Newsletter of Carlos Santana - Issue #33
Last week we finished the book Container Security by Liz Rice, and this week we started a new book Kubernetes Security by Michale Hausenblas and Liz Rice. If You want to see the following books we will be reading and discussing, check out the Kubernetes Book Club.
If you are a new person to open source and want to participate in Google Summer of Code (GSOC) this year with one of the CNCF projects, including Kubernetes, Knative, and many others, I hosted a Twitter Space you can listen to the recording.
PS: If you plan to attend KubeCon and KnativeCon, I'm giving two talks. Please don't be shy, say hi, and take a selfie with me 🤗
News
Virtual Kubernetes clusters: A new model for multitenancy | Opensource.com — opensource.com Try vcluster, an open source implementation that tackles certain aspects of typical namespace- and cluster-based isolation models.
Amazon EKS now supports Kubernetes 1.22 | Amazon Web Services — aws.amazon.com
Amazon EKS, Amazon EKS Distro, and Amazon EKS Anywhere can now run Kubernetes version 1.22.
Spring4Shell: The zero-day RCE in the Spring Framework explained | Snyk — snyk.io Security resources like Lunasec, Rapid7 and Praetorian confirmed that the vulnerability is real, and in the meantime Spring has already released a new version
Announcing Grafana Mimir, the most scalable open source TSDB in the world | Grafana Labs — grafana.com Our new open source project allows you to scale to 1 billion metrics and beyond.
How Go Mitigates Supply Chain Attacks - The Go Programming Language Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.
Is Platform Engineering the New DevOps or SRE? | by Daniel Bryant | Mar, 2022 | Ambassador Labs — blog.getambassador.io Almost every day we hear about another organization building an internal developer platform or developer control plane. We’re not alone in observing this trend in platform engineering; when Humanitec…
Migrate from PodSecurityPolicy to PodSecurity Admission Controller (Updated) — kubernetes.io
This page describes the process of migrating from PodSecurityPolicies to the built-in PodSecurity admission controller.
Comprehensive Vulnerability Scanner Trivy currently supports SBOM formats.
Kubernetes-in-Kubernetes and the WEDOS PXE bootable server farm | Kubernetes — kubernetes.io
Author: Andrei Kvapil (WEDOS) When you own two data centers, thousands of physical servers, virtual machines and hosting for hundreds of thousands sites, Kubernetes can actually simplify the management of all these things.
Generics can make your Go code slower — planetscale.com Go 1.18 is here, and with it, the first release of the long-awaited implementation of Generics is finally ready for production usage. Generics are a frequently requested feature that has been highly contentious throughout the Go community.
Is Your Cluster Ready for v1.24? | Kubernetes — kubernetes.io
Author: Kat Cosgrove Way back in December of 2020, Kubernetes announced the deprecation of Dockershim.
Announcing Postgres Container Apps: Easy Deploy Postgres Apps With Postgres Container Apps you can, from directly inside Postgres with a simple function call, spin up a container that is running right alongside your Postgres database!
Assets
This is a proposal for a single, standard environment variable that plainly and unambiguously expresses LACK OF CONSENT by a user of that software to any of the following:
Kubernetes scheduler written in less than 100 lines of bash — github.com Kubernetes scheduler written in less than 100 lines of bash :grimacing: :laughing: - GitHub - rothgar/bashScheduler: Kubernetes scheduler written in less than 100 lines of bash
A Kubectl plugin that can detect if any of your workloads or manifest files are mounting the docker.sock volume — github.com
A Kubectl plugin that can detect if any of your workloads or manifest files are mounting the docker.sock
Validate your Kubernetes configuration files, supports multiple Kubernetes versions — github.com Validate your Kubernetes configuration files, supports multiple Kubernetes versions - GitHub - instrumenta/kubeval: Validate your Kubernetes configuration files, supports multiple Kubernetes versions
A FAST Kubernetes manifests validator, with support for Custom Resources! — github.com A FAST Kubernetes manifests validator, with support for Custom Resources! - GitHub - yannh/kubeconform: A FAST Kubernetes manifests validator, with support for Custom Resources!
Skills
Technical FAQ on the Digital Markets Act | Matrix.org — matrix.org We've been flooded with questions about the DMA since it was announced last week, and have spotted some of the gatekeepers jumping to the wrong conclusions about what it might entail. Just in case you don't want to wade through yesterday's sprawling blog post, we've put together a quick FAQ to cover the most important points based on our understanding.
Parca is a continuous profiling project for applications and infrastructure. It helps you save money, improve performance and understand incidents better.
Finding an intro to maths for cryptography | by Liz Rice | Medium — medium.com If you’re looking for an introduction to the mathematics that make cryptography work, perhaps this list might help. I’m currently writing a book about Container Security for O’Reilly Media, and one…