best of all, the original...

Build your perfect Google Cloud infrastructure using Terraform and the gcloud CLI — cloud.google.com Learn more about how declarative export allows you to export the current state of your infrastructure into a descriptive file compatible with Terraform.

Year of the Tiger: $110 million to build the future of data for developers worldwide — www.timescale.com Timescale just raised $110 million in our Series C, led by Tiger Global alongside all existing investors: Benchmark, New Enterprise Associates, Redpoint Ventures, Icon Ventures, and Two Sigma Ventures.

Assets

Debuggging with tmate · Actions · GitHub Marketplace · GitHub — github.com Debug your GitHub Actions Environment

Killercoda Interactive Environments — killercoda.com Interactive E-learning CKS Kubernetes Security

GitHub - aquasecurity/tfsec: Security scanner for your Terraform code — github.com Security scanner for your Terraform code. Contribute to aquasecurity/tfsec development by creating an account on GitHub.

GitHub - Seagate/cortx: CORTX Community Object Storage is 100% open source object storage uniquely optimized for mass capacity storage devices. — github.com CORTX Community Object Storage is 100% open source object storage uniquely optimized for mass capacity storage devices. - GitHub - Seagate/cortx: CORTX Community Object Storage is 100% open source object storage uniquely optimized for mass capacity storage devices.

GitHub - lightrun-platform/koolkits: 🧰 Opinionated, language-specific, batteries-included debug container images for Kubernetes. — github.com 🧰 Opinionated, language-specific, batteries-included debug container images for Kubernetes. - GitHub - lightrun-platform/koolkits: 🧰 Opinionated, language-specific, batteries-included debug container images for Kubernetes.

DNS for Families with Cloudflare 1.1.1.1

Use 1.1.1.2 Use the following DNS resolvers to block malicious content. And 1.1.1.3 to block malware and adult content

GitHub - lowlighter/metrics: 📊 An infographics generator with 30+ plugins and 200+ options to display stats about your GitHub account and render them as SVG, Markdown, PDF or JSON! — github.com 📊 An infographics generator with 30+ plugins and 200+ options to display stats about your GitHub account and render them as SVG, Markdown, PDF or JSON! - GitHub - lowlighter/metrics: 📊 An infographics generator with 30+ plugins and 200+ options to display stats about your GitHub account and render them as SVG, Markdown, PDF or JSON!

GitHub - hashicorp/terraform-cdk: Define infrastructure resources using programming constructs and provision them using HashiCorp Terraform — github.com Define infrastructure resources using programming constructs and provision them using HashiCorp Terraform - GitHub - hashicorp/terraform-cdk: Define infrastructure resources using programming constructs and provision them using HashiCorp Terraform

GitHub - tsenart/vegeta: HTTP load testing tool and library. It's over 9000! — github.com HTTP load testing tool and library. It's over 9000! - GitHub - tsenart/vegeta: HTTP load testing tool and library. It's over 9000!

Skills

What is a Kubernetes Ephemeral Container? | DevOps Learners — devopslearners.com An ephemeral container is a concept of adding a container in an exiting pod for debugging purposes. You can also debug a pod in CrashLoopBackOff state.

Carvel kbld With Helm Post Render - Live and let Learn — liveandletlearn.net

For the past couple of years I’ve been working on the Kubeapps project, which until recently has been a UI dashboard for the Helm project - providing a simple, web-based UI to deploy applications on Kubernetes.

Display Linux Distribution Logo in ASCII Art in Terminal - It's FOSS — itsfoss.com Wondering how they display Linux logo in terminal? With these tools, you can display logo of your Linux distribution in ASCII art in the Linux terminal.

Saving on Amazon CloudWatch Logs costs - DEV Community — dev.to Amazon CloudWatch Logs costs can get out of hand quickly. Here is the remedy. Tagged with aws, serverless, typescript, observability.

6 steps for migrating a PostgreSQL database between containers | Enable Sysadmin — www.redhat.com Upgrading your container-based database? Keep the process straightforward using these steps.

Linux commands I use as a Cloud and DevOps Engineer — blog.rishabkumar.com Top 7 Linux commands I use as a Cloud and DevOps Engineer

How to route UDP traffic into Kubernetes | Amazon Web Services — aws.amazon.com Since its release, Amazon Elastic Kubernetes Service (Amazon EKS) has been helping customers to run their applications reliably and at scale. UDP, or User Datagram Protocol, is a low-latency protocol that is ideal for workloads such as real-time streaming, online gaming, and IoT. The Network Load Balancer (NLB) is designed to handle tens of millions […]

This weekend there was a debate when I went downstairs to the Kitchen, which was choosing which cheese is better Spanish Goat Cheese or Spanish Manchego Cheese, so I did what any nerd would do and created a Twitter Poll.

There was a good conversation on why Kubernetes doesn't have more batteries included like using digest for images, and an interesting one since Knative does this by default.

News

Best Practices for Multi-tenancy in Argo CD | by Dan Garfield | Feb, 2022 | Argo Project — blog.argoproj.io This blogpost is co-authored by Dan Garfield and Jesse Suen. Special thanks to Alexander Matyushentsev, Jann Fischer, Henrik Blixt, and the amazing community for all their hard work in making Argo CD…

[Technical Product Update] What's New: OpenShift 4.10 [Feb-2022] — www.youtube.com Hear directly from Red Hat OpenShift Product Managers on the key updates expected with Red Hat OpenShift 4.10.

Kubernetes Security Best Practices: The Definitive Guide | ARMO — www.armosec.io All you need to know about kubernetes security best practices, from implementing best practices to the importance of kubernetes security and much more

1Password for SSH & Git (Beta) | 1Password Developer Documentation — developer.1password.com Introducing 1Password for SSH & Git (Beta), the single source of truth for all your SSH keys. With 1Password, you can:

Kubernetes Virtual clusters with Loft Labs — www.youtube.com We'll look at benefits and use cases for Kubernetes virtual clusters using Loft.loft.sh

Disclosure: Fixing a critical bug in Optimism’s Geth fork | by Optimism PBC | Feb, 2022 | Medium — optimismpbc.medium.com On February 2nd, the Optimism team was alerted by Jay Freeman (saurik of Cydia and Orchid fame) to the existence of a critical bug in Optimism’s Geth fork. The bug made it possible to create ETH on…

Steal Credentials & Bypass 2FA Using noVNC | mr.d0x Security Research | C:\Users\mr.d0x>

Golang project structuring — Ben Johnson way | by vignesh dharuman | SellerApp | Feb, 2022 | Medium — medium.com Project code organisation is an ever evolving problem. As all wise developers put it, “it always depends on the requirement”. But following a standard structure will help in keeping the code base…

Global Load Balancer Approaches — cloud.redhat.com When working with Kubernetes or OpenShift in a multicluster (possibly hybrid cloud) deployment, one of the considerations that comes up is how to direct traffic to the applications deployed across these clusters. To solve this problem, we need a global load balancer.

Auto Scaling CI Agents At Wix — www.wix.engineering

This article is part II of "6 Challenges We Faced While Building a Super CI Pipeline"

Backup & Restore | Raspberry Pi Kubernetes Cluster — picluster.ricsanfre.com Backup Architecture and Design

GitOps in Kubernetes: How to do it with GitLab CI and Argo CD | by Andrzej Kaczynski | Medium — medium.com The world of Cloud Native in recent days is continuously speaking about GitOps. Indeed this model of Continuous Delivery is a kind of revolution in modern IT world. I’m not going to describe what…

Assets

GitHub - rebuy-de/aws-nuke: Nuke a whole AWS account and delete all its resources. — github.com Nuke a whole AWS account and delete all its resources. - GitHub - rebuy-de/aws-nuke: Nuke a whole AWS account and delete all its resources.

GitHub - developer-guy/rekor-falco: A Falco Plugin for Rekor Transparency Log Server — github.com A Falco Plugin for Rekor Transparency Log Server. Contribute to developer-guy/rekor-falco development by creating an account on GitHub.

GitHub - google/k8s-digester: Add digests to container and init container images in Kubernetes pod and pod template specs. — github.com

Add digests to container and init container images in Kubernetes pod and pod template specs.

Resolve Image to Digest | Kyverno Image tags are mutable and the change of an image can result in the same tag. This policy resolves the image digest of each image in a container and replaces the image with the fully resolved reference which includes the digest rather than tag.

GitHub - estesp/mquery: Multi-platform (manifest list/OCI index) registry image query utility — github.com Multi-platform (manifest list/OCI index) registry image query utility - GitHub - estesp/mquery: Multi-platform (manifest list/OCI index) registry image query utility

GitHub - mylesagray/tanzu-cluster-gitops — github.com Contribute to mylesagray/tanzu-cluster-gitops development by creating an account on GitHub.

