There are many ways to make your CLI more convenient and powerful, and jnv is one of them if you often work with JSONs. Kubernetes is not just about YAMLs, right?

In essence, jnv is an interactive JSON viewer with an embedded jq filter editor. It helps you navigate your JSON objects easily. You can use it instead of kubectl … | jq -r … to benefit from a more interactive experience.

Here are its main features:

- Getting input from JSON files or stdin (think of kubectl … -o json).
- Applying your jq filters (with auto-completion) to the current object on the fly.
- Numerous key bindings to move around the object, expand the folds, etc.
- Written in Rust. Installation via Homebrew, MacPorts, Nix, or Cargo (Rust's package manager).

Now, you are ready to change your role from a YAML developer to a JSON one, aren't you? 🤣

▶️ GitHub repo: https://github.com/ynqa/jnv

#tools #CLI

Yoke is a new client-side package manager for Kubernetes that uses WebAssembly programmes as packages.

Inspired by Helm and Pulumi, Yoke uses Wasm executables to deploy to K8s, allowing the users to describe their packages as code in any programming language (supported by Wasm). These programmed packages output Kubernetes resources in the JSON/YAML format, which are, therefore, installed in the cluster similarly to helm install. Yoke keeps track of the different revisions for the releases and provides capabilities such as rollbacks and inspection.

Yoke features a Helm compatibility layer and has a plugin for Argo CD called yokecd. The latter allows Argo to manage your resources.

The project is in its very early stages since its first public release happened just a month ago. Yoke is Open Source (MIT license) and written in Go.

▶️ GitHub repo: https://github.com/davidmdm/yoke
🌐 Website: https://davidmdm.github.io/yoke-website/
📣 Project announcement on Reddit: https://www.reddit.com/r/kubernetes/comments/1ckxmgm/introducing_yoke_the_iac_package_manager_for_k8s/

#tools

A bunch of interesting articles recently spotted online and recommended for Kubernative readers:

1. “Graceful shutdown in Kubernetes” by Daniele Polencic, Learnk8s.

“Instead of immediately shutting down your Pods, you should consider waiting a little longer in your application or setting up a preStop hook. The Pod should be removed only after all the endpoints in the cluster are propagated and removed from kube-proxy, Ingress controllers, CoreDNS, etc. You should consider using rainbow deployments if your Pods run long-lived tasks such as transcoding videos or serving real-time updates with WebSockets.”

2. “Flux CD Architecture Overview” by Stefan Prodan, ControlPlane.

“We’ll explore the architecture of Flux CD, and we’ll compare the deployment strategies of the Flux components (Standalone; Hub and Spoke; Hub sharding and horizontal scaling) when implementing GitOps for multi-cluster continuous delivery.”

3. “Scaling Sidecars to Zero in Kubernetes” by Matt Butcher, Fermyon.

“The sidecar pattern in Kubernetes describes a single pod containing a container in which a main app sits. [..] Sidecars are designed to run alongside your apps continuously and do not scale down to zero. Wouldn’t it be great if they did? In this article, we introduce scaling sidecars to zero in Kubernetes.”

4. "Cilium Cheat Sheet" (PDF) by Isovalent.

It’s not really an article but a compact PDF file providing brief information and CLI commands related to Cilium components, installation, upgrades, configuration, usage, troubleshooting, etc.

#articles

Not running containers as root is an essential security best practice as it prevents the dangerous consequences of a compromised runtime. Usernetes is a well-known project that implements Kubernetes without root privileges. Its original version (Generation 1 or “Gen1”) appeared in 2018 and later became a part of upstream Kubernetes (alpha feature in v1.22, under the KubeletInUserNamespace feature gate).

The latest version of Usernetes (“Gen2”) emerged in 2023 and changed in many ways:
- Relies on Rootless Docker, Rootless Podman, or Rootless nerdctl to deploy a Kubernetes cluster inside. (Instead of RootlessKit.)
- Supports kubeadm.
- Supports multi-node setups.

Briefly, if Usernetes Gen1 seemed complicated (like “Kubernetes The Hard Way”), its Gen2 is akin to Rootless kind and Rootless minikube, yet you can deploy a cluster with multiple hosts.

Ubuntu 22.04, Rocky Linux 9, and AlmaLinux 9 are supported as host operating systems for Usernetes.

▶️ GitHub repo: https://github.com/rootless-containers/usernetes
📺 A recent talk by the project’s author Akihiro Suda, which features the Usernetes Gen2 demonstration.
📷 Slides about Usernetes Gen2 at recent Container Plumbing Days.

#tools #security

Did you know Kubernetes turns 10 years really soon*? The global community organises birthday parties called KuberTENes to celebrate this milestone next month!

The celebration will start on June 1st, with at least 20 countries participating! Join offline and online events if you are around:
- Canada, USA;
- Brazil, Mexico, Guatemala, Colombia;
- Europe: Austria, Denmark, Finland, Germany, Lithuania, Luxembourg, Spain, Sweden;
- Tunisia, Saudi Arabia;
- Bangladesh, India;
- Japan, New Zealand.

