Welcome to my newsletter. Every week, I'll update you on Cloud Native topics in 3 categories News, Assets, and Skills.

I did minor updates to my site; I added a page for all my Cloud Native learning resources https://www.santana.dev/learn.

I also updated the Kubernetes Book Club roadmap https://www.santana.dev/book-club.

My two highlights are the Kubernetes Documentary on youtube and microshift from Red Hat to get openshift running on Raspberry Pi.

News

Introducing MicroShift - Red Hat Emerging Technologies — next.redhat.com MicroShift has been specifically designed for edge computing use cases, with a goal of fitting in the limited storage capacity of field-deployed devices that can be embedded into a variety of appliances such as cars, factory lines, airplanes or even satellites.

Over 90 WordPress themes, plugins backdoored in supply chain attack — www.bleepingcomputer.com A massive supply chain attack compromised 93 WordPress themes and plugins to contain a backdoor, giving threat-actors full access to websites.

Kubernetes Home Lab Home lab using Intel NUC and Raspberry Pi running Kubernetes, K3S, Knative

Scaling Kubernetes to Over 4k Nodes and 200k Pods | by Abdul Qadeer | The PayPal Technology Blog | Jan, 2022 | Medium — medium.com At PayPal, we recently started testing the waters with Kubernetes. A majority of our workloads run on Apache Mesos, and as part of this migration, we needed to understand several performance aspects…

Inside Amazon’s Graviton3 Arm Server Processor — www.nextplatform.com The Graviton family of Arm server chips designed by the Annapurna Labs division of Amazon Web Services is arguably the highest volume Arm server chips the

SUSE releases NeuVector, the industry’s first open source container security platform | SUSE Communities — www.suse.com Today, we are pleased to announce that the NeuVector codebase is now available to the open source community on GitHub. The work to fully open source a formerly proprietary technology is a testament to SUSE’s open-source culture and our commitment to deliver open, interoperable and innovative solutions to our partners and customers. With this release, …

Third-Party Software for Teslas Can Be Hacked, German Teen Says - Bloomberg — www.bloomberg.com A 19-year-old said he’s found flaws in a piece of third-party software that appears to be used by a relatively small number of owners of Tesla Inc. cars that could allow hackers to remotely control some of the vehicles’ functions.

Our Cloud Native Journey to Red Hat OpenShift Using Quarkus — medium.com Once you have a hypothesis and some spare time, what do you do? You perform an experiment! That is exactly what our Go To Markets — Assets and Architecture team did. Throughout this blog series…

Spin up a Ubuntu VM using Pulumi and libvirt | Dustin Specker — dustinspecker.com Pulumi is an Infrastructure as Code (IaC) tool that supports using Go, .Net, Python, and TypeScript/JavaScript. Libvirt is a tool for managing virtual machines (VM). Typically, teams use Pulumi with different cloud providers, but we can leverage libvirt to manage virtual machines on bare-metal servers, perfect for a homelab.

Kubernetes Nodes - The Complete Guide | Komodor — komodor.com Learn about Kubernetes node components, status, best practices for running nodes in a cluster, and common errors.

Kubernetes API Basics - Resources, Kinds, and Objects — iximiuz.com The article explains the most fundamental concepts of the Kubernetes API - Resources, API Groups, Kinds, and Objects - preparing the reader to the first access of the API from code.

Securing Admission Controllers | Kubernetes — kubernetes.io

Author: Rory McCune (Aqua Security) Admission control is a key part of Kubernetes security, alongside authentication and authorization. Webhook admission controllers

Orca Security Discovers AWS Glue Vulnerability - Orca Security — orca.security Orca's Research Team discovered a critical vulnerability that could allow an actor to create resources and access data of AWS Glue customers.

