Our kind reminder about this Awesome DevOps Telegram repo (created by the Kubernative authors). It lists various Telegram channels and groups dedicated to DevOps, SRE, and Platform Engineering, which hugely intersects with the Cloud Native topic. It was updated recently and offers more resources. Enjoy, contribute, and share with other Telegram users! ✨

https://github.com/palark/awesome-devops-telegram

Here comes our newest digest of the prominent software updates in the Cloud Native ecosystem!

1. Kubermatic released a new version of KubeOne, its solution to automate Kubernetes cluster operations throughout various environments, v1.9.0. It brought a technical preview of KubeOne UI, an initial implementation of the KubeVirt provider, new kubeone kubeconfig generate command, Kubernetes 1.31 and Ubuntu 24.04 support, and Cilium v1.16.

2. Thanos, a highly available Prometheus setup with long-term storage (a CNCF Incubating project), was updated to v0.37.0. It came with a new replication protocol (using Cap'n Proto) for Receivers, hedged requests support and metadata API limit in Store, native histograms for client latency metrics and an ability to do concurrent rule evaluations in Ruler, and much more.

3. Harvester, a hyperconverged infrastructure (HCI) solution from SUSE built on Kubernetes, has seen its v1.4.0 with lots of new features. It introduced experimental support for local storage (via harvester-csi-driver-lvm add-on), Longhorn V2 data engine, and volume encryption and decryption. Other new features include third-party storage for diskless servers, read-write-many (RWX) volumes for guest cluster workloads, scheduled VM backups and snapshots, USB passthrough, and CPU pinning.

4. Woodpecker CI/CD engine was updated to 2.8.0, which added more flexible PR approval options and a full support for Windows containers in Docker backend.

5. External Secrets Operator (a CNCF Sandbox project) issued its v0.11.0, featuring a new way of reconciling external secrets, which significantly reduces the number of API calls. It also introduced caching for ClusterGenerators and Generator as well as CRD validation for all resources.

6. Falcosidekick, which connects Falco (a cloud native runtime security tool, a CNCF Graduated project) to your ecosystem, was updated to 2.30.0, with three new outputs (Webex, OTLP Metrics, and Datadog Logs), significantly improved throughput, better integration with Elasticsearch, and better consistency for Prometheus metrics.

7. Perses, a dashboard tool for visualising observability data (recently accepted to the CNCF Sandbox), released the first public version of its Kubernetes operator, v0.1.0. Being in its alpha, Perses operator currently lacks documentation, yet its README provides a brief instruction for trying it out.

#news #releases

Here goes our latest bunch of interesting Kubernetes-related articles recently spotted online:

1. "How Kubernetes Uses VXLAN for Overlay Networking" by Matthew Mattox.

Kubernetes needs to create a virtual network that connects pods across multiple nodes seamlessly. Since these pods reside in isolated networks, overlay networks—like those implemented with VXLAN—allow them to communicate over a physical Layer 3 infrastructure. In this post, we explore how Kubernetes uses VXLAN to build an overlay network, enabling communication between pods across nodes.

2. "Deep Dive into Kubernetes CPU Usage, Requests, and Limits" by John Tucker.

From this fairly long article, we can draw some conclusions:
* It is important to have at least as many threads as the CPU requests in a workload.
* It is a good practice to set a container’s limits equal to it requests.

3. "Platform Engineering at KubeCon NA 2024 in Salt Lake City" by Mathieu Benoit, a CNCF Ambassador.

Like always, I met with old friends, I made new friends and I had deep conversations around Platform Engineering and Cloud Native in general. [..] here is what we will cover throughout this blog post: tl,dr; General announcements; Cloud Native Rejekts; TAG App Delivery; Platform Engineering Day; ArgoCon; AppDeveloperCon, WasmCon, OpenTofu Day, BackstageCon; OpenShift Commons; KubeCon; Score & Humanitec; Next events; Others’s KubeCon recaps.

4. "Building your own service mesh" by Daniel Finneran, Isovalent.

There are a bunch of components that we will need to implement in order for us to implement the “service mesh” type behaviour. Most service meshes implement a heck of a lot more, we’re exploring the basics needed to implement it.

5. "Kubernetes configuration linting tools" by Brian Grant.