Kind, Keycloak — Securing Kubernetes api server with OIDC | by Charles-Edouard Brétéché | Feb, 2022 | Medium — medium.com Securing Kubernetes control plane can be a challenging task, especially when a company grows and more people come and go to work in a shared Kubernetes cluster. One important tool to setup as early…

Skills

Real world Tekton pipeline - Hashnode — hashnode.com Complete guide to getting started with Tekton

Special Rates for Individuals in Economically Developing Countries

Low cost ACM subscription includes OReilly book subscription

Internals of Go's new fuzzing system — jayconrod.com — jayconrod.com Go 1.18 is coming out soon. It's a huge release, but native fuzzing has a special place in my heart. Not much has been written yet on how Go's fuzzing system actually works, so I'll talk a bit about that here.

Azure Study Map — azurecharts.com

Most studied Azure learning subjects by complexity levels and student roles based on aggregated user vote count

Introducing Amazon CloudWatch Container Insights for Amazon EKS Fargate using AWS Distro for OpenTelemetry | Amazon Web Services — aws.amazon.com Your description for this link...

How to Make Package Signing Useful — blog.chainguard.dev The Case for Farm-to-Table Package SigningThe benefits and limitations of signing an open source package–using a private key to create a unique digital signature–are a surprisingly contentious topic. One of the maintainers associated with the Python Package Index maintainer has a cogent blog post called “Why Package Signing

Shades of DevOps - Related Job titles — www.jedi.be A quick overview of the titles/roles use to related to devops related subject matter experts. I will stick with my definition of devops regardless of job title: Dev(sec)Ops: everything you do to overcome the friction created by silos … All the rest is plain engineering

Scaling Kubernetes to Over 4k Nodes and 200k Pods | by Abdul Qadeer | The PayPal Technology Blog | Jan, 2022 | Medium — medium.com At PayPal, we recently started testing the waters with Kubernetes. A majority of our workloads run on Apache Mesos, and as part of this migration, we needed to understand several performance aspects…

Amazon more than doubles max base pay to $350k for corporate and tech workers, citing labor market - GeekWire — www.geekwire.com Amazon will boost its maximum base pay to $350,000 for corporate and tech employees, from $160,000 previously, as part of an overall increase in total…

A modern toolkit to start working with container images on macOS that meets your needs without requiring Docker Desktop — medium.com Most of us stepped into the containerization world with Docker. So, we’ll always be grateful to Docker for that. But, to be honest, even we’re working with Docker, we know that it is not the only…

CNCF Annual Survey 2021 | Cloud Native Computing Foundation — www.cncf.io Featuring production data and insights from Datadog, New Relic, and SlashData download report View the complete raw data on GitHub Are you a CNCF member with in…

A decade of major cache incidents at Twitter

PodSecurityPolicy is dead. Long live...? | Appvia.io — www.appvia.io PodSecurityPolicy is being deprecated. Find out what replaces it and how to migrate with our online free tool

DSHR's Blog: EE380 Talk — blog.dshr.org I was asked at short notice to fill in for a speaker in Stanford's EE380 course who had to cancel. Below the fold is a hastily updated vers...

The Top 7 Open Source Tools for Securing Your Kubernetes Cluster — mattermost.com This article from the Mattermost community explores how to secure production Kubernetes clusters with the help of open source tools.

OCI Artifacts Explained. Are they real? Kind of! | by Dan Lorenc | Medium — dlorenc.medium.com The OCI (Open Containers Initiative) manages a few specifications and projects related to the storage, distribution, and execution of container images. If you’ve ever run a docker container, you’ve…

CNCF Sees Record Kubernetes and Container Adoption in 2021 Cloud Native Survey | Cloud Native Computing Foundation — www.cncf.io Record number of organizations are using or evaluating Kubernetes as the technology goes mainstream and users start to move up the stack SAN FRANCISCO, Calif.

Falco 0.31.0 a.k.a. "the Gyrfalcon" | Falco

Falco 0.31.0 finally ships with the brand new plugin system 🎉

BeyondCorp is dead, long live BeyondCorp No organization has successfully implemented a fully zero trust architecture. Many proponents of zero trust, including the US government, have ignored device...

Connecting Go Profiling With Tracing · Felix Geisendörfer

Profiling Improvements in Go 1.18

SLOConf - Service Level Objective Conference The first Service Level Objective Conference for Site Reliability Engineers

Detecting a Container Escape with Cilium and eBPF — isovalent.com Learn how to use Isovalent Cilium Enterprise observability to detect container escapes

Prodspec and Annealing | USENIX — www.usenix.org

focus on the state you want to reach. Instead of maintaining step-by-step workflows

IPVS-Based In-Cluster Load Balancing Deep Dive | Kubernetes Author: Jun Du(Huawei), Haibin Xie(Huawei), Wei Liang(Huawei) Editor’s note: this post is part of a series of in-depth articles on what’s new in Kubernetes 1.11 Introduction Per the Kubernetes 1.11 release blog post , we announced that IPVS-Based In-Cluster Service Load Balancing graduates to General Availability. In this blog, we will take you through a deep dive of the feature. What Is IPVS? IPVS (IP Virtual Server) is built on top of the Netfilter and implements transport-layer load balancing as part of the Linux kernel.

Zanzibar Implementations Reviewing the current landscape of Zanzibar implementations.

Crypto, NFTs, and sports betting: Money is now a hobby - Vox — www.vox.com Why (mostly) 20- and 30-something dudes made crypto and sports betting their personality.

Assets

GitHub - sbstp/kubie: A more powerful alternative to kubectx and kubens — github.com A more powerful alternative to kubectx and kubens. Contribute to sbstp/kubie development by creating an account on GitHub.

GitHub - apiaryio/curl-trace-parser: Parser for output from Curl --trace option — github.com Parser for output from Curl --trace option. Contribute to apiaryio/curl-trace-parser development by creating an account on GitHub.

GitHub - ruoshan/autoportforward: Bidirectional port-forwarding for docker, podman and kubernetes — github.com Bidirectional port-forwarding for docker, podman and kubernetes - GitHub - ruoshan/autoportforward: Bidirectional port-forwarding for docker, podman and kubernetes

GitHub - kameshsampath/kluster: Tool to run local k3s clusters backed by multipass vms — github.com Tool to run local k3s clusters backed by multipass vms - GitHub - kameshsampath/kluster: Tool to run local k3s clusters backed by multipass vms

GitHub - anchore/grype: A vulnerability scanner for container images and filesystems — github.com A vulnerability scanner for container images and filesystems - GitHub - anchore/grype: A vulnerability scanner for container images and filesystems

Skills

Comparing kube-proxy modes: iptables or IPVS?

Performance Comparison

What is MicroK8s? K3s, Kind, Minikube, VM's with Kubespray... why MicroK8s? What makes it interesting and unique to me? In this video, I'll show off three killer features that...

CORS is not meant to secure an API endpoint A few days ago I came across this article. The author shows how to access a Drupal system in the backend with a Vue.js app. For authentication he uses an API key - and I find that dangerous. Here's why.

HTTP/3: Everything you need to know about the next-generation web protocol | The Daily Swig — portswigger.net QUIC march

Kubernetes and Checkpoint Restore - Adrian Reber, Red Hat — www.youtube.com https://youtu.be/0RUDoTi-Lw4

From AWS Lambda & API Gateway To Knative & Kong API Gateway | Blog — www.pmbanugo.me How to build a serverless function API using Knative, Kong, and kazi

Introducing the ApplicationSet Controller for Argo CD | by Jonathan West | Argo Project — blog.argoproj.io I am excited to announce the first release of the Argo CD ApplicationSet controller, v0.1.0, releasing now alongside Argo CD v2.0! Unlike with an Argo CD Application resource, which deploys resources…

Kernel Community | Kernel — kernel.community A peer-to-peer, lifelong learning community of the most talented individuals in web3

The Work of Edward Tufte and Graphics Press — www.edwardtufte.com Edward Tufte home page for books, posters, sculpture, fine art and one-day course: Presenting Data and Information

This week I started streaming videos on TwitchTV, YouTube, and Twitter about Kubernetes and Knative. The goal is to help others learn about Cloud Native and Open Source. Please let me know if you like the videos.

News

Argo CD v2.3 release candidate. The next Argo CD release is around the… | by Alexander Matyushentsev | Feb, 2022 | Argo Project — blog.argoproj.io The next Argo CD release is around the corner. During the last three months, Argo CD got 200+ commits from the 71 contributors. We worked hard to improve the usability of core Argo CD features…

Safeguard your containers with new container signing capability in GitHub Actions | The GitHub Blog — github.blog GitHub has partnered with the OpenSSF and Project Sigstore to add container image signing to our default “Publish Docker Container” workflow, giving your users confidence that the container images they got from their container registry was the trusted code that you built and published.

Malicious Kubernetes Helm Charts can be used to steal sensitive information from Argo CD deployments — apiiro.com Apiiro's Security Research team has discovered a major vulnerability in Argo CD platform (CVE-2022-24348).