Goodbye Dockerfiles: Build Secure & Optimised Node.js Container Images with Cloud Native Buildpacks | Blog — www.pmbanugo.me Learn how to secure container images using Cloud Native Buildpacks

Monitoring new syscalls with Falco | Falco Falco is currently the de facto standard for runtime threat detection in Kubernetes environments. The project is growing at a very fast pace, and so is its open source community. The role of Falco is to collect all the system events of a cluster and send some kind of alert whenever suspicious behavior is detected. Among the other data sources supported, system calls are the core kind of events monitored by Falco.

Remix vs Next.js | Remix — remix.run An objective comparison between Remix and Next.js

Assets

GitHub - up9inc/mizu: API traffic viewer for Kubernetes enabling you to view all API communication between microservices. — github.com API traffic viewer for Kubernetes enabling you to view all API communication between microservices. Think TCPDump and Wireshark re-invented for Kubernetes - GitHub - up9inc/mizu: API traffic viewer for Kubernetes enabling you to view all API communication between microservices. Think TCPDump and Wireshark re-invented for Kubernetes

GitHub - tohjustin/kube-lineage: A CLI tool to display all dependencies or dependents of an object in a Kubernetes cluster. — github.com A CLI tool to display all dependencies or dependents of an object in a Kubernetes cluster. - GitHub - tohjustin/kube-lineage: A CLI tool to display all dependencies or dependents of an object in a Kubernetes cluster.

CodeZero - Visual Studio Marketplace — marketplace.visualstudio.com

Extension for Visual Studio Code - CodeZero extension for VS Code

CodeZero is a modern development platform for Kubernetes

GitHub - asobti/kube-monkey: An implementation of Netflix's Chaos Monkey for Kubernetes clusters — github.com An implementation of Netflix's Chaos Monkey for Kubernetes clusters - GitHub - asobti/kube-monkey: An implementation of Netflix's Chaos Monkey for Kubernetes clusters

GitHub - sagittaros/terraform-k3s-private-cloud: Private cluster with k3s. Why have 1 huge complicated cluster (pet) when you can have many simple, cheap clusters (cattle)? — github.com Private cluster with k3s. Why have 1 huge complicated cluster (pet) when you can have many simple, cheap clusters (cattle)? - GitHub - sagittaros/terraform-k3s-private-cloud: Private cluster with k3s. Why have 1 huge complicated cluster (pet) when you can have many simple, cheap clusters (cattle)?

GitHub - vercel/micro: Asynchronous HTTP microservices — github.com Asynchronous HTTP microservices. Contribute to vercel/micro development by creating an account on GitHub.

GitHub - jedi4ever/bashpack: turns nodejs projects into a single executable bash file — github.com turns nodejs projects into a single executable bash file - GitHub - jedi4ever/bashpack: turns nodejs projects into a single executable bash file

Create powerful apps and websites, without code. — www.glideapps.com Turn spreadsheets into powerful apps & websites, without writing any code. Pick a spreadsheet or start with a template, customize your app, then share it instantly with anyone. Start today for free!

Terraform Pull Request Automation | Atlantis Atlantis: Terraform Pull Request Automation

Home | asdf Manage multiple runtime versions with a single CLI tool

Skills

A Deep Dive into Kubernetes External Traffic Policies — Andrew Sy Kim — www.asykim.com Based on recent discussions, I’ve noticed some confusion around external traffic policies for Kubernetes Services. This is not surprising given there’s a lot of context around this feature that can only be found by digging through many Github issues and pull requests. In this post I'll try to do a deep dive into this feature to clarify some of the important assumptions that may not be clear in the API or the documentation.

Episode 17 w/ Brian LeRoux: The Case for a Local Dev Experience in Serverless, Architect and Begin.com, and Making Sense of the Web Today – AWS FM — aws.fm Brian joins Adam to discuss his belief that we shouldn't forego a local dev experience when building cloud-native apps, his experiences building frameworks and products like arc.codes and Begin.com, and an honest evaluation of where we're at with the web in 2021.

DevOps Roadmap: Learn to become a DevOps Engineer or SRE — roadmap.sh Community driven, articles, resources, guides, interview questions, quizzes for DevOps. Learn to become a modern DevOps engineer by following the steps, skills, resources and guides listed in this roadmap.