

Discover more from Cloud Native with Carlos Santana
Newsletter of Carlos Santana - Issue #22
Happy New Year 🍾🎊!!!
This newsletter issue comes packed with all resources from the last three weeks. I took a break and I hope you too.
I wish you an excellent start on all your 2022 goals.
I have been more active on Twitter lately; if you are not already, please follow me on Twitter
PS: I want to share the news that I got accepted as a shadow for the Kubernetes v1.24 Release Team 🎉
News
2022: The year of software supply chain security | InfoWorld — www.infoworld.com Strengthening the software supply chain must be priority No. 1 in the new year. Here are three areas to focus on.
Secure your Kubernetes deployments with eBPF | Red Hat Developer — developers.redhat.com Learn how to use eBPF and the Security Profiles Operator to automatically generate seccomp profiles, a Linux kernel security feature for Kubernetes.
Skaffold book review — www.santana.dev Skaffold book review, Effortless Cloud-Native App Development Using Skaffold.
BumbleBee: Build, Ship, Run eBPF tools - Solo.io — www.solo.io Today we are thrilled to announce BumbleBee, an open-source project focused on simplifying the user experience around building eBPF tools. BumbleBee helps
Manage Kubernetes Admission Webhook's certificates with cert-manager CA Injector and Vault PKI — medium.com · ⛵️ Kubernetes Admission Controllers · 📝 cert-manager and CA Injector · 🔐 Vault PKI (Public Key Infrastructure) · 💻 Installation · 👀 How to monitor certificates? · ✨ How to accomplish…
COSSI: $100M+ Revenue Commercial Open-Source Software (COSS) Company Index
Introducing Grafana University: our virtual hands-on education platform that's free and easy to use | Grafana Labs — grafana.com Get realistic, hands-on experience with Grafana technologies and products with free online classes that can be consumed anytime and anywhere.
Kubernetes security will have a breakout year in 2022 | VentureBeat — venturebeat.com Kubernetes security will take another big leap in 2022, as companies focus on cloud-native, container-based approaches to app development.
GitOps on Kubernetes: Deciding Between Argo CD and Flux – The New Stack — thenewstack.io There are many ways to build out application CI/CD pipelines in Kubernetes, but in this article we are going to focus on Flux and Argo CD.
Defining the web3 stack — edgeandnode.com Want to build on web3? Nader Dabit identifies the building blocks of the web3 technology stack in an introductory guide.
How eBPF will solve Service Mesh - Goodbye Sidecars — isovalent.com eBPF Service Mesh - How we can build an eBPF-based service mesh in the kernel to replace the complex sidecar model
Comparing Kubernetes Security Frameworks and Guidance | ARMO — www.armosec.io Comparing popular Kubernetes security and compliance frameworks, how they differ, when to use, common goals, and suggested tools
Improve supply chain security with GitHub actions, Cosign, Kyverno and other open source tools This article discusses about improving supply chain security of containers and kuberentes using GitHub actions, Cosign, Kyverno and other open source tools
On The State Of Continuous Profiling | by Michael Hausenblas | Dec, 2021 | Medium — o11y.engineering Continuous profiling background and open source offerings: Parca, Pixie, and Pyroscope.
Cybersecurity and the Curse of Binary Thinking
Working in information/cybersecurity and technology risk is a fascinating and challenging career, as I’ve covered here. There is, mostly, a great spirit of sharing and collaboration among security professionals. However, I’ve observed one disturbing and growing trend in the past few years that might be characterized as a curse of binary thinking. By this I mean the assertion that if something isn’t perfect then it must be terrible…
Kubernetes SDKs from the Pulumiverse | Pulumi Blog — www.pulumi.com In this article, we look at a new repository published on the Pulumiverse that delivers rich Kubernetes SDKs for popular CRDs.
Vouching for Docker Images — Security — shopify.engineering If you were using computers in the ‘90s and the early 2000s, you probably had the experience of installing a piece of software you downloaded from the internet, only to discover that someone put some nasty into it, and now you’re dragging your computer to IT to beg them to save your data. To remedy this, software...
Container Networking Is Simple! — iximiuz.com How container networking works under the hood? Setting up docker-like container networking from scratch. Bonus: podman rootless container networking explained.