There are a number of different Kubernetes configuration validation tools for different needs and preferences. If you don’t use Trivy, Kubescape, or Checkov, you may want to check them out.

6. "How We Integrated Native macOS Workloads with Kubernetes" by Vitalii Horbachov, Agoda.

Today, we’re excited to unveil the open-sourcing of a significant part of our latest successful venture in the Apple Infrastructure world: macOS Virtualization Kubelet (macOS-vz-Kubelet). This project represents a paradigm shift in managing and utilizing macOS infrastructure, replacing our older approach with a modern, scalable solution that harnesses the power of Apple Silicon and Kubernetes.

#articles

Thought of reducing your carbon footprint or costs by sending your Kubernetes environments to sleep when not used? Consider this operator.

Snorlax is a K8s operator that allows you to define when your Kubernetes deployments should be running. Its features include:

- Defining the wake & sleep time of the day (no crontab-style support at the moment) for deployments;
- Displaying a temporary page while the needed deployment is waking up;
- Leaving deployments awake if a user request is received during the sleep time;
- Ignoring AWS ELB health checks to avoid waking up deployments for no reason.

Language: Go | License: Apache 2 | 186 ⭐️

▶️ GitHub repo

P.S. Previously, we also covered the sleepcycles project, which has a similar idea.

#tools

Here comes our newest digest of the prominent software updates in the Cloud Native ecosystem!

Release Spotlight: Kubernetes v1.32

Released on December 11th and codenamed “Penelope,” the latest Kubernetes release brings 44 enhancements (13 stable, 12 beta, and 19 alpha). Its new Alpha features include asynchronous preemption in the scheduler, mutating admission policies via CEL expressions, Pod-level resource specifications, zero sleep duration for PreStop hooks, new statusz and flagz endpoints for core components, and graceful shutdowns of Windows nodes.

Some of the features promoted to stable are Structured Authorization Configuration, Custom Resource field selectors, auto-removal of PVCs created by StatefulSet, and Load Balancer IP mode for Services.

Other noticeable updates in the Cloud Native space:

1. Linkerd (a CNCF Graduated project) has released its 2.17, introducing visibility and control for egress traffic leaving the Kubernetes cluster from meshed pods, rate limiting to protect services from being overloaded, and federated services to unite logically the replicas of the same service across multiple clusters.

2. Jaeger (a CNCF Graduated project) has seen its first update since releasing v2 — v2.1.0. It came with an experimental script for metrics markdown table, Cassandra DB schema creation on session initialisation, and read path implementation for the v2 storage interface.

3. Kubeflow, a CNCF Incubating project simplifying deployments of ML workflows on Kubernetes, released its Spark Operator v2.1.0. It brought support for pod template for Spark 3.x applications, updated the default container security context, and added more configurable options.

4. Headlamp, a Kubernetes user interface (a CNCF Sandbox project), was updated to 0.27.0 with numerous additions. They include new global search, bulk resource deletion, adding a Create button to different resource list views, and leveraging cached objects when rendering their details.

5. Coroot, an Open Source observability & APM tool, released v1.6, adding multi-tenancy mode, Kubernetes operator, high availability, and OpenShift support.

#news #releases

Don’t fancy endless kubectl port-forward commands and manual reconnections when your Pod dies? This nice GUI is to the rescue!

kftray is a tool for simplifying Kubernetes port-forwarding settings. It interacts with the Kubernetes API directly (not relying on kubectl) and offers two interfaces: desktop (kftray) and terminal (kftui). Its features include:

- Simple (“one-click”) configuration for several port-forwarding instances;
- Access to internal or external servers using the kftray’s proxy relay server deployed in your Kubernetes cluster, with TCP and UDP port forwarding support;
- Automatic reconnection to the Pod when it dies;
- Desktop app-only features: HTTP logs support and storing your configurations on GitHub.

Language: Rust | License: GPL 3 | 877 ⭐️

▶️ GitHub repo
📢 Reddit announcement

#tools #networking #gui

Following the recent Kubernetes v1.32 release (see this digest), the project's blog has seen several posts covering some of the significant changes. It might be a good read for the festive season!

1. “QueueingHint Brings a New Possibility to Optimize Pod Scheduling”: “[..] a QueueingHint subscribes to a particular kind of cluster event, and make a decision about whether each incoming event could make the Pod schedulable.”

