Newsletter of Carlos Santana - Issue #20
I'm finishing all my tasks before starting my PTO for the holidays.
While some of you are on the same boat shutting down, the Apache Log4J open source team and other DevOps teams had it rough this week dealing with a day zero CVE.
This week some folks were asking about my coffee time in Calendly, so I decided to create a portfolio/blog website https://santana.dev.
Welcome to my newsletter. Every week, I'll update you on Cloud Native topics in 3 categories News, Assets, and Skills.
News
Kubernetes 1.23: The Next Frontier | Kubernetes — kubernetes.io Authors: Kubernetes 1.23 Release Team We’re pleased to announce the release of Kubernetes 1.23, the last release of 2021! This release consists of 47 enhancements: 11 enhancements have graduated to stable, 17 enhancements are moving to beta, and 19 enhancements are entering alpha. Also, 1 feature has been deprecated. Major Themes Deprecation of FlexVolume FlexVolume is deprecated. The out-of-tree CSI driver is the recommended way to write volume drivers in Kubernetes.
Summary of the AWS Service Event in the Northern Virginia (US-EAST-1) Region — aws.amazon.com We want to provide you with some additional information about the service disruption that occurred in the Northern Virginia (US-EAST-1) Region on December 7th, 2021.
Carlos Santana on Twitter: "PSA: One of the fastest ways to get started with the Kubernetes REST API is kubectl. Use kubectl [-v6 or -v8] — twitter.com “PSA: One of the fastest ways to get started with the Kubernetes REST API is kubectl. Use kubectl [-v6 or -v8] to get HTTP request and response Use kubectl --raw and jq to try the API and parse the response kubectl get ksvc get nginx -v8 #Knative #Kubernetes”
Volkan Yazıcı on Twitter: "Log4j maintainers have been working sleeplessly on mitigation measures; fixes, docs, CVE, replies to inquiries, etc. Yet nothing is stopping people to bash us, for work we aren't paid for, for a feature we all dislike yet needed to keep due to backward compatibility concerns" — twitter.com “Log4j maintainers have been working sleeplessly on mitigation measures; fixes, docs, CVE, replies to inquiries, etc. Yet nothing is stopping people to bash us, for work we aren't paid for, for a feature we all dislike yet needed to keep due to backward compatibility concerns. https://t.co/W2u6AcBUM8”
Can I use minikube as a Docker Desktop replacement?
FAQ | minikube Frequently Asked Questions
Starting santana.dev I have a new website santana.dev
Cloud Native Java | Revue — www.getrevue.co Cloud Native Java - IBMer, software engineer, Canadian living in New York, husband, father and many other things. All views are my own....
IBM Cloud Code Engine: Support for Virtual Private Endpoints (VPE) | IBM — www.ibm.com You requested and we listened — as a customer of IBM Cloud, you can now use Virtual Private Endpoints to connect from your VPC network to IBM Cloud Code Engine applications.
WTF is eBPF? A sneak peek interview with Liz Rice — blog.container-solutions.com eBPF is a technology that makes the Linux kernel programmable without developers needing to resort to adding additional modules or modifying the kernel source code itself.
Safeguard your containers with new container signing capability in GitHub Actions | The GitHub Blog — github.blog GitHub has partnered with the OpenSSF and Project Sigstore to add container image signing to our default “Publish Docker Container” workflow, giving your users confidence that the container images they got from their container registry was the trusted code that you built and published.
Using Kubernetes Ephemeral Containers for Troubleshooting — loft.sh A look at how to use the Ephemeral Containers feature in Kubernetes to troubleshooting issues with your applications that run in the cluster
Shopify engineers deliver on peak performance during Black Friday Cyber Monday 2021 — cloud.google.com Shopify just experienced a record-breaking Black Friday Cyber Monday. Learn how Shopify works with Google Cloud to handle unprecedented peak moments with ease.
Kubernetes 1.23 - What's new? - New features and deprecations — sysdig.com
Kubernetes 1.23 brings 50 enhancements, including improved support for OpenAPI v3, a new kubectl events command. Discover more!
