Kubernetes v1.30 is officially out, and many people seem to be happy about that… to the extent that this release was dubbed “the cutest” and got the funny name Uwubernetes. It aims “to indicate happiness or cuteness” — thanks to combining “Kubernetes” with the “UwU” emoticon 🤗

If this name is not uwusome enough for you, Kubernetes v1.30 brings 45 enhancements, including 10 alpha features and 17 graduating to stable. Read more by following the links below, and enjoy trying them out in your clusters!

- Announcing the release of Kubernetes v1.30 (Kubernetes blog)
- CHANGELOG-1.30 (GitHub)
- What’s New in Kubernetes 1.30? (Sysdig blog)
- Kubernetes 1.30: A Security Perspective (ARMO blog)

#news #releases

Looking for a hands-on book to learn Kubernetes? That’s precisely what the Reddit users were asked a week ago. Here is the list of books the community praised — feel free to share it with everyone interested! 🔗

- “Kubernetes in Action” by Marko Lukša (2017, Manning). Its second edition is scheduled for this autumn. Rated 4.7 at Amazon.
- “The Book of Kubernetes: A Complete Guide to Container Orchestration” by Alan Hohn (2022, No Starch Press). Rated 4.4 at Amazon.
- “Kubernetes Up & Running” by Brendan Burns, Joe Beda, Kelsey Hightower, Lachlan Evenson (3rd Edition in 2022, O'Reilly Media). Rated 4.6 at Amazon.
- “The Kubernetes Book” by Nigel Poulton (last edition in 2024). Rated 4.5 at Amazon.
- “Kubernetes Fundamentals: A Step-by-Step Development and Interview Guide” by Himanshu Agrawal (2023, Apress). Not rated at Amazon.

💡 It was also pleasant to see that a few people mentioned the official Kubernetes documentation as an essential resource for learning K8s.

P. S. The original Reddit discussion is here.

#career

Ever thought of bringing some COLOUR to the kubectl output in your terminal? This small tool with a self-explanatory name has you covered.

🌈 kubecolor works as a wrapper for your kubectl command, adding colours to its output. That should be enough to give it a try! Anyway, here are some other brief facts on kubecolor:
- You can customise the colours used in the tool.
- You can use kubecolor as a complete alternative to kubectl — e.g., add alias kubectl="kubecolor" to your .bash_profile.
- It works for both kubectl and oc (OpenShift CLI).
- Autocompletion is available. There are instructions for Bash, zsh, fish, and PowerShell.
- Not all kubectl subcommands are supported, and the kubectl plugins’ output is not colorised at the moment.
- It is written in Go and installable as a binary or using Homebrew, Scoop, Nix, AUR, and Termux (Android).

▶️ GitHub repo: https://github.com/kubecolor/kubecolor

P. S. Originally, the project was launched and available at hidetatz/kubecolor. However, this repo was archived a year ago. Now, it goes on as kubecolor/kubecolor, which is “a heavily modified version of the original KubeColor”.

#tools #CLI

There are many ways to make your CLI more convenient and powerful, and jnv is one of them if you often work with JSONs. Kubernetes is not just about YAMLs, right?

In essence, jnv is an interactive JSON viewer with an embedded jq filter editor. It helps you navigate your JSON objects easily. You can use it instead of kubectl … | jq -r … to benefit from a more interactive experience.

Here are its main features:

- Getting input from JSON files or stdin (think of kubectl … -o json).
- Applying your jq filters (with auto-completion) to the current object on the fly.
- Numerous key bindings to move around the object, expand the folds, etc.
- Written in Rust. Installation via Homebrew, MacPorts, Nix, or Cargo (Rust's package manager).

Now, you are ready to change your role from a YAML developer to a JSON one, aren't you? 🤣

▶️ GitHub repo: https://github.com/ynqa/jnv

#tools #CLI

Yoke is a new client-side package manager for Kubernetes that uses WebAssembly programmes as packages.

Inspired by Helm and Pulumi, Yoke uses Wasm executables to deploy to K8s, allowing the users to describe their packages as code in any programming language (supported by Wasm). These programmed packages output Kubernetes resources in the JSON/YAML format, which are, therefore, installed in the cluster similarly to helm install. Yoke keeps track of the different revisions for the releases and provides capabilities such as rollbacks and inspection.

Yoke features a Helm compatibility layer and has a plugin for Argo CD called yokecd. The latter allows Argo to manage your resources.