What DockerSlim Users Get Out of Slim's SaaS Platform | Slim.AI — www.slim.ai Anyone using DockerSlim understands the value of container minificaiton. What they might not appreciate is the additional value of using DockerSlim within the broader feature set and support functions of the Slim.AI SaaS offering.
Rate Limiting in controller-runtime and client-go · Daniel Mangum — danielmangum.com Daniel Mangum's personal website
Getting started using cert-manager with the sig-network Gateway API | Jetstack Blog The Gateway API, introduced by the sig-network community, is a new API that aims at replacing the Ingress API. In this guide, we will walk through the installation of cert-manager, ExternalDNS and Traefik to deploy a simple service using the Gateway API.
Container-to-Container Communication – Mike's House — www.miketheman.net In a containerized world, is there a material difference between communicating over local network TCP vs local Unix domain sockets?
Apple offering engineers $180,000 bonuses to prevent poaching | AppleInsider — appleinsider.com Apple's top engineering talents are being offered significant stock bonuses worth up to $180,000 to prevent defection to Meta and others.
A Bit of Ambiance comes to Sigstore | by Dan Lorenc | Medium — dlorenc.medium.com Zero-trust security starts with trusting actual entities based on strong identity, not whoever happens to control a secret, or whoever gets behind a firewall. No secrets sounds great in theory! It…
New Case Studies About Google’s Use of Go | Google Open Source Blog — opensource.googleblog.com Go turned out to have a much broader reach than expected. Its growth in the industry has been phenomenal, and it has powered many Google projects.
82% of companies unknowingly give 3rd parties access to all their cloud data — blog.wiz.io Cloud identity permissions are complex. So complex that innocent looking permissions provided to 3rd party vendors can lead to unintended exposure of all of your data.
Looking at LambdaShell.com after 3+ years | by Zac Charles | Dec, 2021 | Medium — zaccharles.medium.com Since 2018, lambdashell.com has challenged visitors to do their worst. In this post, I take a look at what is possible 3+ years on (a lot).
Karpenter Cluster Autoscaler There are 3 main options for autoscaling in Kubernetes clusters. HPA (Horizontal Pod Autoscaling), VPA (Vertical Pod Autoscaling) and Cluster Autoscaling.
Announcement: Pleco - the open-source Kubernetes and Cloud Services garbage collector — www.qovery.com Pleco is a service that automatically removes Cloud managed services and Kubernetes resources based on tags with TTL. We are proud to offer this tool that save tons of time and money to our R&D team.
Vaccination Database Talks (Second Dose) – Fall 2021 — db.cs.cmu.edu Vaccination Database Tech Talks - 2021Second Dose - Fall 2021There are some things in life that are just better when you have more of it. Fresh orange
Talos v0.14 is live! - Sidero Labs — www.siderolabs.com This release of Talos accumulates a lot of changes resulting in an improved user experience. It brings more knobs and switches to play with so that you can dial in exactly what you need. Getting Ready for Something Awesome If you run Kubernetes on bare metal you need Sidero Metal. It is the simplest, yet […]
Harvester is now production-ready and generally available | SUSE Communities — www.suse.com Harvester is now production-ready and generally available. Learn more about SUSE's newest product Harvester, the open, interoperable hyper-converged infrastructure (HCI) solution built on modern, cloud-native solutions.
Best of 2021 - Kubernetes Enables DevOps-as-a-Service (DaaS) - Container Journal — containerjournal.com DevOps-as-a-Service (DaaS) and Kubernetes alone provide many valuable capabilities, and greater benefits when deployed together.
Measuring the Value of DevOps-as-a-Service (DaaS) - DevOps.com — devops.com DaaS delivers benefits for business, app-dev users and DaaS teams. Here's how to accurately gather data, set SLOs/SLIs and measure value.
Using Admission Controllers to Detect Container Drift at Runtime | Kubernetes — kubernetes.io Author: Saifuding Diliyaer (Box) Illustration by Munire Aireti At Box, we use Kubernetes (K8s) to manage hundreds of micro-services that enable Box to stream data at a petabyte scale. When it comes to the deployment process, we run kube-applier as part of the GitOps workflows with declarative configuration and automated deployment. Developers declare their K8s apps manifest into a Git repository that requires code reviews and automatic checks to pass, before any changes can get merged and applied inside our K8s clusters.