🔗 Find the complete list of regional events with more details regarding each of them and join them here.

The main KuberTENes Birthday Bash party (starting at 5:45 PM PDT on June 6) page and registration.

* The first commit in the Kubernetes GitHub repo is dated June 7, 2014.

#news #events

🎉 The largest-ever code cleanup in the Kubernetes project’s history was the removal of 1 million(!) lines of code thanks to the PR merged a week ago. But what exactly happened and why? 🤔

- Many things were born as a part of the Kubernetes code base and later moved out of it. CSI plugins for storage are a well-known example. This transition is made to keep the main code base — the K8s core — smaller and easier to maintain while the project develops and gets more features.
- The same is true for the features specific to various cloud providers in Kubernetes, initially implemented as an in-tree code.
- This record-setting PR was related to GCP specifically. Removing the relevant code made the Kubernetes core smaller by the impressive 1,071,842 lines. PR was part of a longstanding KEP-2395 originating in 2019.
- This change does NOT mean the GCP (or any other providers’) features are no longer supported in Kubernetes. You just need the optional (i.e. out-of-tree) controllers to get the same functionality in your clusters.

Switching Kubernetes to out-of-tree cloud providers has been an enormous effort, and it’s fantastic to see this mission accomplished!

More details:
- PR #124519.
- KEP-2395 “Removing In-Tree Cloud Provider Code”.
- An announcement blog post — “The Future of Cloud Providers in Kubernetes” (published in 2019).
- The “Kubernetes Is FINALLY Removing in-Tree Cloud Providers” talk at KubeCon 2024 Europe.

#news

Kubernetes “foreshadowed” by The Simpsons? Well… here is a real shot from the episode called “New Kid on the Block” (S4E8), originally aired in November 1992.

Kudos to the Reddit user g2hop who started all this flurry 🤣

#fun

Here are a few prominent software updates from the cloud native ecosystem:

1. Kyverno 1.12 was released with many new features, including an alternative Reports Server, Global Context Entry, Kyverno JSON supported in CLI, and increased performance.

2. Bitnami has released its Helm chart for Valkey. Valkey is a Redis fork created by various companies in response to a recent license change. The Linux Foundation governs this project. Valkey's first stable release — v7.2.5 — became available just recently, on April 16.

3. Flux 2.3 is released with various features and improvements. Perhaps the most essential update is that helm-controller and Helm-related APIs have reached GA (general availability).

4. werf 2.0, a CNCF Sandbox project for CI/CD, is now available featuring Nelm (instead of Helm) as its default engine to deploy apps to Kubernetes.

#news #releases

Another bunch of interesting articles recently spotted online:

1. “Sveltos: Argo CD and Flux CD are not the only GitOps Tools for Kubernetes” by Artem Lajko.

“Sveltos fully unveils its GitOps capabilities when combined with Flux CD, a vital combination for us as Platform Engineers to enable GitOps at scale. Initially, newcomers may find entering Sveltos challenging due to the absence of a user interface and the necessity to learn two tools simultaneously when integrated with GitOps. But it fulfills exactly the purpose for which it was built, namely to manage add-ons distributed across clusters securely and stably via a reconcilable loop.”

2. “Introduction to Dagger” by Anaïs Urlichs, Aqua Security.

“This blog post is divided into two main parts. The first one details what Dagger is, how it works, and the main benefits of using Dagger. The second part provides a tutorial that you can follow to get started with Dagger and understanding its benefits.”

3. “Service Meshes Decoded: a performance comparison of Istio vs Linkerd vs Cilium” by Oleksandr, LiveWyer.

“Linkerd is the fastest service mesh among the chosen products tested. If Linkerd was not a suitable product, and you were choosing between Istio and Cillium, your decision would differ depending on your requirements. Istio provides higher QPS and lower latency on low connections, while Cilium performs better on higher connections and internal communications.”

#articles

Kubernetes security is a hot topic. Luckily, there are many tools available to address it. What about a one-in-all toolbox?

m9sweeper (or minesweeper), dubbed “Kubernetes security platform,” strives to do exactly that: it integrates numerous Open Source security-related utilities, simplifying using them in your clusters.

Basically, it provides you with a straightforward web UI to configure and execute the following security tools:
- Trivy to scan for vulnerabilities;
- kube-hunter to perform pentesting by discovering and exploiting vulnerabilities;
- Kubesec to validate best practices and analyse security risks for Kubernetes resources;
- kube-bench to run CIS Kubernetes benchmarks;
- OPA Gatekeeper to control running workloads by enforcing compliance and security policies;
- Falco to implement runtime security by monitoring suspicious activity of apps and detecting intrusions.

m9sweeper is written in TypeScript and can be installed via Helm.