The project is in its very early stages since its first public release happened just a month ago. Yoke is Open Source (MIT license) and written in Go.

▶️ GitHub repo: https://github.com/davidmdm/yoke
🌐 Website: https://davidmdm.github.io/yoke-website/
📣 Project announcement on Reddit: https://www.reddit.com/r/kubernetes/comments/1ckxmgm/introducing_yoke_the_iac_package_manager_for_k8s/

#tools

A bunch of interesting articles recently spotted online and recommended for Kubernative readers:

1. “Graceful shutdown in Kubernetes” by Daniele Polencic, Learnk8s.

“Instead of immediately shutting down your Pods, you should consider waiting a little longer in your application or setting up a preStop hook. The Pod should be removed only after all the endpoints in the cluster are propagated and removed from kube-proxy, Ingress controllers, CoreDNS, etc. You should consider using rainbow deployments if your Pods run long-lived tasks such as transcoding videos or serving real-time updates with WebSockets.”

2. “Flux CD Architecture Overview” by Stefan Prodan, ControlPlane.

“We’ll explore the architecture of Flux CD, and we’ll compare the deployment strategies of the Flux components (Standalone; Hub and Spoke; Hub sharding and horizontal scaling) when implementing GitOps for multi-cluster continuous delivery.”

3. “Scaling Sidecars to Zero in Kubernetes” by Matt Butcher, Fermyon.

“The sidecar pattern in Kubernetes describes a single pod containing a container in which a main app sits. [..] Sidecars are designed to run alongside your apps continuously and do not scale down to zero. Wouldn’t it be great if they did? In this article, we introduce scaling sidecars to zero in Kubernetes.”

4. "Cilium Cheat Sheet" (PDF) by Isovalent.

It’s not really an article but a compact PDF file providing brief information and CLI commands related to Cilium components, installation, upgrades, configuration, usage, troubleshooting, etc.

#articles

Not running containers as root is an essential security best practice as it prevents the dangerous consequences of a compromised runtime. Usernetes is a well-known project that implements Kubernetes without root privileges. Its original version (Generation 1 or “Gen1”) appeared in 2018 and later became a part of upstream Kubernetes (alpha feature in v1.22, under the KubeletInUserNamespace feature gate).

The latest version of Usernetes (“Gen2”) emerged in 2023 and changed in many ways:
- Relies on Rootless Docker, Rootless Podman, or Rootless nerdctl to deploy a Kubernetes cluster inside. (Instead of RootlessKit.)
- Supports kubeadm.
- Supports multi-node setups.

Briefly, if Usernetes Gen1 seemed complicated (like “Kubernetes The Hard Way”), its Gen2 is akin to Rootless kind and Rootless minikube, yet you can deploy a cluster with multiple hosts.

Ubuntu 22.04, Rocky Linux 9, and AlmaLinux 9 are supported as host operating systems for Usernetes.

▶️ GitHub repo: https://github.com/rootless-containers/usernetes
📺 A recent talk by the project’s author Akihiro Suda, which features the Usernetes Gen2 demonstration.
📷 Slides about Usernetes Gen2 at recent Container Plumbing Days.

#tools #security

Did you know Kubernetes turns 10 years really soon*? The global community organises birthday parties called KuberTENes to celebrate this milestone next month!

The celebration will start on June 1st, with at least 20 countries participating! Join offline and online events if you are around:
- Canada, USA;
- Brazil, Mexico, Guatemala, Colombia;
- Europe: Austria, Denmark, Finland, Germany, Lithuania, Luxembourg, Spain, Sweden;
- Tunisia, Saudi Arabia;
- Bangladesh, India;
- Japan, New Zealand.

🔗 Find the complete list of regional events with more details regarding each of them and join them here.

The main KuberTENes Birthday Bash party (starting at 5:45 PM PDT on June 6) page and registration.

* The first commit in the Kubernetes GitHub repo is dated June 7, 2014.

#news #events

🎉 The largest-ever code cleanup in the Kubernetes project’s history was the removal of 1 million(!) lines of code thanks to the PR merged a week ago. But what exactly happened and why? 🤔

- Many things were born as a part of the Kubernetes code base and later moved out of it. CSI plugins for storage are a well-known example. This transition is made to keep the main code base — the K8s core — smaller and easier to maintain while the project develops and gets more features.
- The same is true for the features specific to various cloud providers in Kubernetes, initially implemented as an in-tree code.
- This record-setting PR was related to GCP specifically. Removing the relevant code made the Kubernetes core smaller by the impressive 1,071,842 lines. PR was part of a longstanding KEP-2395 originating in 2019.
- This change does NOT mean the GCP (or any other providers’) features are no longer supported in Kubernetes. You just need the optional (i.e. out-of-tree) controllers to get the same functionality in your clusters.