Cloud-Native Observability and Security Analytics with SysFlow and Falco | Falco Hello, fellow Falcoers! This blog introduces you to a new open system telemetry format and project called SysFlow. The project has deep ties to Falco, the de facto CNCF cloud-native runtime security project. Falco is exceptional at detecting unexpected application behavior and alerting on threats at runtime. Furthermore, its components and architecture open itself to creative uses. For example, SysFlow embeds Falco's rich observability libraries into its cloud-native security telemetry stack and Falco's rules language to achieve data abstraction, behavioral analytics, and noise reduction.
How we built Twitter’s highly reliable ads pacing service — blog.twitter.com In this blog, we describe how we separate Twitter’s pacing system from the serving stack to an independent service.
Containers 101: attach vs. exec - what's the difference? — iximiuz.com Understanding the difference between attach, logs, run, and exec commands through learning the container management internals.
Introduction to Multi-Tenancy in Kubernetes — www.infracloud.io This blog post discusses the various type of solutions to implement multi-tenancy in Kubernetes. Multi-tenancy helps to share the same infrastructure with different set of users.
The internet runs on free open-source software. Who pays to fix it? | MIT Technology Review — www.technologyreview.com Volunteer-run projects like Log4J keep the internet running. The result is unsustainable burnout, and a national security risk when they go wrong.
Open Source Foundations Must Work Together to Prevent the Next Log4Shell Scramble - Open Source Security Foundation As someone who has spent their entire career in open source software (OSS), the Log4Shell scramble (an industry-wide four-alarm-fire to address a serious vulnerability in the Apache Log4j package) is...
Is technology architecture still relevant with CI/CD devops?
Source Patch: The art and science of probing a Kubernetes container — sourcepatch.blogspot.com Keeping containers alive in a Kubernetes cluster can feel more like art than science. In this article, I dive into the sea of madness awaiti...
How blockchain adds trust to AI and IoT IBM Supply Chain and Blockchain Blog — www.ibm.com Find out how blockchain stands to accelerate the adoption of emerging technologies including AI, Cloud, and IoT by bringing in the missing element of trust.
Understanding SBOM Management and The Six Ways It Prevents SBOM Sprawl — anchore.com Learn why SBOM management is critical to secure the software supply and the six ways it prevents SBOM sprawl.
AWS open source news and updates #94 - DEV Community December 20th, 2021 - Instalment #94 Newsletter #94. This will be the last newsletter ... Tagged with opensource, aws.
GitHub - alicebob/miniredis: Pure Go Redis server for Go unittests — github.com Pure Go Redis server for Go unittests. Contribute to alicebob/miniredis development by creating an account on GitHub.
.css-1b9oi20{display:block;width:8rem;}@media (min-width: 768px){.css-1b9oi20{width:16rem;}}.css-1082qq3{display:block;width:100%;} — blog.aspect.dev Bazel packages (called "modules") have historically been distributed with a long "WORKSPACE snippet", which required users to install and configure the module and also its dependencies. This caused a lot of headache for users, since the first declara...
The container throttling problem — danluu.com This is an excerpt from an internal document David Mackey and I co-authored in April 2019. The document is excerpted since much of the original doc was about comparing possible approaches to increasing efficency at Twitter, which is mostly information that's meaningless outside of Twitter without a large amount of additional explanation/context.
Multizone Kubernetes and VPC Load Balancer Setup | IBM — www.ibm.com Securely expose your Kubernetes app by setting up a Load Balancer for VPC in a different zone.
Kubernetes Security Tutorial: Pods (Part 1) — blog.gitguardian.com Get a deeper understanding of Kubernetes Pods security with this hands-on tutorial.
Assets
GitHub - armosec/kubescape: — github.com
Kubescape is the first open-source tool for testing if Kubernetes is deployed securely according to multiple frameworks: regulatory, customized company policies and DevSecOps best practices, such as the NSA-CISA and the MITRE ATT&CK®.
Suborbital · GitHub — github.com Rocket-fueled open source platform tools. Suborbital has 20 repositories available. Follow their code on GitHub.
