Newsletter of Carlos Santana - Issue #32
April starts this week, and you know what that means? 1Q22 is over, and you have to reflect on what you achieved in 25% of the year.
I hope the war ends soon; writing this phrase is surreal.
Talking about surreal, this is how actors felt at the Oscars this Sunday.
News
GoReleaser And Software Supply Chain Security | by developer-guy | Mar, 2022 | GoReleaser — blog.goreleaser.com Before talking about the security of the software supply chains, we should mention what should come to our minds first when we are talking about software supply chains. In most basic terms, you can…
Pure-Go, general-purpose SSH server
Favoring Podman over Docker Desktop | by Peter Butkovic | Mar, 2022 | Medium — medium.com Since the announcement, that docker desktop won’t be available for free for the bigger organizations, I’ve been looking for the open source alternative with smooth migration option. Podman did a…
Get the Best of Both Worlds With the KKP 2.19 CNI Strategy — www.kubermatic.com Find out how you can expect greater control and flexibility by selecting a CNI plugin with KKP 2.19.
The shortcomings of rootless containers | Opensource.com — opensource.com Explore how the principles behind open source--collaboration, transparency, and rapid prototyping--are proven catalysts for innovation.
Understanding root inside and outside a container — www.redhat.com Do you run your containers as root, or as a regular user? It’s such a deceptively simple question. You might be tempted to answer too quickly. Is the threat model really crystal clear in your mind? I have a suspicion that it might not be.
Privilege Escalation in gVisor, Google's Container Sandbox tl;dr gVisor is Google’s sandboxing technology for containers running less-than-fully-trusted code. It’s a Golang reimplementation of the Linux kernel that r...
containerd CRI plugin: Insecure handling of image volumes · Advisory · containerd/containerd · GitHub — github.com GitHub is where people build software. More than 73 million people use GitHub to discover, fork, and contribute to over 200 million projects.
Assets
GitHub - box/kube-exec-controller: — github.com
An admission controller service and kubectl plugin to handle container drift in K8s clusters -
GitHub - genuinetools/bane: Custom & better AppArmor profile generator for Docker containers. — github.com Custom & better AppArmor profile generator for Docker containers. - GitHub - genuinetools/bane: Custom & better AppArmor profile generator for Docker containers.
GitHub - lizrice/running-with-scissors: Resources from my KubeCon + CloudNativeCon keynote — github.com Resources from my KubeCon + CloudNativeCon keynote - GitHub - lizrice/running-with-scissors: Resources from my KubeCon + CloudNativeCon keynote
Rootless Containers | Rootless Containers Rootless Containers
Running Kubernetes Node Components as a Non-root User | Kubernetes — kubernetes.io
FEATURE STATE: Kubernetes v1.22 [alpha] This document describes how to run Kubernetes Node components such as kubelet, CRI, OCI, and CNI without root privileges, by using a user namespace.
Deprecated API Migration Guide | Kubernetes — kubernetes.io
As the Kubernetes API evolves, APIs are periodically reorganized or upgraded. in v1.
Introduction - EKS Best Practices Guides
Welcome to the EKS Best Practices Guides.
Skills
Hacking Your Product Leader Career | by Gibson Biddle | Medium — gibsonbiddle.medium.com A few years ago, I watched an Olympic gymnast deliver a speech, “How to Score a Perfect Ten.” He gave his talk while doing his pommel horse routine! He vaulted onto the horse, did a series of moves…
gVisor is designed to provide a secure, virtualized environment while preserving key benefits of containerization, such as small fixed overheads and a dynamic resource footprint.
Your visual how-to guide for SELinux policy enforcement | Opensource.com — opensource.com Explore how the principles behind open source--collaboration, transparency, and rapid prototyping--are proven catalysts for innovation.
GitHub - genuinetools/contained.af — github.com A stupid game for learning about containers, capabilities, and syscalls. - GitHub - genuinetools/contained.af: A stupid game for learning about containers, capabilities, and syscalls.