2. “Memory Manager Goes GA”: “[..] the memory manager provides topology hints to optimize memory allocation and alignment. This enables users to allocate exclusive memory for Pods in the Guaranteed QoS class.”

3. “A New CPU Manager Static Policy Option For Strict CPU Reservation”: “When this new strict-cpu-reservation policy option is enabled, the CPU Manager static policy will not allow any workload to use the reserved system CPU cores.”

4. “Moving Volume Group Snapshots to Beta”: “Behind the scenes, Kubernetes uses a label selector to group multiple PersistentVolumeClaims for snapshotting. A key aim is to allow you restore that set of snapshots to new volumes and recover your workload based on a crash consistent recovery point.”

#news #articles

Here comes our newest (and the last one for 2024) digest of the prominent software updates in the Cloud Native ecosystem!

Release Spotlight: Open Policy Agent 1.0

OPA is a general-purpose policy engine that graduated from CNCF in 2021 and has been under development for almost 10 years. Its 1.0 release is said to “consolidate an improved developer experience for the future of Policy as Code.”

It came with numerous changes to the defaults in Rego (OPA’s native query language) v1, such as the mandatory use of if for all rule definitions and contains for multi-value rules, new keywords (every, in) being available without any imports, and mandatory requirements that were previously applicable to the strict mode only (e.g., opa check --strict). OPA 1.0 also brought improvements to memory allocations, SDK, scientific notation parsing, and test suite performance.

Other noticeable updates in the Cloud Native space:

1. KAITO, the Kubernetes AI Toolchain Operator that has been recently accepted to the CNCF Sandbox, released its v0.4.0 with numerous new features. They include the addition of RAGEngine CRD, support for vLLM runtime deployments, support for support adaptive max_model_len, and options for building and running private/custom models.

2. Talos, “Linux designed for Kubernetes,” was updated to 1.9.0, introducing systemd-udevd (instead of eudev), a local image cache for container images, custom DNS search domains, device selectors (matching on MAC address of the network interfaces), new experimental NodeAddress address sort algorithm, new talosctl cgroups command, Kubernetes API server authorization config, and an ability to run Kubernetes Pods with user namespaces enabled.

3. Logging Operator, a CNCF Sandbox project leveraging Fluent Bit and Fluentd (or syslog-ng) to manage your Kubernetes logging pipeline, has seen the 5.0.0 release. It got the CRD's subchart provided as an OCI artifact, a new option to ensure resource deletion, a Telemetry Controller migration option, support for rdkafka2 options, and IPv6 support.

4. Rook (a CNCF Graduated project) released v1.16, focused on expanding its capabilities for advanced object store use cases. It resulted in an ability to configure multiple object stores to be backed by the same pools, a bucket policy for S3 buckets, two new mechanisms for advanced configuration of Rook’s RGW daemons, improved RGW operation logging, and more.

5. CloudNativePG 1.25.0 was announced with several prominent features, such as a new Database CRD for declarative database management, new Publication and Subscription CRDs for managing logical replication, and a new dataDurability option for synchronous replication configuration. It also introduced an experimental CNPG-I interface for extending CNPG with external plugins.

Have a wonderful festive time, and see you next year! 🙌

#news #releases

👋 We're back and happy to present our latest bunch of interesting Kubernetes-related articles recently spotted online:

1. "Linux container from scratch" by Michal Pitr.

I recently built a docker clone from scratch in Go. This made me wonder - how hard would it be to do the same step-by-step in a terminal? Let’s find out!

2. "Decoding the pod termination lifecycle in Kubernetes: a comprehensive guide" by Rohit Raveendran, Facets.Cloud.

This guide examines each lifecycle phase during pod termination, detailing the mechanisms for graceful handling, resource optimization strategies, persistent data management, and troubleshooting techniques for common termination issues. By the end of this blog, you will have a thorough understanding of how to effectively manage pod termination in your Kubernetes environment, ensuring smooth and efficient operations.

3. "Getting Started With wasmCloud" by Michael Levan.

In this blog post, you’ll learn about what wasmCloud is and how to get started with Go (golang). However, if you’re using Rust or TypeScript, wasmCloud supports those languages as well.