GitHub - iximiuz/client-go-examples: Collection of mini-programs demonstrating Kubernetes client-go usage. — github.com
Collection of mini-programs demonstrating Kubernetes client-go usage.
GitHub - drakkan/sftpgo — github.com Fully featured and highly configurable SFTP server with optional HTTP, FTP/S and WebDAV support - S3, Google Cloud Storage, Azure Blob - GitHub - drakkan/sftpgo: Fully featured and highly configurable SFTP server with optional HTTP, FTP/S and WebDAV support - S3, Google Cloud Storage, Azure Blob
GitHub - up9inc/mizu — github.com API traffic viewer for Kubernetes enabling you to view all API communication between microservices. Think TCPDump and Wireshark re-invented for Kubernetes - GitHub - up9inc/mizu: API traffic viewer for Kubernetes enabling you to view all API communication between microservices. Think TCPDump and Wireshark re-invented for Kubernetes
GitHub - plausible/analytics — github.com Simple, open-source, lightweight (< 1 KB) and privacy-friendly web analytics alternative to Google Analytics. - GitHub - plausible/analytics: Simple, open-source, lightweight (< 1 KB) and privacy-friendly web analytics alternative to Google Analytics.
GitHub - castrojo/awesome-immutable — github.com A list of resources for people who want to investigate image-based Linux desktops - GitHub - castrojo/awesome-immutable: A list of resources for people who want to investigate image-based Linux desktops
GitHub - vitejs/vite — github.com Next generation frontend tooling. It's fast! Contribute to vitejs/vite development by creating an account on GitHub.
GitHub - coinbase/salus — github.com Security scanner coordinator. Contribute to coinbase/salus development by creating an account on GitHub.
GitHub - dirien/infrastructure-as-code-workshop: Infrastructure as Code Workshop — github.com Infrastructure as Code Workshop. Contribute to dirien/infrastructure-as-code-workshop development by creating an account on GitHub.
GitHub - GoogleCloudPlatform/terraformer — github.com CLI tool to generate terraform files from existing infrastructure (reverse Terraform). Infrastructure to Code - GitHub - GoogleCloudPlatform/terraformer: CLI tool to generate terraform files from existing infrastructure (reverse Terraform). Infrastructure to Code
Guide to JBang | Baeldung — www.baeldung.com Learn how to create, edit and run self-contained source-only or binary Java programs with ease using JBang.
GitHub - google/log4jscanner — github.com A log4j vulnerability filesystem scanner and Go package for analyzing JAR files. - GitHub - google/log4jscanner: A log4j vulnerability filesystem scanner and Go package for analyzing JAR files.
GitHub - FrancescoXX/100-days-of-Web3 — github.com This is a list of the content I shared about Web3 for the upcoming 100 days - GitHub - FrancescoXX/100-days-of-Web3: This is a list of the content I shared about Web3 for the upcoming 100 days
kustomizer — kustomizer.dev An experimental package manager for distributing Kubernetes configuration as OCI artifacts.
GitHub - ogham/dog: A command-line DNS client. — github.com A command-line DNS client. Contribute to ogham/dog development by creating an account on GitHub.
GitHub - boldandbusted/vagrant-kind — github.com Use Vagrant's 'ansible_local' provisioner to set up KinD (https://kind.sigs.k8s.io/) - GitHub - boldandbusted/vagrant-kind: Use Vagrant's 'ansible_local' provisioner to set up KinD (https://kind.sigs.k8s.io/)
API Hub - Free Public & Open Rest APIs | RapidAPI — rapidapi.com Browse, Test & Connect to 1000s of Public Rest APIs on RapidAPI's API Hub - the world's largest API directory. Sign up today for Free!
GitHub - thanos-io/kube-thanos — github.com Kubernetes specific configuration for deploying Thanos. - GitHub - thanos-io/kube-thanos: Kubernetes specific configuration for deploying Thanos.