Pod Security Graduates to Beta | Kubernetes — kubernetes.io Authors: Jim Angel (Google), Lachlan Evenson (Microsoft) With the release of Kubernetes v1.23, Pod Security admission has now entered beta. Pod Security is a built-in admission controller that evaluates pod specifications against a predefined set of Pod Security Standards and determines whether to admit or deny the pod from running. Pod Security is the successor to PodSecurityPolicy which was deprecated in the v1.21 release, and will be removed in Kubernetes v1.
Hubris and Humility / Oxide The release of a small open-source operating system for deeply-embedded computer systems.
Detect Malicious Behaviour on Kubernetes API Server through gathering Audit Logs by using FluentBit - Part 2 | Falco Introduction In the previous blog post, we had talked about the Audit Logs in more detail, this post is a continuation of the previous blog post, so I suggest you take a look at the previous blog post before continuing reading. The only difference in this blog post is that this time we will use Log Backend mode, which is one of the Audit Backends that kube-apiserver supports, then we will use some kind of log collector project which is FluentBit in this case to gather these audit logs and forward them to some HTTP endpoint.
Introducing WebContainers: Run Node.js natively in your browser — blog.stackblitz.com Today we're excited to announce WebContainers, a new type of WebAssembly-based operating system that boots instantly and enables Node.js environments to run natively in-browser.
Carvel - Case Study: Modernizing The U.S. Army to Improve Soldier Well-being
The U.S. Army Software Factory and Enterprise Cloud Management Agency (ECMA) are on a mission to modernize the largest government organization in the United States with the Army’s Code Resource and Transformation Environment (CReATE).
How to get a Google Sheet as JSON - Ben Borgers Google Sheets can be a great place to store content for a website, since it's structured and easy to update (especially for non-coders).
Clash of the compiled: Golang vs Rust | by Bhvsaraf | Nov, 2021 | Medium — medium.com Hi Reader! Rust and Go are the two eye-candies of the compiled languages currently. Both the languages promise to deliver low latencies as well as great memory management for the programs. While some…
WTF is Observability? — info.container-solutions.com Although it is often confused with monitoring, observability, which was introduced with the adoption of Cloud Native and distributed applications, includes much more.
How do you rollback deployments in Kubernetes? — learnk8s.io When you introduce a change that breaks production, you should have a plan to roll back that change. Kubernetes and kubectl offer a simple mechanism to roll back changes.
Protecting your Kubernetes data with arkade and Kasten What's your strategy for protecting your data on your Kubernetes clusters? When was the last time you tested it? Come along to see a live demo of a new arkad...
Lies, damned lies, and (Cloudflare) statistics: debunking Cloudflare’s recent performance tests | Fastly — www.fastly.com A couple of weeks ago Cloudflare, one of our competitors, claimed that their edge compute platform is roughly three times as fast as Compute@Edge. The false claim is a great example of how statistics can be used to mislead.
Assets
Creating a Local Kubernetes Cluster with Vagrant | by Uğur Akgül | Nov, 2021 | Medium — ugurakgul.medium.com Hi ! I hope you are okay since we last meet. It’s been a long time and I’ve missed so much about writing. In this post I will be talking about local kubernetes clusters, why and how to bootstrap…
Running in a Kubernetes cluster - Litestream — litestream.io Litestream replicates SQLite databases in real-time to S3.
Django 4.0 released | Weblog | Django You can get Django 4.0 from our downloads page or from the Python Package Index. The PGP key ID used for this release is Mariusz Felisiak: 2EF56372BA48CD1B.
GitHub - supabase/supabase: The open source Firebase alternative. Follow to stay updated about our public Beta. — github.com The open source Firebase alternative. Follow to stay updated about our public Beta. - GitHub - supabase/supabase: The open source Firebase alternative. Follow to stay updated about our public Beta.
GitHub - benborgers/opensheet: 💾 An API to get a Google Sheet as JSON, no authentication required. — github.com 💾 An API to get a Google Sheet as JSON, no authentication required. - GitHub - benborgers/opensheet: 💾 An API to get a Google Sheet as JSON, no authentication required.