4. "How to support a growing Kubernetes cluster with a small etcd" by David M. Lentz, Datadog.

This post explores some best practices that can help you avoid outgrowing your etcd storage, even while your Kubernetes cluster becomes larger and busier. We’ll show you how you can:
- Provision appropriate resources for your etcd cluster
- Manage the amount of data you need etcd to store
- Split data across multiple etcd clusters to manage the performance and size of each one

5. "Understanding ReplicaSet vs. StatefulSet vs. DaemonSet vs. Deployments" by Abhisman Sarkar.

When you begin learning about Kubernetes, you hear about the different types of sets it supports and start wondering about their differences. [..] In this blog, I am going to go over each type and explain the differences between them, so that you can understand how exactly we use each set, how they differ from each other, and the purpose that each serves.

6. "Are You Affected by Bitnami LTS and Docker Hub Pull Rate Limits?" by Artem Lajko.

Bitnami chose the worst possible time to roll out their “Notice about LTS branches and pull rates in Docker Hub”. Originally scheduled for December 10, 2024, the timing — right before Christmas — was far from ideal. The community requested a postponement, and Bitnami/VMware responded by delaying the permanent change to Monday, January 6, 2025. [..] But what exactly does the change mean and how does it affect you or your company? Let’s take a look at what has changed in the first place.

#articles

InGate is a new project developed within the Kubernetes SIG to replace a well-known Ingress NGINX Controller for Kubernetes (ingress-nginx).

As its official description says, InGate is “an Ingress and Gateway API Controller for Kubernetes.” The idea is to have a traditional ingress controller that provides more flexibility in traffic routing, load balancing, etc., thanks to the Gateway API implementation under the hood. At the same time, it should not be difficult for those using ingress-nginx to adapt.

You can learn more about this project from the “Securing the Future of Ingress-Nginx” talk (starting from 13:13) presented by James Strong, Isovalent & Marco Ebert, Giant Swarm during KubeCon NA 2024.

P.S. Thanks to Trenton VanderWert for bringing this news to our attention.

#news #networking

Common Expression Language (CEL) is getting increasingly popular in the Kubernetes community. This project leverages it to validate your Helm values.

Helm CEL is a plugin that allows you to write validation rules for Helm charts in CEL (via values.cel.yaml) instead of JSON schema (values.schema.json). Its features include:

- Automatic generation of rules based on your Helm values file;
- An ability to organise your validation rules into multiple files;
- Two severity levels (errors and warnings) and reusable expressions for rules.

Language: Go | License: MIT | 62 ⭐️

▶️ GitHub repo
📢 Reddit announcement

#tools

Here comes our newest digest of the prominent software updates in the Cloud Native ecosystem!

1. MetalLB, a load-balancer implementation for bare metal Kubernetes clusters (a CNCF Sandbox project), released its v0.14.9 at the end of December. It added support for dual-stack IP assignment (via prefer-dual-stack in IPFamilyPolicy), the DynamicASN field to detect the AS number for BGPPeers, and updated Prometheus rules.

2. Argo CD (a CNCF Graduated project) got the release candidates for its v2.14 (rc5 was out last week) with numerous new features. They include global sync timeout for applications, accidental resource deletion protection with new sync options, abilities to disable SSA (server-side apply) on individual resources and disable writing Kubernetes events, configurable batches for massive application refreshes, and upgrading to Helm 3.16.

3. Dragonfly, a P2P-based file distribution and image acceleration system (a CNCF Incubating project; not to be confused with the namesake database), was updated to v2.2.0 and brought many significant changes. Its client was rewritten in Rust and got support for leeching and bandwidth rate limiting for prefetching; the P2P transfer protocol was updated to V2; Web Console got a redesigned UI; Harbor integration was improved; gRPC calls between services are now using mTLS.

4. WasmCloud, a CNCF Incubating project for building, managing, and scaling apps across clouds, Kubernetes, or edge, released v1.5.0. It came with built-in NATS and HTTP server providers, health checks and boolean flags to gate experimental features in the host, enabled HTTP keepalives by default, added support for expanded wkg configuration and other improvements for wash-cli.