More ways to keep your pull request branch up-to-date | GitHub Changelog — github.blog More ways to keep your pull request branch up-to-date

Quirrel is acquired! And I am joining Netlify - DEV Community — dev.to I am very happy to announce that Quirrel was acquired by Netlify, and I am joining as a software... Tagged with quirrel, netlify, jamstack.

Google and Microsoft back the Alpha-Omega Project to bolster software supply chain | VentureBeat — venturebeat.com The Open Source Security Foundation has launched the Alpha-Omega Project to help secure the software supply chain.

Principles for Designing and Deploying Scalable Applications on Kubernetes — elastisys.com 15 principles for how to design and deploy cloud native applications on Kubernetes - for scalability, observability, automation & security.

Google Cloud launches dedicated Digital Asset Team | Google Cloud Blog Google Cloud launches a new, dedicated Digital Assets Team to help underpin the blockchain ecosystems of the future. Whether you're implementing blockchain strategies or blockchain-native, you can rely on Google Cloud’s scalable, secure, and sustainable infrastructure.

The State of the Octoverse | The State of the Octoverse explores a year of change with new deep dives into writing code faster, creating documentation and how we build sustainable communities on GitHub. — octoverse.github.com Octoverse Report

How Citi is building the secure software factory with Sigstore and Tekton — blog.chainguard.dev

Securing the software supply chain is of paramount importance to the tech industry today.

Supply Chain Security Is Not a Problem…It’s a Predicament | Threatpost — threatpost.com Despite what security vendors might say, there is no way to comprehensively solve our supply-chain security challenges, posits JupiterOne CISO Sounil Yu. We can only manage them.

CNCF Archives the OpenTracing Project | Cloud Native Computing Foundation — www.cncf.io CNCF announced today that the Technical Oversight Committee (TOC) has approved the archiving of the OpenTracing project. Archived projects are fairly rare but a…

Major vulnerability found in open source dev tool for Kubernetes | VentureBeat — venturebeat.com A zero day vulnerability with a "high" severity rating affects Argo CD, an open source developer tool for Kubernetes, Apiiro researchers said.

January 2022 Update | Flux New Flux and Flagger releases bring more security, terraform-controller team wants feedback, Flux articles and docs, upcoming Flux events helping you get started and more.

New Open-Source Multi-Cloud Asset to build SaaS - DEV Community Development and automated deployment of SaaS for multiple tenants, using Red Hat OpenShift/Kubernetes and DevSecOps. Tagged with saas, development, devops, cloudnative.

Mark Chmarny | Twitter follower status monitoring made easy using TweeThingz few longer thoughts,
because every once in a while
140 characters is just not enough

Assets

GitHub - AdminTurnedDevOps/Terraform-The-Hard-Way — github.com

The most efficient way to learn Terraform for beginners and intermediate practitioners

GitHub - firecracker-microvm/firecracker: Secure and fast microVMs for serverless computing. — github.com Secure and fast microVMs for serverless computing. - GitHub - firecracker-microvm/firecracker: Secure and fast microVMs for serverless computing.

GitHub - kotalco/kotal: Kubernetes Blockchain Operator — github.com Kubernetes Blockchain Operator. Contribute to kotalco/kotal development by creating an account on GitHub.

HOUDINI: Hundreds of Offensive and Useful Docker Images for Network Intrusion HOUDINI (Hundreds of Offensive and Useful Docker Images for Network Intrusion) is a curated list of Network Security related Docker Images for Network Intrusion purposes.

GitHub - kubeshop/monokle: 🧐 Monokle is your K8s best friend for creating, validating, debugging and managing manifests! 🚀 — github.com

🧐 Monokle is your K8s best friend for creating, validating, debugging and managing manifests! 🚀 -

GitHub - direktiv/vorteil: turn your applications and containers into micro virtual machines — github.com turn your applications and containers into micro virtual machines - GitHub - direktiv/vorteil: turn your applications and containers into micro virtual machines

Create fast, easy, and repeatable containers with Podman and shell scripts | Enable Sysadmin — www.redhat.com Get started with containers in a fast, repeatable way through the familiar shell scripting interface.

GitHub - weaveworks/flintlock: Lock, Stock, and Two Smoking MicroVMs. Create and manage the lifecycle of MicroVMs backed by containerd. — github.com

Lock, Stock, and Two Smoking MicroVMs. Create and manage the lifecycle of MicroVMs backed by containerd.

GitHub - hamidgholami/k8s-lab: Kubernetes Labratory — github.com Kubernetes Labratory. Contribute to hamidgholami/k8s-lab development by creating an account on GitHub.

Skills

Performance Reviews for Software Developers – How I Do Them In a (Hopefully) Fair Way - The Pragmatic Engineer — blog.pragmaticengineer.com Note: if you're just looking for performance review templates and examples, head to the templates page to download them. I've had about a dozen performance reviews during my decade-long software engineering career. Some of them were unmemorable, some okay, but a good chunk of them were just... plain bad. Often,

OpenShift Commons Gathering on GitOps - Feb 09 | Hopin Get tickets to OpenShift Commons Gathering on GitOps, taking place 02/09/2022. Hopin is your source for engaging events and experiences.

Level up your Go Presentations. What is present? Present is used to… | by Drashti Ved | Medium — medium.com A mini guide to use Present tools for your next Golang presentation

FOSDEM 2022: Golang JSON Serialization - The Fine Print — github.com

Executing Remote Commands with Pulumi | Pulumi Blog — www.pulumi.com In this article, we deploy k3s and use the Command package to retrieve our kubeconfig from the virtual-machine and create a Kubernetes provider

Ep. #110 Supply Chain Security | DevSecCon Supply chain security is a multifaceted, complex, and currently unsolved problem, and Jonathan Meadows is determined to change that!

What is OpenShift CPU throttling? Turbonomic to the Rescue! — openshifttipsandtricks.blogspot.com Your description for this link...

Rakesh Jain on Twitter: "Linux Diagnostics and Troubleshooting Series - Managing Kernel Modules! " — twitter.com Your description for this link...

Setting up an raspberrypi4 k3s-cluster with nfs persistent-storage | by Michael Tissen | Medium — michael-tissen.medium.com There are not many options to add persistent-storage to a k3s raspberry cluster. I will present you a relative simple and powerfull method with the nfs-client-provisioner. I’ve created a folder named…

Kubernetes kOps: Step-By-Step Example & Alternatives - Kubecost Blog Learn the features and functionality of Kubernetes kOps, explore its alternatives, and follow step-by-step instructions to implement it.

Everything Public Key Infrastructure (PKI) - The Missing Manual | Smallstep Blog — smallstep.com Everything you should know about certificates and public key infrastructure (PKI) but are too afraid to ask.

Kubernetes cluster security assessment with kube-bench and kube-hunter – Flant blog — blog.flant.com Your description for this link...

This weekend I finally ran some ethernet cable to by new office upstairs to get a 10x internet performance boost. My wife said if I go up and down the stairs to get snacks I have a better chance to lose some belly fat :-)

This weekend I saw the terrible news that a person admired by the developer community was in a terrible car accident. Kent C. Dodds is alive to tell us what happened. Hug your loved ones.

PS: Follow me on Twitter 🙏

News

OpenShift on Raspberry Pi 4? – Open Sourcerers — www.opensourcerers.org

Almost! We run MicroShift on a Raspberry Pi4. MicroShift is an experimental flavour of OpenShift/Kubernetes optimized for the device edge.

v1.2 release - Knative — knative.dev Knative v1.2 release announcement

CVE-2022-0185 in Linux Kernel Can Allow Container Escape in Kubernetes A high-severity CVE was released that affects the Linux kernel, allowing unprivileged users to escalate those rights to root and escape from the container

Announcing 100% Cloud Service Coverage for Crossplane Crossplane now has 100% coverage for major cloud services with the new providers: provider-jet-aws, provider-jet-azure, and provider-jet-gcp. To create new providers like these, we are introducing Terrajet, a code generation pipeline for creating Crossplane providers.

Linux system service bug gives root on all major distros, exploit released — www.bleepingcomputer.com A vulnerability in Polkit's pkexec component identified as CVE-2021-4034 (PwnKit) is present in the default configuration of all major Linux distributions and can be exploited to gain full root privileges on the system, researchers warn today.

How eBPF will solve Service Mesh - Goodbye Sidecars — isovalent.com eBPF Service Mesh - How we can build an eBPF-based service mesh in the kernel to replace the complex sidecar model

Stop using static cloud credentials in GitHub Actions | lbr. Engineering, DevOps & Cloud Computing

Event-Driven applications with CloudEvents on Kubernetes – Salaboy (Open Source Knowledge) — salaboy.com

This week I've spent time writing this tutorial and examples that contain the building blocks that I will use to build a larger example.

New sync and diff strategies in ArgoCD | by Leonardo Luz | Jan, 2022 | Argo Project — blog.argoproj.io ArgoCD 2.3 will be shipping with a new experimental sync option that will verify diffing customizations while preparing the patch to be applied in the cluster. It also includes a new diff strategy…

GitHub - devtron-labs/devtron: Web based CI/CD Platform for Kubernetes — github.com Web based CI/CD Platform for Kubernetes. Contribute to devtron-labs/devtron development by creating an account on GitHub.

