Hi, I'm back with a new newsletter this week after a break traveling to Spain for KubeCon. Was very fantastic to get to see in person all the amazing technologists I interact with in open source.

We resume the Kubernetes BookClub this week, we are reading the Hacking Kubernetes book and will discuss Chapter 3 on June 3rd. If you want to join get an invite here https://www.santana.dev/book-club

News

Letter in Support of Responsible Fintech Policy — concerned.tech Dear Members of Senate Finance Committee...

Chainguard raises $50M Series A for supply chain security – TechCrunch — techcrunch.com Software supply chain startup Chainguard today announced that it has raised a $50 million Series A led by Sequoia.

Announcing the Refreshed Cloud Native Security Whitepaper | Cloud Native Computing Foundation — www.cncf.io The CNCF Security Technical Advisory Group (TAG) has just released a refreshed Cloud Native Security Whitepaper v2 to help educate the community about best…

Graviton 3: First Impressions – Chips and Cheese — chipsandcheese.com

In late May of 2022, AWS released Graviton 3 to the general public. Graviton 3 was the first ARM CPU to introduce the SVE instruction set to a widely accessible server CPU.

KubeCon EU 2022 Summary: Cloud Novices, Golden Paths, and Software Supply Chains | by Daniel Bryant | May, 2022 | Ambassador Labs — blog.getambassador.io Summary of KubeCon EU 2022 in Valencia, with a focus on cloud education, golden paths and platform engineering, and security and software supply chains

Breaking Into Cloud Security - Nick Jones

Cloud security is an area of the industry with some of the biggest skill shortages.

What Made GoLang So Popular? The Language’s Creators Look Back – The New Stack — thenewstack.io

Since the day it was open sourced in 2009, the Go programming language has consistently grown in popularity.

How To Start Programming In Go: Advice For Fellow DevOps Engineers — iximiuz.com "Starting programming", "Starting programming in Go", and "Starting programming Kubernetes controllers in Go" are there different challenges with the exponentially increasing level of complexity.

Introducing DigitalOcean Functions: A powerful serverless computing solution — www.digitalocean.com DigitalOcean is committed to providing products that serve developers throughout their journey, and access to serverless computing has been one of the most popular requests from DigitalOcean users ...

The Open Future : Spotify Engineering — engineering.atspotify.com Spotify’s official technology blog

Kubernetes Annual Report 2021 | Cloud Native Computing Foundation — www.cncf.io This is a summary of the Kubernetes project’s contributor community and activities. This report documents both quantitative measures of community health…

Announcing the First Images Designed for a Secure Software Supply Chain — blog.chainguard.dev We’re building a suite of products with the goal of simplifying security for all developers.

npm security update: Attack campaign using stolen OAuth tokens | The GitHub Blog — github.blog npm's impact analysis of the attack campaign using stolen OAuth tokens and additional findings.

Red Hat Releases Open Source StackRox to the Community — cloud.redhat.com

Today, Red Hat is excited to announce that Red Hat Advanced Cluster Security for Kubernetes (RHACS) is now open sourced as StackRox.

Five Things to Prepare for Cgroup v2 with Kubernetes - Kintone Engineering Blog — blog.kintone.io

By Daichi Sakaue (@yokaze) Above all the effort of the community, Kubernetes is now ready to run with cgroup v2.

Jetstack Helps Turn Security Policies into Actions – The New Stack — thenewstack.io Jetstack, a cloud native security company, has released its Jetstack software supply chain toolkit -- a comprehensive, web-based interactive program for securing software supply chains.

Assets

ttl.sh | An anonymous & ephemeral (and free) Docker image registry An anonymous & ephemeral (and free) Docker image registry.

GitHub - chainguard-dev/ssc-reading-list: A reading list for software supply-chain security. — github.com A reading list for software supply-chain security. - GitHub - chainguard-dev/ssc-reading-list: A reading list for software supply-chain security.

Creates PolicyReports based on the different Trivy Operator CRDs like VulnerabilityReports — github.com Creates PolicyReports based on the different Trivy Operator CRDs like VulnerabilityReports - GitHub - fjogeleit/trivy-operator-polr-adapter: Creates PolicyReports based on the different Trivy Operator CRDs like VulnerabilityReports

GitHub - ContainerSolutions/delayed-jobs-operator — github.com Contribute to ContainerSolutions/delayed-jobs-operator development by creating an account on GitHub.

GitHub - iovisor/bcc: BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more — github.com BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more - GitHub - iovisor/bcc: BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more

Skills

Getting GitOps: A practical platform with OpenShift, Argo CD, and Tekton | Red Hat Developer — developers.redhat.com A practical guide through the jungle of modern development with Kubernetes, with a focus on application distribution via continuous integration/continuous delivery (CI/CD) and GitOps on Red Hat OpenShift.

Introducing native support for OpenTelemetry in Jaeger | by Yuri Shkuro | JaegerTracing | May, 2022 | Medium — medium.com The latest Jaeger v1.35 release introduced the ability to receive OpenTelemetry trace data via the OpenTelemetry Protocol (OTLP), which all OpenTelemetry SDKs are required to support. This is a…

Migrations Done Well: Typical Migration Approaches - The Pragmatic Engineer — blog.pragmaticengineer.com A guide for executing migrations well, at both small and large scales.

Control Group APIs and Delegation Intended audience: hackers working on userspace subsystems that require direct cgroup access, such as container managers and similar.