5. Inspektor Gadget, a set of tools and framework for inspecting Kubernetes clusters and Linux hosts using eBPF (a CNCF Sandbox project), has seen its v0.36.0, featuring support for the OpenTelemetry logs via OTLP protocol and uniform filtering capabilities in the gadgets.

6. kubespray v2.27.0 was released switching to CRI-O (instead of runc) as the default container runtime and Kubernetes v1.31.4 as the default K8s version. It also added support for kubeadm v1beta4, numerous Cilium features (Host Firewall and PolicyAuditMode, disabling Hubble UI, partial support for Cilium v1.16+), ntpsec, network isolation configuration in Multus, an ability to skip network configuration, support for Fedora 39 and 40, and more.

#news #releases

This visualisation tool for Kubernetes differentiates from other GUIs by aiming to provide helpful insights about your clusters.

Karpor, dubbed “Intelligence for Kubernetes,” implements a clean web UI with three major features: cluster management, insights, and search. Here’s what it offers:

- Managing multiple K8s clusters from a single UI;
- Aggregated resource view and resource topology view;
- Inspecting specific resources and resource groups;
- Summary cards for clusters, resources, namespace, and resource groups;
- Compliance reports, highlighting existing risks according to the kubeaudit output;
- Finding resources via SQL-style queries;
- AI-assisted insights and diagnostics (PR #707).

Language: Go | License: Apache 2.0 | 858 ⭐️

▶️ GitHub repo

#tools #gui

Four small Open Source projects for Kubernetes users and operators that we discovered on GitHub recently:

1. kubesec-diagram provides an excellent overview of security in Kubernetes, from Linux kernel internals to APIs, networking, operators, and more.

2. etcd-k8s-extract extracts Kubernetes resources and writes them to disk in YAML format. It should be helpful if you have an etcd backup only or when debugging Kubernetes clusters in environments with limited access.

3. kube-code-generator generates the Go code you need for Kubernetes controllers and operators. It features a minimal configuration and comes in ready-to-use Docker images.

4. kubesafe safeguards executing various CLI commands against your Kubernetes clusters (kubectl, helm, etc.) by defining safe contexts and dangerous commands.

#tools

Here goes our latest bunch of interesting Kubernetes-related articles recently spotted online:

1. "Kubernetes Homelab Series (Part 1): How I Built My Kubernetes Cluster from Scratch" by Pablo del Arco.

In this series, I’ll share my journey of building a Kubernetes homelab from scratch — the tools, the wins, the obstacles, and the lessons — all based on personal, real-world experiences rather than typical tutorials. [..] To kick things off, I started by setting up a K3s cluster — a lightweight Kubernetes distribution perfect for homelabs.

2. "Fuzzing the CNCF landscape in 2024" by Chris Aniszczyk (CNCF), Adam Korczynski (Ada Logics), David Korczynski (Ada Logics).

CNCF maintains a high level of security for its projects by way of a series of initiatives such as security auditing, supply-chain assessments and security automation work. In this blogpost we will go over CNCF’s fuzzing initiative and its impact in 2024. Fuzzing a technique for finding security and reliability bugs by way of executing vast amounts of arbitrary inputs against a given API or codebase.

3. "Exploring the Kubernetes API Server Proxy" by Rory McCune.

[..] I thought it’d be interesting to look at a lesser known feature of the Kubernetes API server which has some interesting security implications. The Kubernetes API server can act as an HTTP proxy server, allowing users with the right access to get to applications they might otherwise not be able to reach. This is one of a number of proxies in the Kubernetes world which serve different purposes. The proxy can be used to access pods, services, and nodes in the cluster, we’ll focus on pods and nodes for this post.

4. "Would the Kubernetes CPU limit be an anti-pattern?" by Carlos Alberto Alves Correia.

Most of the time, when you ask a DevOps engineer if it is good practice to set the limit for deployments, 99% of them will say YES. I see that there is a consensus among professionals that it is good to block resources to prevent a hungry application from consuming all the resources of the cluster. Part of this is true, but not for the CPU and I will explain why.

5. "Cluster API to production: from Cluster API to GitOps with Argo CD and Kyverno" by Lior Friedman.

For Argo CD to deploy resources in tenant clusters we first need to configure the clusters in Argo CD. This guide goes over automatically generating Argo CD cluster credentials secrets using Kyverno. By the end of this guide, we will be able to deploy addons to Cluster API tenant clusters with Argo CD from the management cluster.