FOSDEM 2022 - Schedule — fosdem.org Every year, FOSDEM hosts a wide variety of activities. This page gives an overview with links to further information about scheduled events. All times CET (UTC+1).

Rancher Desktop 1.0.0 Has Arrived | SUSE Communities — www.suse.com

We are happy to announce the 1.0.0 release of Rancher Desktop. This release has been months in the making since development on Rancher Desktop began.

Kubernetes architecture: How to use hierarchical namespaces for multiple tenants | Enable Architect — www.redhat.com Hierarchical namespaces make it easier to manage individual tenants' permissions and capabilities in a multi-tenant Kuberentes architecture.

Parca - Open Source infrastructure-wide continuous profiling | Parca Open Source infrastructure-wide continuous profiling

WTF is Chainguard ? Chainguard is a 3-month start up in the software supply chain security industry. The mission of Chainguard is to make the software lifecycle secure by default. Sounds kinda vague. Do you have a product?No. Not yet. We have some exciting ideas though, and are working on them right now!

Researchers use GPU fingerprinting to track users online — www.bleepingcomputer.com A team of researchers from French, Israeli, and Australian universities has explored the possibility of using people's GPUs to create unique fingerprints and use them for persistent web tracking.

Reasons for servers to support IPv6 Reasons for servers to support IPv6

The ROAD to SRE. There are many ways to introduce Site… | by Bruce Dominguez | Dec, 2021 | Medium — medium.com There are many ways to introduce Site Reliability Engineering practices to your organisation, but it can be confusing where you should start. Do you start with introducing Service Level Objectives…

Two reasons Kubernetes is so complex • Buttondown — buttondown.email Preface Hello friends! It’s been a while. I’ve been finding it very hard to write while holding up a full-time job, and I’ve also been dealing with some very...

Tracing the path of network traffic in Kubernetes — learnk8s.io Learn how packets flow inside and outside a Kubernetes cluster. Starting from the initial web request and down to the container hosting the application

Kubernetes Scaling, Capacity and Resource Planning in Complex Clusters | by Nick Gibbon | Pareture | Medium — medium.com An intermediate take on Kubernetes various elements of scaling, capacity and resource planning after some pain and confusion over a few years. My experience is that of a Kubernetes Cluster and…

Kickstarting AI for Code: Introducing IBM’s Project CodeNet | IBM Research Blog — research.ibm.com Project CodeNet is a large dataset aimed at teaching AI to code.

Everything about super tokens - an open source alternative to Auth0, Firebase Auth, and AWS Cognito. - Ankur Tyagi — theankurtyagi.com Super Tokens An Open Source User Auth Quick to implement and easy to customize

Sigstore ❤ Ruby! - sigstore — blog.sigstore.dev We started the Sigstore project with a goal of making key management, certificates, and digital signatures accessible and easy to use for…

Engineering | GitLab — about.gitlab.com

GitLab is an open-source company that everything is public. Here is their engineering handbook

Making the case for Kubernetes operators — practicalkubernetes.blogspot.com Your description for this link...

Open Source Kubernetes Virtual Cluster Project vcluster Now Runs on k0s | Business Wire — www.businesswire.com vcluster is now available to spin up virtual clusters with k0s.

How can you tell if the company you’re interviewing with is rotten on the inside? – charity.wtf — charity.wtf

How can you tell the companies who are earnestly trying to improve apart from the ones who sound all polished and healthy from the outside, whilst rotting on the inside?

December Tailscale newsletter · Tailscale — tailscale.com December brought fascinating community contributions, including How To Get Tailscale Working With a Fire TV Stick and how to use Tailscale for SSH access to ‘LAN’ locked machines.

AWS open source news and updates, #97 - DEV Community Jan 22nd, 2022 - Instalment #97 Newsletter #97. Welcome to another edition of the AWS... Tagged with opensource, aws.

Understanding DisplayLink, multiple displays, and M1 Macs – Daniel Compton

Geek out about connecting Monitors to your new Mac

An alternative Docker installation with Multipass on macOS without using Docker for Mac | Niklas Metje Last week I received an email from the Docker Team which said that Docker for Mac (the software which also comes with a GUI) will be forbidden for commercial…

A guide to Web3 for Web2 frontend devs — Dhaiwat Pandya — mirror.xyz With all the hype around, web3 can be overwhelming if you’re looking to get started. Luckily if you are a frontend dev coming from web2, you already have most of the skills you need to get started in web3. I can say this because I come from a web2 frontend background myself and I made the move to web3 last year. I now work full-time in web3.

Assets

GitHub - lukehinds/sigstore-the-hard-way: sigstore the hard way! — github.com sigstore the hard way! Contribute to lukehinds/sigstore-the-hard-way development by creating an account on GitHub.

Hurricane Electric Free IPv6 Tunnel Broker

Get a free tunnel to your internal IPv6 addresses

GitHub - amplication/amplication: — github.com

Amplication is an open‑source development tool. It helps you develop quality Node.js applications without spending time on repetitive coding tasks. - GitHub -

GitHub - fleetbase/storefront-app: — github.com

Storefront by Fleetbase is an open source hyperlocal shopping or services app. Enables users to quickly launch their own shop or service booking app or setup a multi-vendor marketplace. -

GitHub - opencontainers/artwork: OCI artwork and logos — github.com OCI artwork and logos. Contribute to opencontainers/artwork development by creating an account on GitHub.

Everything you need to know about monorepos, and the tools to build them. — monorepo.tools Everything you need to know about monorepos, and the tools to build them.

Collection: Pixel Art Tools · GitHub — github.com GitHub is where people build software. More than 73 million people use GitHub to discover, fork, and contribute to over 200 million projects.

weekly.tf | Revue — weekly.tf weekly.tf - Terraform Weekly...

How To Build Docker Image In Kubernetes Pod Using Kaniko — devopscube.com This beginner's guide focuses on step by step process of setting up Docker image build in Kubernetes pod using Kaniko image builder.

Release v0.13.0 · marcosnils/bin · GitHub — github.com Effortless binary manager. Contribute to marcosnils/bin development by creating an account on GitHub.

Lit Simple. Fast. Web Components.

Skills

How Docker Desktop Networking Works Under the Hood - Docker Blog — www.docker.com Learn from Docker experts to simplify and advance your app development and management with Docker. Stay up to date on Docker events and new version announcements!

Solo Events and Webinars — www.solo.io

[PUBLIC] The Art of SLOs – Participant Handbook - Google Docs — docs.google.com

Practical Guide to calculate SLOs

#437: A Day in the Life of an SA - AWS Podcast | Podcast on Spotify — open.spotify.com

Listen to this episode from AWS Podcast on Spotify. What does a day in the life of a Solution Architect look like at AWS? Simon speaks with four SA’s from around the globe to discuss

Junior Developers by The Alan Barr Show

"The average tenure of software engineers in small companies is only 1.5 years, where it’s 2.3 years for large companies." - Why Programmers Shouldn't Stay in One Company for a long time.

Kubernetes 1.23 - What's new? - New features and deprecations — sysdig.com Kubernetes 1.23 brings 50 enhancement, including improved support for OpenAPI v3, a new kubectl events command. Discover more!

I did minor updates to my site; I added a page for all my Cloud Native learning resources https://www.santana.dev/learn.

I also updated the Kubernetes Book Club roadmap https://www.santana.dev/book-club.

My two highlights are the Kubernetes Documentary on youtube and microshift from Red Hat to get openshift running on Raspberry Pi.

News

Introducing MicroShift - Red Hat Emerging Technologies — next.redhat.com MicroShift has been specifically designed for edge computing use cases, with a goal of fitting in the limited storage capacity of field-deployed devices that can be embedded into a variety of appliances such as cars, factory lines, airplanes or even satellites.

Over 90 WordPress themes, plugins backdoored in supply chain attack — www.bleepingcomputer.com A massive supply chain attack compromised 93 WordPress themes and plugins to contain a backdoor, giving threat-actors full access to websites.

Kubernetes Home Lab Home lab using Intel NUC and Raspberry Pi running Kubernetes, K3S, Knative

Scaling Kubernetes to Over 4k Nodes and 200k Pods | by Abdul Qadeer | The PayPal Technology Blog | Jan, 2022 | Medium — medium.com At PayPal, we recently started testing the waters with Kubernetes. A majority of our workloads run on Apache Mesos, and as part of this migration, we needed to understand several performance aspects…

Inside Amazon’s Graviton3 Arm Server Processor — www.nextplatform.com The Graviton family of Arm server chips designed by the Annapurna Labs division of Amazon Web Services is arguably the highest volume Arm server chips the

SUSE releases NeuVector, the industry’s first open source container security platform | SUSE Communities — www.suse.com Today, we are pleased to announce that the NeuVector codebase is now available to the open source community on GitHub. The work to fully open source a formerly proprietary technology is a testament to SUSE’s open-source culture and our commitment to deliver open, interoperable and innovative solutions to our partners and customers. With this release, …

Third-Party Software for Teslas Can Be Hacked, German Teen Says - Bloomberg — www.bloomberg.com A 19-year-old said he’s found flaws in a piece of third-party software that appears to be used by a relatively small number of owners of Tesla Inc. cars that could allow hackers to remotely control some of the vehicles’ functions.