GitHub - duiker101/twitter-interaction-circles — github.com A guide project on how to make interaction circles for Twitter - GitHub - duiker101/twitter-interaction-circles: A guide project on how to make interaction circles for Twitter
GitHub - faressoft/terminalizer — github.com 🦄 Record your terminal and generate animated gif images or share a web player - GitHub - faressoft/terminalizer: 🦄 Record your terminal and generate animated gif images or share a web player
GitHub - goreleaser/supply-chain-example — github.com Example goreleaser + github actions config with keyless signing and SBOM generation - GitHub - goreleaser/supply-chain-example: Example goreleaser + github actions config with keyless signing and SBOM generation
GitHub - anchore/syft — github.com CLI tool and library for generating a Software Bill of Materials from container images and filesystems - GitHub - anchore/syft: CLI tool and library for generating a Software Bill of Materials from container images and filesystems
GitHub - codeboten/practical-otel: Practical OpenTelemetry — github.com Practical OpenTelemetry. Contribute to codeboten/practical-otel development by creating an account on GitHub.
GitHub - svenstaro/genact: 🌀 A nonsense activity generator — github.com 🌀 A nonsense activity generator. Contribute to svenstaro/genact development by creating an account on GitHub.
GitHub - cue-lang/cue: The new home of the CUE language! Validate and define text-based and dynamic configuration — github.com The new home of the CUE language! Validate and define text-based and dynamic configuration - GitHub - cue-lang/cue: The new home of the CUE language! Validate and define text-based and dynamic configuration
GitHub - bloomrpc/bloomrpc: GUI Client for GRPC Services — github.com GUI Client for GRPC Services. Contribute to bloomrpc/bloomrpc development by creating an account on GitHub.
Experimental Keyless Cosign verify-blob command to verify signature that is exported by the skopeo tool to the directory · GitHub — gist.github.com Experimental Keyless Cosign verify-blob command to verify signature that is exported by the skopeo tool to the directory - demo.md
GitHub - sogos/cdk-eks-full-featured — github.com Contribute to sogos/cdk-eks-full-featured development by creating an account on GitHub.
GitHub - wagoodman/dive: A tool for exploring each layer in a docker image — github.com A tool for exploring each layer in a docker image. Contribute to wagoodman/dive development by creating an account on GitHub.
crossplane/design-doc-external-secret-stores.md at master · crossplane/crossplane · GitHub — github.com Your Universal Control Plane. Contribute to crossplane/crossplane development by creating an account on GitHub.
GitHub - cpuguy83/containerd-shim-systemd-v1 — github.com
This project aims to provide a containerd shim implementation which uses systemd to manage containers.
Skills
GitHub - moabukar/KCNA-Kubernetes-and-Cloud-Native-Associate — github.com Useful notes for the KCNA - Kubernetes and Cloud Native Associate - GitHub - moabukar/KCNA-Kubernetes-and-Cloud-Native-Associate: Useful notes for the KCNA - Kubernetes and Cloud Native Associate
Took my CKAD, failed the first time, passed using retake with 98% : kubernetes — www.reddit.com Background: Junior software engineer with 1+ year of experience. So as you guessed, not much prior knowledge to docker, kubernetes and linux :) ...
The KCNA Exam — A quick guide to kicking off your K8S and Cloud Native Journey | by Marino Wijay | Dec, 2021 | Medium — medium.com Just a few months ago, the Kubernetes and Cloud Native Associate Exam (KCNA) was launched. After some thought, I figured I’d give it a shot. I took the exam and passed! This exam was released after…
Red Hat Enterprise Linux Interactive Lab Portal Work with Red Hat Enterprise Linux hands-on labs to learn new skills and technologies
Free course landing page It started with fixing a typo, then on to fixing a bug; contributing to Open Source and collaborating to improve technology for everyone.
AlgoCademy - Become the Software Engineer companies are fighting for — algocademy.com Master the coding interview and get your dream job. Learn how to write clean quality code that passes the technical interview. Develop your problem solving skills using our step by step interactive lessons, video content and code quality tests
Books - The Pragmatic Engineer
Here are books I recommend for software engineers or managers.
The Ship It! Podcast |> Changelog — changelog.com A show about getting your best ideas into the world and seeing what happens. We talk about code, ops, infrastructure, and the people that make it happen.
Layoffs Tracker - Layoffs.fyi — layoffs.fyi [LIVE] Tracking all tech startup layoffs — and lists of employees laid off — since COVID-19 was declared a pandemic. This page is constantly being updated.