6. "How to Create a Production-Ready EKS Cluster on AWS Using Terraform (Part 2: EKS Setup)" by Alex Tsvetkov.

In Part 2, we’ll cover configuring the EKS cluster with Terraform, setting up managed node groups, and integrating IAM roles and policies for secure and efficient cluster operations.

#articles

This year’s first batch of Open Source projects accepted to the CNCF Sandbox has just arrived! Let’s welcome them:

1. Spin, a framework for building and running fast, secure, and composable cloud microservices with WebAssembly, and SpinKube, a platform for efficiently running containerless Spin-based Wasm applications on Kubernetes. See their Sandbox application issues for more details: [#116] [#90]

2. container2wasm, a tool to run containers on Wasm-enabled environments. [#123]

3. SlimFaas, a small proxy implementing simple FaaS (Function as a Service) in Kubernetes. [#119]

4. Tratteria, a Kubernetes-native framework designed to facilitate the adoption of TraTs (Transaction Tokens) in existing applications to secure their call chains. [#115]

5. k0s, a lightweight Kubernetes distribution with zero dependencies. [#125]

6. Runme Notebooks, a toolchain that turns Markdown into interactive, Cloud Native, runnable Notebook experiences for DevOps. [#127]

7. KubeFleet, a multi-cluster solution that enables users to manage their applications running in a fleet of Kubernetes clusters. [#307]

8. CloudNativePG, a Kubernetes-native database platform for PostgreSQL. [#128]

9. Podman Desktop, a user-friendly tool for developers to build, manage, and deploy containers and Kubernetes — all from the desktop. [#308]

10. Podman Container Tools, a set of tools (notably, Podman, Buildah, and Skopeo) to manage containers and images, volumes mounted into those containers, and pods made from groups of containers. [#309]

11. bootc, transactional, in-place operating system images and updates using OCI/Docker container images. [#310]

12. composefs, several underlying Linux kernel features to provide a flexible mechanism that supports read-only mountable filesystem trees, stacking on top of an underlying "lower" Linux filesystem. [#311]

In related news, CubeFS, a Cloud Native distributed storage system, became a CNCF Graduated project.

UPDATE: On January 26th, one more project was accepted:

13. Drasi, a data processing platform that tracks system logs and change feeds for specific events, evaluates them, and automatically reacts with relevant actions. [#296]

#news #cncfprojects

Wireshark Foundation has introduced Stratoshark created by Sysdig and advertised as "Wireshark for the Cloud".

Stratoshark is a tool that provides deep visibility into application-level behaviour by analysing cloud system calls and logs. It is built on the legacy of Wireshark and Falco, designed for Cloud Native environments, and supports the same file format as Falco and Sysdig CLI.

- Website
- LinkedIn announcement
- “Troubleshooting CrashLoopBackOff with Stratoshark”

#news #tools #security #observability

Our selection of the latest prominent software updates from the cloud native ecosystem:

1. Percona Everest, a Cloud Native database platform for Kubernetes, released its v1.4.0 with numerous new features. Particularly, it got the Helm charts as a new (and recommended) way of installation, Kubernetes namespace management via new everestctl commands, improved UI, and support for Percona PostgreSQL operator v2.5.0 and PSMDB operator v1.18.0.

2. Perses, a dashboard specification and tool for Prometheus (a CNCF Sandbox project), was updated to 0.50.0. It introduced the status history panel, reordering capability for the table panel, various new CLI commands for plugin development, and dozens of improvements.

3. Envoy Proxy (a CNCF Graduated project) released v1.33.0, featuring new JSON formatter implementation for the access log enabled by default, support for Wasm VM reload and Wasm plugins written in Go, parallel streaming of the shadow requests for HTTP requests, Signed Double-Submit Cookie pattern implementation in OAuth2, Opencensus tracing deprecation, and more.

4. Helm (a CNCF Graduated project) v3.17.0 was released with several new features, such as an ability to pull and install by OCI digest, added annotations and dependencies in the chart metadata output, new --take-ownership flag for install and upgrade commands, and new toYamlPretty template function.