Our Cloud Native Journey to Red Hat OpenShift Using Quarkus — medium.com Once you have a hypothesis and some spare time, what do you do? You perform an experiment! That is exactly what our Go To Markets — Assets and Architecture team did. Throughout this blog series…

Spin up a Ubuntu VM using Pulumi and libvirt | Dustin Specker — dustinspecker.com Pulumi is an Infrastructure as Code (IaC) tool that supports using Go, .Net, Python, and TypeScript/JavaScript. Libvirt is a tool for managing virtual machines (VM). Typically, teams use Pulumi with different cloud providers, but we can leverage libvirt to manage virtual machines on bare-metal servers, perfect for a homelab.

Kubernetes Nodes - The Complete Guide | Komodor — komodor.com Learn about Kubernetes node components, status, best practices for running nodes in a cluster, and common errors.

Kubernetes API Basics - Resources, Kinds, and Objects — iximiuz.com The article explains the most fundamental concepts of the Kubernetes API - Resources, API Groups, Kinds, and Objects - preparing the reader to the first access of the API from code.

Securing Admission Controllers | Kubernetes — kubernetes.io

Author: Rory McCune (Aqua Security) Admission control is a key part of Kubernetes security, alongside authentication and authorization. Webhook admission controllers

Orca Security Discovers AWS Glue Vulnerability - Orca Security — orca.security Orca's Research Team discovered a critical vulnerability that could allow an actor to create resources and access data of AWS Glue customers.

Goodbye Dockerfiles: Build Secure & Optimised Node.js Container Images with Cloud Native Buildpacks | Blog — www.pmbanugo.me Learn how to secure container images using Cloud Native Buildpacks

Monitoring new syscalls with Falco | Falco Falco is currently the de facto standard for runtime threat detection in Kubernetes environments. The project is growing at a very fast pace, and so is its open source community. The role of Falco is to collect all the system events of a cluster and send some kind of alert whenever suspicious behavior is detected. Among the other data sources supported, system calls are the core kind of events monitored by Falco.

Remix vs Next.js | Remix — remix.run An objective comparison between Remix and Next.js

Assets

GitHub - up9inc/mizu: API traffic viewer for Kubernetes enabling you to view all API communication between microservices. — github.com API traffic viewer for Kubernetes enabling you to view all API communication between microservices. Think TCPDump and Wireshark re-invented for Kubernetes - GitHub - up9inc/mizu: API traffic viewer for Kubernetes enabling you to view all API communication between microservices. Think TCPDump and Wireshark re-invented for Kubernetes

GitHub - tohjustin/kube-lineage: A CLI tool to display all dependencies or dependents of an object in a Kubernetes cluster. — github.com A CLI tool to display all dependencies or dependents of an object in a Kubernetes cluster. - GitHub - tohjustin/kube-lineage: A CLI tool to display all dependencies or dependents of an object in a Kubernetes cluster.

CodeZero - Visual Studio Marketplace — marketplace.visualstudio.com

Extension for Visual Studio Code - CodeZero extension for VS Code

CodeZero is a modern development platform for Kubernetes

GitHub - asobti/kube-monkey: An implementation of Netflix's Chaos Monkey for Kubernetes clusters — github.com An implementation of Netflix's Chaos Monkey for Kubernetes clusters - GitHub - asobti/kube-monkey: An implementation of Netflix's Chaos Monkey for Kubernetes clusters

GitHub - sagittaros/terraform-k3s-private-cloud: Private cluster with k3s. Why have 1 huge complicated cluster (pet) when you can have many simple, cheap clusters (cattle)? — github.com Private cluster with k3s. Why have 1 huge complicated cluster (pet) when you can have many simple, cheap clusters (cattle)? - GitHub - sagittaros/terraform-k3s-private-cloud: Private cluster with k3s. Why have 1 huge complicated cluster (pet) when you can have many simple, cheap clusters (cattle)?

GitHub - vercel/micro: Asynchronous HTTP microservices — github.com Asynchronous HTTP microservices. Contribute to vercel/micro development by creating an account on GitHub.

GitHub - jedi4ever/bashpack: turns nodejs projects into a single executable bash file — github.com turns nodejs projects into a single executable bash file - GitHub - jedi4ever/bashpack: turns nodejs projects into a single executable bash file

Create powerful apps and websites, without code. — www.glideapps.com Turn spreadsheets into powerful apps & websites, without writing any code. Pick a spreadsheet or start with a template, customize your app, then share it instantly with anyone. Start today for free!

Terraform Pull Request Automation | Atlantis Atlantis: Terraform Pull Request Automation

Home | asdf Manage multiple runtime versions with a single CLI tool

Skills

A Deep Dive into Kubernetes External Traffic Policies — Andrew Sy Kim — www.asykim.com Based on recent discussions, I’ve noticed some confusion around external traffic policies for Kubernetes Services. This is not surprising given there’s a lot of context around this feature that can only be found by digging through many Github issues and pull requests. In this post I'll try to do a deep dive into this feature to clarify some of the important assumptions that may not be clear in the API or the documentation.

Episode 17 w/ Brian LeRoux: The Case for a Local Dev Experience in Serverless, Architect and Begin.com, and Making Sense of the Web Today – AWS FM — aws.fm Brian joins Adam to discuss his belief that we shouldn't forego a local dev experience when building cloud-native apps, his experiences building frameworks and products like arc.codes and Begin.com, and an honest evaluation of where we're at with the web in 2021.

DevOps Roadmap: Learn to become a DevOps Engineer or SRE — roadmap.sh Community driven, articles, resources, guides, interview questions, quizzes for DevOps. Learn to become a modern DevOps engineer by following the steps, skills, resources and guides listed in this roadmap.

Follow me on Twitter https://twitter.com/csantanapr

I restarted the Kubernetes Book Club for 2022

"We may have all come on different ships, but we're in the same boat now."

A quote from Dr. Martin Luther King Jr.

News

Readout of White House Meeting on Software Security | The White House — www.whitehouse.gov Today, the White House convened government and private sector stakeholders to discuss initiatives to improve the security of open source software and ways

55 of Dr. Martin Luther King Jr.'s Most Inspiring Motivational Quotes  — parade.com Be inspired by 55 of Martin Luther King Jr.'s quotes, ranging from his famous MLK sayings about equality, faith and love, to MLK quotes about peaceful protests.

What an SBOM Can Do for You — blog.chainguard.dev By now, it is common knowledge that a Software Bill of Materials is becoming an increasingly expected requirement from software releases, yet here still seems that some confusion persists about what an SBOM can/could do for your project.

How to learn PromQL with Prometheus Playground — iximiuz.com How to setup Prometheus playground. How to learn PromQL running example queries? How to prefill Prometheus with metric data?

Top 10 Linux security tutorials for sysadmins from 2021 | Enable Sysadmin — www.redhat.com Even as the world changes around us, the importance of IT security is one of the things that stands firm.

10 real-world stories of how we’ve compromised CI/CD pipelines – NCC Group Research — research.nccgroup.com Mainstream appreciation for cyberattacks targeting continuous integration and continuous delivery/continuous deployment (CI/CD) pipelines has been gaining momentum. Attackers and defenders increasingly understand that build pipelines are highly-privileged targets with a substantial attack surface. But what are the potential weak points in a CI/CD pipeline? What does this type of attack look like in practice? NCC…

Google Online Security Blog: Introducing SLSA, an End-to-End Framework for Supply Chain Integrity — security.googleblog.com Posted Kim Lewandowski, Google Open Source Security Team & Mark Lodato, Binary Authorization for Borg Team  Supply chain integrity attacks—u...

Running MongoDB in Kubernetes: An overview of existing solutions – Flant blog — blog.flant.com Here are the challenges of using MongoDB in Kubernetes and the options we have to overcome them including ready-to-use Helm charts and Kubernetes operators.

Give me /events, not webhooks - Sequin Webhooks come with some challenges. We prefer polling an /events endpoint instead when possible.

What I'd like to see in Go 2.0 | Seth Vargo — www.sethvargo.com Audit logs are very useful for retroactive analysis following a security incident, but what if they could also be used to proactively alert before a security incident occurs?

How To Call Kubernetes API using Simple HTTP Client — iximiuz.com There are plenty of reasons to call the Kubernetes API using a CLI or GUI HTTP client. This article will show you how to get the API server address, authenticate requests using certificates and Service Account tokens, and call the API using kubectl in the raw mode.

Using Event-Driven Architecture With Microservices - DevOps.com — devops.com To optimize business applications, DevOps teams must understand the full potential of microservices and event-driven architecture.