GitHub - rung/threat-matrix-cicd: Threat matrix for CI/CD Pipeline — github.com Threat matrix for CI/CD Pipeline. Contribute to rung/threat-matrix-cicd development by creating an account on GitHub.
GitHub - databus23/helm-diff: A helm plugin that shows a diff explaining what a helm upgrade would change — github.com A helm plugin that shows a diff explaining what a helm upgrade would change - GitHub - databus23/helm-diff: A helm plugin that shows a diff explaining what a helm upgrade would change
Component toolkit for creating live-running code editing experiences | Sandpack — sandpack.codesandbox.io Sandpack is a component toolkit for creating your own live-running code editing experiences powered by CodeSandbox.
GitHub - anchore/sbom-action: GitHub Action for creating software bill of materials using Syft. — github.com GitHub Action for creating software bill of materials using Syft. - GitHub - anchore/sbom-action: GitHub Action for creating software bill of materials using Syft.
Construct Hub Construct Hub helps developers find open-source construct libraries for use with AWS CDK, CDK8s, CDKTf and other construct-based tools.
Tailwind Grid Generator Easily generate responsive grids for Tailwind CSS projects. All of the generated classes are based on the Tailwind defaults, just choose your settings to get started.
GitHub - jakecoffman/crud: Swagger/OpenAPI builder and input validation for Go APIs — github.com Swagger/OpenAPI builder and input validation for Go APIs - GitHub - jakecoffman/crud: Swagger/OpenAPI builder and input validation for Go APIs
Replacing Docker Desktop with Multipass, to avoid Docker Desktop fees | by David Herron | Nov, 2021 | ITNEXT — itnext.io Docker is open source software, and Docker Desktop is a spiffy GUI application to simplify installing Docker on a macOS or Windows machine. It’s worth using, because of how easy it makes to use…
Kubernetes-native Troubleshooting | Komodor — komodor.com Komodor tracks changes across the entire K8s stack, providing you with the context you need to troubleshoot efficiently and independently.
Skills
Cool YAML Features You Probably Didn’t Know About | by Utibeabasi Umanah | Nov, 2021 | FAUN Publication — faun.pub In my previous article about YAML (check it out here), we looked at what exactly YAML is, and we also took a look at the YAML syntax. Since then, I discovered some cool YAML features I bet you didn’t…
You can't fit every tool in your IT career toolbox - Tom Costello - KD9CPB Do you know when to add or remove a tool from your IT career toolbox? Let's look at ways to keep your IT skills sharp while avoiding burnout
Explain Sigstore to me like I am five — www.securityjourney.com Sigstore is important to know because it aims to become the industry standard. It is the first project to recognize that one way of conducting supply chain security will not do. Specialists consider that Sigstroe can make everything easier and with more practical utility. Dan Lorenc said it should be that easy that people will not even realize that they are using it.
Microservices Monitoring On Power Architecture Using Instana | by Neha Ghongade | IBM Cloud | Dec, 2021 | Medium — medium.com Instana is the first and fully automated Application Performance Management (APM) solution designed specifically for the challenges of managing Microservices and cloud-native applications. Basically…
How to use dig How to use dig
FREE Introduction to Kubernetes (LFS158x) - Linux Foundation - Training Get an in-depth primer on this powerful system for managing containerized applications in a clustered environment.
Comparison between Helm and Kustomize for Kubernetes yaml management | by Masato Naka | Medium — nakamasato.medium.com Helm and Kustomize are often compared with each other in the context of managing Kubernetes manifest file. Although those two tools have similar features, they are fundamentally different. In this…
Kubelist - a kubernetes newsletter & podcast — kubelist.com Read and listen to the best Kubernetes and CNCF content in our newsletter and podcast. For operators and developers first.
The Kubelist Podcast | Ep. #10, Crossplane with Daniel Mangum of Upbound | Heavybit Heavybit is the leading fund for developer and enterprise startups. From pre-Seed to Series A companies, we help teams achieve breakout commercial success.