5. VictoriaLogs, a scalable logs solution from the VictoriaMetrics project, has seen three substantial releases in January (1.5.0, 1.6.0, and 1.7.0). They introduced a union pipe and INNER JOINs for join pipes in LogsQL queries, new histogram stats function and value_type filter, numerous web UI improvements (including autocompletion for queries and configuration settings for the grouped view), and better performance.

6. Argo CD Image Updater, a tool to automatically update the images of K8s workloads managed by Argo CD (a CNCF Graduated project), had its v0.15 release back in October, but it was formally announced just two days ago (perhaps due to the v0.15.2 released two weeks ago). This version comes with support for Argo CD multi-source application sets, updating multiple images when using Helm value files, an ability to work even when auto-sync is disabled, and more.

#news #releases

Here goes our latest bunch of interesting Kubernetes-related articles recently spotted online:

1. "Kafka vs NATS: A Comparison for Message Processing" by Josson Paul Kalapparambath.

Kafka and NATS are two popular tools for handling streaming and messaging. They have different architectures and different performance characteristics. They are suitable for specific use cases. In this article, we will compare the features of NATS with Kafka and explain the use cases I addressed at work.

2. "Kubectl-r[ex]ec: A kubectl plugin for auditing kubectl exec commands" by Marton Natko, Adyen.

With this minimalistic application, we can easily audit exec commands, and we only have to install a few manifests on the Kubernetes side while distributing our plugin to our engineers.

3. "Kubernetes Best Practices I Wish I Had Known Before" by Engin Diri, Pulumi.

In this post, I will highlight some crucial Kubernetes best practices. They are from my years of experience with Kubernetes in production. Think of this as the curated “Kubernetes cheat sheet” you wish you had from Day 1. Buckle up; it’s going to be an exciting ride.

4. "Configuration Management at Ant Group: Generated Manifest & Immutable Desired State" by KusionStack.

In this first article, we will examine the specific challenges we encountered over the years, the strategies we devised to address them, and the resulting patterns that have emerged as what we believe to be best practices — Generated Manifest & Immutable Desired State. Through this exploration, we aim to provide valuable insights and practical guidance for navigating the complexities of configuration management in a dynamic and highly regulated environment.

5. "So you wanna write Kubernetes controllers?" by Ahmet Alp Balkan.

Low barrier to entry combined with good intentions and the “illusion of working implementation” is not a recipe for success while developing production-grade controllers. I’ve seen the real-world consequences of controllers developed without adequate understanding of Kubernetes and the controller machinery at multiple large companies. We went back to the drawing board and rewritten nascent controller implementations a few times to observe which mistakes people new to controller development make.

6. "Kubernetes RBAC: A Comprehensive Guide" by Oshrat Nir.

Kubernetes RBAC is a method used to manage user access rights to resources within a Kubernetes cluster. It enables administrators to grant users or applications only the permissions they need to perform their tasks, and no more. RBAC uses authentication and authorization to achieve its purpose by verifying the identity of a user or system trying to access the Kubernetes API server.

#articles

There are many ways to run a Kubernetes cluster at home. This project produces a beginner-friendly ISO image loaded with ready-to-use software.

k4all provides a pre-configured Fedora CoreOS image, which you can boot on your home device to install Kubernetes and essential add-ons. Here’s what it offers:

* Fully automated installation process. (Note that it will format your disk.)
* Kubernetes dashboard, metrics server, Calico or Cilium for networking, NGINX Ingress Controller, and TopoLVM (a CSI plugin to use LVM for Kubernetes).
* Optional add-ons: KubeVirt to run virtual machines and Argo CD.

Language: Shell | License: GPL 3.0 | 22 ⭐️

▶️ GitHub repo
📢 Reddit announcement

#tools

Kubernetes History Inspector (KHI) from Google Cloud is Open Source now.

As its description states, “KHI transforms vast quantities of logs into an interactive, comprehensive timeline view.” This tool collects the Kubernetes logs and visualises them providing SREs with an interactive Web-based GUI.

KHI displays the status of resources on a timeline, correlates various types of logs (event logs, audit logs, network, etc.) to help you find their relationships and dependencies, and allows you to interactively apply various filters. Currently, the Kubernetes clusters in Google Cloud (i.e. GKE) are supported only, with more options to follow.

▶️ GitHub repo

#tools #GCP #observability #news