Unveil the Secret Ingredients of Continuous Delivery at Enterprise Scale with Argo CD - Yuan's Blog This is a recap from our KubeCon China 2021 talk. If you are interested in learning more about Argo or Akuity’s products and services, you can find all our past and upcoming conference talks on our website.

Tracing the path of network traffic in Kubernetes — learnk8s.io Learn how packets flow inside and outside a Kubernetes cluster. Starting from the initial web request and down to the container hosting the application

CoSign with Kubernetes: Ensure integrity of images before deployment — blog.rewanthtammana.com Notary vs CoSign? Is CoSign a good alternative? Can we automate keys & signature rotation?

Looking Ahead to Kubernetes 1.24 | Jetstack Blog — www.jetstack.io Kubernetes 1.24 is scheduled for release on Tuesday 19th April 2022, but some of us are already deep in the planning and work for it.

How to Pass your KCNA Exam. The CNCF has just launched the new… | by Brad McCoy | Nov, 2021 | Medium — blog.bradmccoy.io The CNCF has just launched the new Kubernetes and Cloud Native Associate Exam also known as the KCNA. I was one of the first 400 people to go through the Beta exam which contained the full suite of…

AWS open source news and updates, #95 - DEV Community Jan 10th, 2022 - Instalment #95 Newsletter #95. Feliz Ano and a very happy new year to... Tagged with opensource, aws.

Run a Google Kubernetes Engine Cluster for Under $25/Month – The New Stack — thenewstack.io This article will demonstrate a solution (available on GitHub) for running a full-blown GKE cluster on Google Cloud with a goal to keep the costs under $1 per day.

Making Open Source software safer and more secure — blog.google We welcomed the opportunity to participate in the White House Open Source Software Security Summit today.

Kubernetes Threat Modeling. Every security team has to deal with… | by Rahul Jadhav | Medium — medium.com Answering this is non-trivial, and involves understanding the threat vectors faced by the services. To understand threat vectors one needs an understanding of how the services works, what…

Open Startup | cal.com — cal.com The term "Open Startup" is not new, but still fairly niche. There are Open Startups with millions in revenue, yet only a tiny percentage of Startups today fall into the category.

Assets

kube-rs · GitHub — github.com rust kubernetes client and controller runtime. kube-rs has 6 repositories available. Follow their code on GitHub.

Distrobox | Use any linux distribution inside your terminal Use any linux distribution inside your terminal

GitHub - developer-guy/buildkit-machine: A proof-of-concept project that makes accessible buildkitd daemon from macOS — github.com A proof-of-concept project that makes accessible buildkitd daemon from macOS - GitHub - developer-guy/buildkit-machine: A proof-of-concept project that makes accessible buildkitd daemon from macOS

Coder · GitHub — github.com Developer workspaces on your infrastructure. Coder has 51 repositories available. Follow their code on GitHub.

Taking the bite out of x509 certificates with the step CLI Parsing, generating and troubleshooting certificates is critical skill in developing web services. Certificates establish trust on the web (e.g that indeed the company Google is serving you content when you go to www.google.com) and to encrypt traffic once trust is established using TLS.

GitHub - ory/hydra: OpenID Certified™ OpenID Connect and OAuth Provider written in Go — github.com OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Works with Hardware Security Modules. Compatible with MITREid. - GitHub - ory/hydra: OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Works with Hardware Security Modules. Compatible with MITREid.

GitHub - vladimirvivien/ktop: A top-like tool for your Kubernetes clusters — github.com A top-like tool for your Kubernetes clusters. Contribute to vladimirvivien/ktop development by creating an account on GitHub.

Kubernetes instance calculator — learnk8s.io Explore the best instance types for your Kubernetes cluster interactively.

3 Musketeers — 3musketeers.io Test, build, and deploy your apps from anywhere, the same way!

GitHub - nsmith5/rekor-sidekick: 🔍 Rekor transparency log monitoring and alerting — github.com 🔍 Rekor transparency log monitoring and alerting. Contribute to nsmith5/rekor-sidekick development by creating an account on GitHub.

GitHub - kubeshop/kusk: Kusk makes your OpenAPI definition the source of truth for API resources in your cluster — github.com Kusk makes your OpenAPI definition the source of truth for API resources in your cluster - GitHub - kubeshop/kusk: Kusk makes your OpenAPI definition the source of truth for API resources in your cluster

GitHub - jucardi/go-streams: Stream Collections for Go. Inspired in Java 8 Streams and .NET Linq — github.com Stream Collections for Go. Inspired in Java 8 Streams and .NET Linq - GitHub - jucardi/go-streams: Stream Collections for Go. Inspired in Java 8 Streams and .NET Linq

snappify — snappify.io Snappify helps you to create beautiful code snippets with ease.

GitHub - developer-guy/setup-krew: 📦🚀 A GitHub Action to install 👇 https://github.com/kubernetes-sigs/krew — github.com 📦🚀 A GitHub Action to install 👇 https://github.com/kubernetes-sigs/krew - GitHub - developer-guy/setup-krew: 📦🚀 A GitHub Action to install 👇 https://github.com/kubernetes-sigs/krew

Skills

Cosign Image Signing In AWS CodePipeline In this post we are going to show you how to integrate sigstore’s Cosign with AWS CodePipeline.

AWS SSM: Do you really need SSH? How to connect to EC2 using Session Manager — graystum.com Do you really need SSH? Maybe not!

GitHub - ossu/computer-science: Path to a free self-taught education in Computer Science! — github.com :mortar_board: Path to a free self-taught education in Computer Science! - GitHub - ossu/computer-science: Path to a free self-taught education in Computer Science!

Everything Useful I Know About kubectl

I am a blogv

I Took 20 LinkedIn Skill Assessments So You Don't Have To — www.linkedin.com I was updating my LinkedIn profile and saw a notification to take a skills assessment for Python. Sure, I know python, or so I thought.

API Tokens: A Tedious Survey · Fly — fly.io News, tips, and tricks from the team at Fly

Configure Liveness, Readiness and Startup Probes | Kubernetes — kubernetes.io This page shows how to configure liveness, readiness and startup probes for containers. The kubelet uses liveness probes to know when to restart a container. For example, liveness probes could catch a deadlock, where an application is running, but unable to make progress. Restarting a container in such a state can help to make the application more available despite bugs. The kubelet uses readiness probes to know when a container is ready to start accepting traffic.

This newsletter issue comes packed with all resources from the last three weeks. I took a break and I hope you too.

I wish you an excellent start on all your 2022 goals.

I have been more active on Twitter lately; if you are not already, please  follow me on Twitter

PS: I want to share the news that  I got accepted as a shadow for the Kubernetes v1.24 Release Team 🎉

News

2022: The year of software supply chain security | InfoWorld — www.infoworld.com Strengthening the software supply chain must be priority No. 1 in the new year. Here are three areas to focus on.

Secure your Kubernetes deployments with eBPF | Red Hat Developer — developers.redhat.com Learn how to use eBPF and the Security Profiles Operator to automatically generate seccomp profiles, a Linux kernel security feature for Kubernetes.

Skaffold book review — www.santana.dev Skaffold book review, Effortless Cloud-Native App Development Using Skaffold.

​​BumbleBee: Build, Ship, Run eBPF tools - Solo.io — www.solo.io Today we are thrilled to announce BumbleBee, an open-source project focused on simplifying the user experience around building eBPF tools. BumbleBee helps

Manage Kubernetes Admission Webhook's certificates with cert-manager CA Injector and Vault PKI — medium.com · ⛵️ Kubernetes Admission Controllers · 📝 cert-manager and CA Injector · 🔐 Vault PKI (Public Key Infrastructure) · 💻 Installation · 👀 How to monitor certificates? · ✨ How to accomplish…

COSSI: $100M+ Revenue Commercial Open-Source Software (COSS) Company Index

Introducing Grafana University: our virtual hands-on education platform that's free and easy to use | Grafana Labs — grafana.com Get realistic, hands-on experience with Grafana technologies and products with free online classes that can be consumed anytime and anywhere.

Kubernetes security will have a breakout year in 2022 | VentureBeat — venturebeat.com Kubernetes security will take another big leap in 2022, as companies focus on cloud-native, container-based approaches to app development.

GitOps on Kubernetes: Deciding Between Argo CD and Flux – The New Stack — thenewstack.io There are many ways to build out application CI/CD pipelines in Kubernetes, but in this article we are going to focus on Flux and Argo CD.

Defining the web3 stack — edgeandnode.com Want to build on web3? Nader Dabit identifies the building blocks of the web3 technology stack in an introductory guide.

How eBPF will solve Service Mesh - Goodbye Sidecars — isovalent.com eBPF Service Mesh - How we can build an eBPF-based service mesh in the kernel to replace the complex sidecar model

Comparing Kubernetes Security Frameworks and Guidance | ARMO — www.armosec.io Comparing popular Kubernetes security and compliance frameworks, how they differ, when to use, common goals, and suggested tools

Improve supply chain security with GitHub actions, Cosign, Kyverno and other open source tools This article discusses about improving supply chain security of containers and kuberentes using GitHub actions, Cosign, Kyverno and other open source tools

On The State Of Continuous Profiling | by Michael Hausenblas | Dec, 2021 | Medium — o11y.engineering Continuous profiling background and open source offerings: Parca, Pixie, and Pyroscope.