▶️ GitHub repo: https://github.com/m9sweeper/m9sweeper
🌐 Website: https://m9sweeper.io/

P. S. If you’re interested in K8s security and the abovementioned tools, we can also recommend these helpful articles:
- “Kubernetes security basics & best practices. 5 steps to implement them”
- “Kubernetes cluster security assessment with kube-bench and kube-hunter”

#tools #security

Since the KuberTENes parties all around the world are approaching, a fun challenge was initiated by the community: installing and running Kubernetes v1.0! 😮

For those interested in making it, Carlos Santana, Amim Moises Salum Knabben, and James Spurin have prepared everything you need to start. Their tutorial uses the Free Google Cloud Shell tier and guides you through running Kubernetes 1.0 right in the browser.

A few KuberTENes party organisers—including those in Florianópolis, Raleigh, Amsterdam, and Edinburgh—have already confirmed that they will follow this tutorial during their events. Join them out there or go on your own quest!

Here’s the GitHub repo you need to try out Kubernetes v1.0 today: https://github.com/spurin/kubernetes-v1.0-lab

#news #fun

Our selection of the latest prominent software updates from the cloud native ecosystem:

1. Crossplane v1.16 is out, and the project anticipates more first-time contributors than ever. As for changes themselves, Crossplane providers can now export fine-grained data about the operations they perform on managed resources; resource clean-up is now much faster; the Composition Functions got a secure way to authenticate to external systems.

2. Helm v3.15.0 became the project’s latest feature release, yet not many new features are on board. There are two notable changes mentioned: a) an opt-in to hide secrets when running a dry-run for install and upgrade and b) added robustness to the wait checks.

3. Kubespray v2.25.0 is available with Ubuntu 24.04 support, added scheduler plugins support, new remove_anonymous_access option, and many other updates (including Argo CD 2.11.0, Helm 3.14.2, Docker 26.1, kube-vip 0.8.0, and more).

4. Caddy Gateway v0.1.0 is the first public release of the Kubernetes Gateway API implementation, which uses Caddy as the underlying web server.

#news #releases

In case you're still using AWS ECS and lack a neat CLI tool to manage your resources, meet this great project, which brings you a K9s-like experience.

e1s is a terminal app that allows you to browse and manage AWS ECS (Elastic Container Service) resources. Its interface is inspired by K9s, a well-known Kubernetes TUI. The first public version of e1s was released last June, and today offers tons of features. Here are some of them:
- EC2 ECS and Fargate launch types’ support.
- Describing clusters, services, tasks and task definitions, containers, and service autoscaling.
- Editing services, registering new task definitions, stopping tasks.
- Launching interactive exec in containers; starting port forwarding; transferring files.
- Displaying CloudWatch logs and utilisation metrics (CPU, memory).
- Numerous key bindings; theme and colour customisations.
- Available for Linux, macOS and Windows. The installation methods are: pre-built binaries, Homebrew, Docker image, AWS CloudShell, and go install.

▶️ GitHub repo: https://github.com/keidarcy/e1s

#tools #CLI #AWS

As this chart suggests (source), major cloud providers are now distinctly faster when it comes to making the latest Kubernetes releases available for their users.

We are definitely leaving behind the times when it took 100+ days to be able to run the newest Kubernetes in the preferred managed service. Now, it takes just about a month to get it for early adopters using AKS and GKE. EKS is close to making it generally available in a month.

#news #reports #AWS #GCP #Azure

Our selection of the latest prominent software updates from the cloud native ecosystem:

1. Gateway API is an official Kubernetes project that implements the next generation of Kubernetes Ingress, Load Balancing, and Service Mesh APIs. Its v1.1 release made support for service mesh and GRPCRoute general available.

2. Argo CD v2.11 has several new features, including reverse sync wave ordering, clusters auto-labelling, and The Apps in Any Namespace becoming stable. You can learn more about the release from this video by Akuity.

3. Flux got a Flux Operator. Developed in ControlPlane, this project is a Kubernetes CRD controller that manages the lifecycle of Flux CD. It is under active development and just saw the first releases.

4. Headlamp v0.24.0 was released. The biggest change for this Kubernetes web UI was getting a new table engine powered by material-react-table, which supports column filtering and better search.

5. Ksctl, the “cloud agnostic Kubernetes management tool”, was updated to v1.2.0. This release introduced a Kubernetes-based storage, export and import methods for the storage interface, firewall rules for all supported cloud providers, new CLI-based logging, and more.

#news #releases

Wondering about your Kubernetes cluster’s network communications? This tool helps you see and analyse all related TCP traffic.

k8spacket collects TCP traffic and TLS connection metadata using eBPF and visualises it via Grafana. Here’s how it works and what it offers:
- It launches as a DaemonSet, which listens to network interfaces on all Kubernetes nodes.
- It checks every 10s (default) to see any changes in the network interfaces.
- eBPF is used to get information about TCP connections inside the cluster and collect information about the TLS handshake process.
- It can display graphs in Grafana and expose Prometheus metrics.
- Visualisation has different types of stats (connections’ number and lifetime, sent/received bytes) and supports filtering (by K8s namespaces, included/excluded workload names).

You can install k8spacket via a Helm chart. To run its latest, fully-eBPF-based versions (v2.x.x), you’ll need a Linux kernel v5.8+.

▶️ GitHub repo: https://github.com/k8spacket/k8spacket

#tools #networking