Switching Kubernetes to out-of-tree cloud providers has been an enormous effort, and it’s fantastic to see this mission accomplished!

More details:
- PR #124519.
- KEP-2395 “Removing In-Tree Cloud Provider Code”.
- An announcement blog post — “The Future of Cloud Providers in Kubernetes” (published in 2019).
- The “Kubernetes Is FINALLY Removing in-Tree Cloud Providers” talk at KubeCon 2024 Europe.

#news

Kubernetes “foreshadowed” by The Simpsons? Well… here is a real shot from the episode called “New Kid on the Block” (S4E8), originally aired in November 1992.

Kudos to the Reddit user g2hop who started all this flurry 🤣

#fun

Here are a few prominent software updates from the cloud native ecosystem:

1. Kyverno 1.12 was released with many new features, including an alternative Reports Server, Global Context Entry, Kyverno JSON supported in CLI, and increased performance.

2. Bitnami has released its Helm chart for Valkey. Valkey is a Redis fork created by various companies in response to a recent license change. The Linux Foundation governs this project. Valkey's first stable release — v7.2.5 — became available just recently, on April 16.

3. Flux 2.3 is released with various features and improvements. Perhaps the most essential update is that helm-controller and Helm-related APIs have reached GA (general availability).

4. werf 2.0, a CNCF Sandbox project for CI/CD, is now available featuring Nelm (instead of Helm) as its default engine to deploy apps to Kubernetes.

#news #releases

Another bunch of interesting articles recently spotted online:

1. “Sveltos: Argo CD and Flux CD are not the only GitOps Tools for Kubernetes” by Artem Lajko.

“Sveltos fully unveils its GitOps capabilities when combined with Flux CD, a vital combination for us as Platform Engineers to enable GitOps at scale. Initially, newcomers may find entering Sveltos challenging due to the absence of a user interface and the necessity to learn two tools simultaneously when integrated with GitOps. But it fulfills exactly the purpose for which it was built, namely to manage add-ons distributed across clusters securely and stably via a reconcilable loop.”

2. “Introduction to Dagger” by Anaïs Urlichs, Aqua Security.

“This blog post is divided into two main parts. The first one details what Dagger is, how it works, and the main benefits of using Dagger. The second part provides a tutorial that you can follow to get started with Dagger and understanding its benefits.”

3. “Service Meshes Decoded: a performance comparison of Istio vs Linkerd vs Cilium” by Oleksandr, LiveWyer.

“Linkerd is the fastest service mesh among the chosen products tested. If Linkerd was not a suitable product, and you were choosing between Istio and Cillium, your decision would differ depending on your requirements. Istio provides higher QPS and lower latency on low connections, while Cilium performs better on higher connections and internal communications.”

#articles

Kubernetes security is a hot topic. Luckily, there are many tools available to address it. What about a one-in-all toolbox?

m9sweeper (or minesweeper), dubbed “Kubernetes security platform,” strives to do exactly that: it integrates numerous Open Source security-related utilities, simplifying using them in your clusters.

Basically, it provides you with a straightforward web UI to configure and execute the following security tools:
- Trivy to scan for vulnerabilities;
- kube-hunter to perform pentesting by discovering and exploiting vulnerabilities;
- Kubesec to validate best practices and analyse security risks for Kubernetes resources;
- kube-bench to run CIS Kubernetes benchmarks;
- OPA Gatekeeper to control running workloads by enforcing compliance and security policies;
- Falco to implement runtime security by monitoring suspicious activity of apps and detecting intrusions.

m9sweeper is written in TypeScript and can be installed via Helm.

▶️ GitHub repo: https://github.com/m9sweeper/m9sweeper
🌐 Website: https://m9sweeper.io/

P. S. If you’re interested in K8s security and the abovementioned tools, we can also recommend these helpful articles:
- “Kubernetes security basics & best practices. 5 steps to implement them”
- “Kubernetes cluster security assessment with kube-bench and kube-hunter”

#tools #security