Cybersecurity and the Curse of Binary Thinking

Working in information/cybersecurity and technology risk is a fascinating and challenging career, as I’ve covered here. There is, mostly, a great spirit of sharing and collaboration among security professionals. However, I’ve observed one disturbing and growing trend in the past few years that might be characterized as a curse of binary thinking. By this I mean the assertion that if something isn’t perfect then it must be terrible…

Kubernetes SDKs from the Pulumiverse | Pulumi Blog — www.pulumi.com In this article, we look at a new repository published on the Pulumiverse that delivers rich Kubernetes SDKs for popular CRDs.

Vouching for Docker Images — Security — shopify.engineering If you were using computers in the ‘90s and the early 2000s, you probably had the experience of installing a piece of software you downloaded from the internet, only to discover that someone put some nasty into it, and now you’re dragging your computer to IT to beg them to save your data. To remedy this, software...

Container Networking Is Simple! — iximiuz.com How container networking works under the hood? Setting up docker-like container networking from scratch. Bonus: podman rootless container networking explained.

What DockerSlim Users Get Out of Slim's SaaS Platform | Slim.AI — www.slim.ai Anyone using DockerSlim understands the value of container minificaiton. What they might not appreciate is the additional value of using DockerSlim within the broader feature set and support functions of the Slim.AI SaaS offering.

Rate Limiting in controller-runtime and client-go · Daniel Mangum — danielmangum.com Daniel Mangum's personal website

Getting started using cert-manager with the sig-network Gateway API | Jetstack Blog The Gateway API, introduced by the sig-network community, is a new API that aims at replacing the Ingress API. In this guide, we will walk through the installation of cert-manager, ExternalDNS and Traefik to deploy a simple service using the Gateway API.

Container-to-Container Communication – Mike's House — www.miketheman.net In a containerized world, is there a material difference between communicating over local network TCP vs local Unix domain sockets?

Apple offering engineers $180,000 bonuses to prevent poaching | AppleInsider — appleinsider.com Apple's top engineering talents are being offered significant stock bonuses worth up to $180,000 to prevent defection to Meta and others.

A Bit of Ambiance comes to Sigstore | by Dan Lorenc | Medium — dlorenc.medium.com Zero-trust security starts with trusting actual entities based on strong identity, not whoever happens to control a secret, or whoever gets behind a firewall. No secrets sounds great in theory! It…

New Case Studies About Google’s Use of Go | Google Open Source Blog — opensource.googleblog.com Go turned out to have a much broader reach than expected. Its growth in the industry has been phenomenal, and it has powered many Google projects.

82% of companies unknowingly give 3rd parties access to all their cloud data — blog.wiz.io Cloud identity permissions are complex. So complex that innocent looking permissions provided to 3rd party vendors can lead to unintended exposure of all of your data.

Looking at LambdaShell.com after 3+ years | by Zac Charles | Dec, 2021 | Medium — zaccharles.medium.com Since 2018, lambdashell.com has challenged visitors to do their worst. In this post, I take a look at what is possible 3+ years on (a lot).

Karpenter Cluster Autoscaler There are 3 main options for autoscaling in Kubernetes clusters. HPA (Horizontal Pod Autoscaling), VPA (Vertical Pod Autoscaling) and Cluster Autoscaling.

Announcement: Pleco - the open-source Kubernetes and Cloud Services garbage collector — www.qovery.com Pleco is a service that automatically removes Cloud managed services and Kubernetes resources based on tags with TTL. We are proud to offer this tool that save tons of time and money to our R&D team.

Vaccination Database Talks (Second Dose) – Fall 2021 — db.cs.cmu.edu Vaccination Database Tech Talks - 2021Second Dose - Fall 2021There are some things in life that are just better when you have more of it. Fresh orange

Talos v0.14 is live! - Sidero Labs — www.siderolabs.com This release of Talos accumulates a lot of changes resulting in an improved user experience. It brings more knobs and switches to play with so that you can dial in exactly what you need. Getting Ready for Something Awesome If you run Kubernetes on bare metal you need Sidero Metal. It is the simplest, yet […]

Harvester is now production-ready and generally available   | SUSE Communities — www.suse.com Harvester is now production-ready and generally available. Learn more about SUSE's newest product Harvester, the open, interoperable hyper-converged infrastructure (HCI) solution built on modern, cloud-native solutions.

Best of 2021 - Kubernetes Enables DevOps-as-a-Service (DaaS) - Container Journal — containerjournal.com DevOps-as-a-Service (DaaS) and Kubernetes alone provide many valuable capabilities, and greater benefits when deployed together.

Measuring the Value of DevOps-as-a-Service (DaaS) - DevOps.com — devops.com DaaS delivers benefits for business, app-dev users and DaaS teams. Here's how to accurately gather data, set SLOs/SLIs and measure value.

Using Admission Controllers to Detect Container Drift at Runtime | Kubernetes — kubernetes.io Author: Saifuding Diliyaer (Box) Illustration by Munire Aireti At Box, we use Kubernetes (K8s) to manage hundreds of micro-services that enable Box to stream data at a petabyte scale. When it comes to the deployment process, we run kube-applier as part of the GitOps workflows with declarative configuration and automated deployment. Developers declare their K8s apps manifest into a Git repository that requires code reviews and automatic checks to pass, before any changes can get merged and applied inside our K8s clusters.

Cloud-Native Observability and Security Analytics with SysFlow and Falco | Falco Hello, fellow Falcoers! This blog introduces you to a new open system telemetry format and project called SysFlow. The project has deep ties to Falco, the de facto CNCF cloud-native runtime security project. Falco is exceptional at detecting unexpected application behavior and alerting on threats at runtime. Furthermore, its components and architecture open itself to creative uses. For example, SysFlow embeds Falco's rich observability libraries into its cloud-native security telemetry stack and Falco's rules language to achieve data abstraction, behavioral analytics, and noise reduction.

How we built Twitter’s highly reliable ads pacing service — blog.twitter.com In this blog, we describe how we separate Twitter’s pacing system from the serving stack to an independent service.

Containers 101: attach vs. exec - what's the difference? — iximiuz.com Understanding the difference between attach, logs, run, and exec commands through learning the container management internals.

Introduction to Multi-Tenancy in Kubernetes — www.infracloud.io This blog post discusses the various type of solutions to implement multi-tenancy in Kubernetes. Multi-tenancy helps to share the same infrastructure with different set of users.

The internet runs on free open-source software. Who pays to fix it? | MIT Technology Review — www.technologyreview.com Volunteer-run projects like Log4J keep the internet running. The result is unsustainable burnout, and a national security risk when they go wrong.

Open Source Foundations Must Work Together to Prevent the Next Log4Shell Scramble - Open Source Security Foundation As someone who has spent their entire career in open source software (OSS), the Log4Shell scramble (an industry-wide four-alarm-fire to address a serious vulnerability in the Apache Log4j package) is...

Is technology architecture still relevant with CI/CD devops?

Source Patch: The art and science of probing a Kubernetes container — sourcepatch.blogspot.com Keeping containers alive in a Kubernetes cluster can feel more like art than science. In this article, I dive into the sea of madness awaiti...

How blockchain adds trust to AI and IoT IBM Supply Chain and Blockchain Blog — www.ibm.com Find out how blockchain stands to accelerate the adoption of emerging technologies including AI, Cloud, and IoT by bringing in the missing element of trust.

Understanding SBOM Management and The Six Ways It Prevents SBOM Sprawl — anchore.com Learn why SBOM management is critical to secure the software supply and the six ways it prevents SBOM sprawl.

AWS open source news and updates #94 - DEV Community December 20th, 2021 - Instalment #94 Newsletter #94. This will be the last newsletter ... Tagged with opensource, aws.

GitHub - alicebob/miniredis: Pure Go Redis server for Go unittests — github.com Pure Go Redis server for Go unittests. Contribute to alicebob/miniredis development by creating an account on GitHub.

.css-1b9oi20{display:block;width:8rem;}@media (min-width: 768px){.css-1b9oi20{width:16rem;}}.css-1082qq3{display:block;width:100%;} — blog.aspect.dev Bazel packages (called "modules") have historically been distributed with a long "WORKSPACE snippet", which required users to install and configure the module and also its dependencies. This caused a lot of headache for users, since the first declara...

The container throttling problem — danluu.com This is an excerpt from an internal document David Mackey and I co-authored in April 2019. The document is excerpted since much of the original doc was about comparing possible approaches to increasing efficency at Twitter, which is mostly information that's meaningless outside of Twitter without a large amount of additional explanation/context.

