Newsletter of Carlos Santana - Issue #27
News
How to Make Package Signing Useful — blog.chainguard.dev The Case for Farm-to-Table Package SigningThe benefits and limitations of signing an open source package–using a private key to create a unique digital signature–are a surprisingly contentious topic. One of the maintainers associated with the Python Package Index maintainer has a cogent blog post called “Why Package Signing
Shades of DevOps - Related Job titles — www.jedi.be A quick overview of the titles/roles use to related to devops related subject matter experts. I will stick with my definition of devops regardless of job title: Dev(sec)Ops: everything you do to overcome the friction created by silos … All the rest is plain engineering
Scaling Kubernetes to Over 4k Nodes and 200k Pods | by Abdul Qadeer | The PayPal Technology Blog | Jan, 2022 | Medium — medium.com At PayPal, we recently started testing the waters with Kubernetes. A majority of our workloads run on Apache Mesos, and as part of this migration, we needed to understand several performance aspects…
Amazon more than doubles max base pay to $350k for corporate and tech workers, citing labor market - GeekWire — www.geekwire.com Amazon will boost its maximum base pay to $350,000 for corporate and tech employees, from $160,000 previously, as part of an overall increase in total…
A modern toolkit to start working with container images on macOS that meets your needs without requiring Docker Desktop — medium.com Most of us stepped into the containerization world with Docker. So, we’ll always be grateful to Docker for that. But, to be honest, even we’re working with Docker, we know that it is not the only…
CNCF Annual Survey 2021 | Cloud Native Computing Foundation — www.cncf.io Featuring production data and insights from Datadog, New Relic, and SlashData download report View the complete raw data on GitHub Are you a CNCF member with in…
A decade of major cache incidents at Twitter
PodSecurityPolicy is dead. Long live...? | Appvia.io — www.appvia.io PodSecurityPolicy is being deprecated. Find out what replaces it and how to migrate with our online free tool
DSHR's Blog: EE380 Talk — blog.dshr.org I was asked at short notice to fill in for a speaker in Stanford's EE380 course who had to cancel. Below the fold is a hastily updated vers...
The Top 7 Open Source Tools for Securing Your Kubernetes Cluster — mattermost.com This article from the Mattermost community explores how to secure production Kubernetes clusters with the help of open source tools.
OCI Artifacts Explained. Are they real? Kind of! | by Dan Lorenc | Medium — dlorenc.medium.com The OCI (Open Containers Initiative) manages a few specifications and projects related to the storage, distribution, and execution of container images. If you’ve ever run a docker container, you’ve…
CNCF Sees Record Kubernetes and Container Adoption in 2021 Cloud Native Survey | Cloud Native Computing Foundation — www.cncf.io Record number of organizations are using or evaluating Kubernetes as the technology goes mainstream and users start to move up the stack SAN FRANCISCO, Calif.
Falco 0.31.0 a.k.a. "the Gyrfalcon" | Falco
Falco 0.31.0 finally ships with the brand new plugin system 🎉
BeyondCorp is dead, long live BeyondCorp No organization has successfully implemented a fully zero trust architecture. Many proponents of zero trust, including the US government, have ignored device...
Connecting Go Profiling With Tracing · Felix Geisendörfer
Profiling Improvements in Go 1.18
SLOConf - Service Level Objective Conference The first Service Level Objective Conference for Site Reliability Engineers
Detecting a Container Escape with Cilium and eBPF — isovalent.com Learn how to use Isovalent Cilium Enterprise observability to detect container escapes
Prodspec and Annealing | USENIX — www.usenix.org
focus on the state you want to reach. Instead of maintaining step-by-step workflows
IPVS-Based In-Cluster Load Balancing Deep Dive | Kubernetes Author: Jun Du(Huawei), Haibin Xie(Huawei), Wei Liang(Huawei) Editor’s note: this post is part of a series of in-depth articles on what’s new in Kubernetes 1.11 Introduction Per the Kubernetes 1.11 release blog post , we announced that IPVS-Based In-Cluster Service Load Balancing graduates to General Availability. In this blog, we will take you through a deep dive of the feature. What Is IPVS? IPVS (IP Virtual Server) is built on top of the Netfilter and implements transport-layer load balancing as part of the Linux kernel.
Zanzibar Implementations Reviewing the current landscape of Zanzibar implementations.
Crypto, NFTs, and sports betting: Money is now a hobby - Vox — www.vox.com Why (mostly) 20- and 30-something dudes made crypto and sports betting their personality.
Assets
GitHub - sbstp/kubie: A more powerful alternative to kubectx and kubens — github.com A more powerful alternative to kubectx and kubens. Contribute to sbstp/kubie development by creating an account on GitHub.
GitHub - apiaryio/curl-trace-parser: Parser for output from Curl --trace option — github.com Parser for output from Curl --trace option. Contribute to apiaryio/curl-trace-parser development by creating an account on GitHub.
GitHub - ruoshan/autoportforward: Bidirectional port-forwarding for docker, podman and kubernetes — github.com Bidirectional port-forwarding for docker, podman and kubernetes - GitHub - ruoshan/autoportforward: Bidirectional port-forwarding for docker, podman and kubernetes
GitHub - kameshsampath/kluster: Tool to run local k3s clusters backed by multipass vms — github.com Tool to run local k3s clusters backed by multipass vms - GitHub - kameshsampath/kluster: Tool to run local k3s clusters backed by multipass vms
GitHub - anchore/grype: A vulnerability scanner for container images and filesystems — github.com A vulnerability scanner for container images and filesystems - GitHub - anchore/grype: A vulnerability scanner for container images and filesystems
Skills
Comparing kube-proxy modes: iptables or IPVS?
Performance Comparison
What is MicroK8s? K3s, Kind, Minikube, VM's with Kubespray... why MicroK8s? What makes it interesting and unique to me? In this video, I'll show off three killer features that...
CORS is not meant to secure an API endpoint A few days ago I came across this article. The author shows how to access a Drupal system in the backend with a Vue.js app. For authentication he uses an API key - and I find that dangerous. Here's why.
HTTP/3: Everything you need to know about the next-generation web protocol | The Daily Swig — portswigger.net QUIC march
Kubernetes and Checkpoint Restore - Adrian Reber, Red Hat — www.youtube.com https://youtu.be/0RUDoTi-Lw4
From AWS Lambda & API Gateway To Knative & Kong API Gateway | Blog — www.pmbanugo.me How to build a serverless function API using Knative, Kong, and kazi
Introducing the ApplicationSet Controller for Argo CD | by Jonathan West | Argo Project — blog.argoproj.io I am excited to announce the first release of the Argo CD ApplicationSet controller, v0.1.0, releasing now alongside Argo CD v2.0! Unlike with an Argo CD Application resource, which deploys resources…
Kernel Community | Kernel — kernel.community A peer-to-peer, lifelong learning community of the most talented individuals in web3
The Work of Edward Tufte and Graphics Press — www.edwardtufte.com Edward Tufte home page for books, posters, sculpture, fine art and one-day course: Presenting Data and Information