Multizone Kubernetes and VPC Load Balancer Setup | IBM — www.ibm.com Securely expose your Kubernetes app by setting up a Load Balancer for VPC in a different zone.

Kubernetes Security Tutorial: Pods (Part 1) — blog.gitguardian.com Get a deeper understanding of Kubernetes Pods security with this hands-on tutorial.

Assets

GitHub - armosec/kubescape: — github.com

Kubescape is the first open-source tool for testing if Kubernetes is deployed securely according to multiple frameworks: regulatory, customized company policies and DevSecOps best practices, such as the NSA-CISA and the MITRE ATT&CK®.

Suborbital · GitHub — github.com Rocket-fueled open source platform tools. Suborbital has 20 repositories available. Follow their code on GitHub.

GitHub - iximiuz/client-go-examples: Collection of mini-programs demonstrating Kubernetes client-go usage. — github.com

Collection of mini-programs demonstrating Kubernetes client-go usage.

GitHub - drakkan/sftpgo — github.com Fully featured and highly configurable SFTP server with optional HTTP, FTP/S and WebDAV support - S3, Google Cloud Storage, Azure Blob - GitHub - drakkan/sftpgo: Fully featured and highly configurable SFTP server with optional HTTP, FTP/S and WebDAV support - S3, Google Cloud Storage, Azure Blob

GitHub - up9inc/mizu — github.com API traffic viewer for Kubernetes enabling you to view all API communication between microservices. Think TCPDump and Wireshark re-invented for Kubernetes - GitHub - up9inc/mizu: API traffic viewer for Kubernetes enabling you to view all API communication between microservices. Think TCPDump and Wireshark re-invented for Kubernetes

GitHub - plausible/analytics — github.com Simple, open-source, lightweight (< 1 KB) and privacy-friendly web analytics alternative to Google Analytics. - GitHub - plausible/analytics: Simple, open-source, lightweight (< 1 KB) and privacy-friendly web analytics alternative to Google Analytics.

GitHub - castrojo/awesome-immutable — github.com A list of resources for people who want to investigate image-based Linux desktops - GitHub - castrojo/awesome-immutable: A list of resources for people who want to investigate image-based Linux desktops

GitHub - vitejs/vite — github.com Next generation frontend tooling. It's fast! Contribute to vitejs/vite development by creating an account on GitHub.

GitHub - coinbase/salus — github.com Security scanner coordinator. Contribute to coinbase/salus development by creating an account on GitHub.

GitHub - dirien/infrastructure-as-code-workshop: Infrastructure as Code Workshop — github.com Infrastructure as Code Workshop. Contribute to dirien/infrastructure-as-code-workshop development by creating an account on GitHub.

GitHub - GoogleCloudPlatform/terraformer — github.com CLI tool to generate terraform files from existing infrastructure (reverse Terraform). Infrastructure to Code - GitHub - GoogleCloudPlatform/terraformer: CLI tool to generate terraform files from existing infrastructure (reverse Terraform). Infrastructure to Code

Guide to JBang | Baeldung — www.baeldung.com Learn how to create, edit and run self-contained source-only or binary Java programs with ease using JBang.

GitHub - google/log4jscanner — github.com A log4j vulnerability filesystem scanner and Go package for analyzing JAR files. - GitHub - google/log4jscanner: A log4j vulnerability filesystem scanner and Go package for analyzing JAR files.

GitHub - FrancescoXX/100-days-of-Web3 — github.com This is a list of the content I shared about Web3 for the upcoming 100 days - GitHub - FrancescoXX/100-days-of-Web3: This is a list of the content I shared about Web3 for the upcoming 100 days

kustomizer — kustomizer.dev An experimental package manager for distributing Kubernetes configuration as OCI artifacts.

GitHub - ogham/dog: A command-line DNS client. — github.com A command-line DNS client. Contribute to ogham/dog development by creating an account on GitHub.

GitHub - boldandbusted/vagrant-kind — github.com Use Vagrant's 'ansible_local' provisioner to set up KinD (https://kind.sigs.k8s.io/) - GitHub - boldandbusted/vagrant-kind: Use Vagrant's 'ansible_local' provisioner to set up KinD (https://kind.sigs.k8s.io/)

API Hub - Free Public & Open Rest APIs | RapidAPI — rapidapi.com Browse, Test & Connect to 1000s of Public Rest APIs on RapidAPI's API Hub - the world's largest API directory. Sign up today for Free!

GitHub - thanos-io/kube-thanos — github.com Kubernetes specific configuration for deploying Thanos. - GitHub - thanos-io/kube-thanos: Kubernetes specific configuration for deploying Thanos.

GitHub - duiker101/twitter-interaction-circles — github.com A guide project on how to make interaction circles for Twitter - GitHub - duiker101/twitter-interaction-circles: A guide project on how to make interaction circles for Twitter

GitHub - faressoft/terminalizer — github.com 🦄 Record your terminal and generate animated gif images or share a web player - GitHub - faressoft/terminalizer: 🦄 Record your terminal and generate animated gif images or share a web player

GitHub - goreleaser/supply-chain-example — github.com Example goreleaser + github actions config with keyless signing and SBOM generation - GitHub - goreleaser/supply-chain-example: Example goreleaser + github actions config with keyless signing and SBOM generation

GitHub - anchore/syft — github.com CLI tool and library for generating a Software Bill of Materials from container images and filesystems - GitHub - anchore/syft: CLI tool and library for generating a Software Bill of Materials from container images and filesystems

GitHub - codeboten/practical-otel: Practical OpenTelemetry — github.com Practical OpenTelemetry. Contribute to codeboten/practical-otel development by creating an account on GitHub.

GitHub - svenstaro/genact: 🌀 A nonsense activity generator — github.com 🌀 A nonsense activity generator. Contribute to svenstaro/genact development by creating an account on GitHub.

GitHub - cue-lang/cue: The new home of the CUE language! Validate and define text-based and dynamic configuration — github.com The new home of the CUE language! Validate and define text-based and dynamic configuration - GitHub - cue-lang/cue: The new home of the CUE language! Validate and define text-based and dynamic configuration

GitHub - bloomrpc/bloomrpc: GUI Client for GRPC Services — github.com GUI Client for GRPC Services. Contribute to bloomrpc/bloomrpc development by creating an account on GitHub.

Experimental Keyless Cosign verify-blob command to verify signature that is exported by the skopeo tool to the directory · GitHub — gist.github.com Experimental Keyless Cosign verify-blob command to verify signature that is exported by the skopeo tool to the directory - demo.md

GitHub - sogos/cdk-eks-full-featured — github.com Contribute to sogos/cdk-eks-full-featured development by creating an account on GitHub.

GitHub - wagoodman/dive: A tool for exploring each layer in a docker image — github.com A tool for exploring each layer in a docker image. Contribute to wagoodman/dive development by creating an account on GitHub.

crossplane/design-doc-external-secret-stores.md at master · crossplane/crossplane · GitHub — github.com Your Universal Control Plane. Contribute to crossplane/crossplane development by creating an account on GitHub.

GitHub - cpuguy83/containerd-shim-systemd-v1 — github.com

This project aims to provide a containerd shim implementation which uses systemd to manage containers.

Skills

GitHub - moabukar/KCNA-Kubernetes-and-Cloud-Native-Associate — github.com Useful notes for the KCNA - Kubernetes and Cloud Native Associate - GitHub - moabukar/KCNA-Kubernetes-and-Cloud-Native-Associate: Useful notes for the KCNA - Kubernetes and Cloud Native Associate

Took my CKAD, failed the first time, passed using retake with 98% : kubernetes — www.reddit.com Background: Junior software engineer with 1+ year of experience. So as you guessed, not much prior knowledge to docker, kubernetes and linux :) ...

The KCNA Exam — A quick guide to kicking off your K8S and Cloud Native Journey | by Marino Wijay | Dec, 2021 | Medium — medium.com Just a few months ago, the Kubernetes and Cloud Native Associate Exam (KCNA) was launched. After some thought, I figured I’d give it a shot. I took the exam and passed! This exam was released after…

Red Hat Enterprise Linux Interactive Lab Portal Work with Red Hat Enterprise Linux hands-on labs to learn new skills and technologies

Free course landing page It started with fixing a typo, then on to fixing a bug; contributing to Open Source and collaborating to improve technology for everyone.

AlgoCademy - Become the Software Engineer companies are fighting for — algocademy.com Master the coding interview and get your dream job. Learn how to write clean quality code that passes the technical interview. Develop your problem solving skills using our step by step interactive lessons, video content and code quality tests

Books - The Pragmatic Engineer

Here are books I recommend for software engineers or managers.

The Ship It! Podcast |> Changelog — changelog.com A show about getting your best ideas into the world and seeing what happens. We talk about code, ops, infrastructure, and the people that make it happen.

Layoffs Tracker - Layoffs.fyi — layoffs.fyi [LIVE] Tracking all tech startup layoffs — and lists of employees laid off — since COVID-19 was declared a pandemic. This page is constantly being updated.