Here are a few prominent software updates from the cloud native ecosystem:

1. Kyverno 1.12 was released with many new features, including an alternative Reports Server, Global Context Entry, Kyverno JSON supported in CLI, and increased performance.

2. Bitnami has released its Helm chart for Valkey. Valkey is a Redis fork created by various companies in response to a recent license change. The Linux Foundation governs this project. Valkey's first stable release — v7.2.5 — became available just recently, on April 16.

3. Flux 2.3 is released with various features and improvements. Perhaps the most essential update is that helm-controller and Helm-related APIs have reached GA (general availability).

4. werf 2.0, a CNCF Sandbox project for CI/CD, is now available featuring Nelm (instead of Helm) as its default engine to deploy apps to Kubernetes.

#news #releases

Another bunch of interesting articles recently spotted online:

1. “Sveltos: Argo CD and Flux CD are not the only GitOps Tools for Kubernetes” by Artem Lajko.

“Sveltos fully unveils its GitOps capabilities when combined with Flux CD, a vital combination for us as Platform Engineers to enable GitOps at scale. Initially, newcomers may find entering Sveltos challenging due to the absence of a user interface and the necessity to learn two tools simultaneously when integrated with GitOps. But it fulfills exactly the purpose for which it was built, namely to manage add-ons distributed across clusters securely and stably via a reconcilable loop.”

2. “Introduction to Dagger” by Anaïs Urlichs, Aqua Security.

“This blog post is divided into two main parts. The first one details what Dagger is, how it works, and the main benefits of using Dagger. The second part provides a tutorial that you can follow to get started with Dagger and understanding its benefits.”

3. “Service Meshes Decoded: a performance comparison of Istio vs Linkerd vs Cilium” by Oleksandr, LiveWyer.

“Linkerd is the fastest service mesh among the chosen products tested. If Linkerd was not a suitable product, and you were choosing between Istio and Cillium, your decision would differ depending on your requirements. Istio provides higher QPS and lower latency on low connections, while Cilium performs better on higher connections and internal communications.”

#articles

Kubernetes security is a hot topic. Luckily, there are many tools available to address it. What about a one-in-all toolbox?

m9sweeper (or minesweeper), dubbed “Kubernetes security platform,” strives to do exactly that: it integrates numerous Open Source security-related utilities, simplifying using them in your clusters.

Basically, it provides you with a straightforward web UI to configure and execute the following security tools:
- Trivy to scan for vulnerabilities;
- kube-hunter to perform pentesting by discovering and exploiting vulnerabilities;
- Kubesec to validate best practices and analyse security risks for Kubernetes resources;
- kube-bench to run CIS Kubernetes benchmarks;
- OPA Gatekeeper to control running workloads by enforcing compliance and security policies;
- Falco to implement runtime security by monitoring suspicious activity of apps and detecting intrusions.

m9sweeper is written in TypeScript and can be installed via Helm.

▶️ GitHub repo: https://github.com/m9sweeper/m9sweeper
🌐 Website: https://m9sweeper.io/

P. S. If you’re interested in K8s security and the abovementioned tools, we can also recommend these helpful articles:
- “Kubernetes security basics & best practices. 5 steps to implement them”
- “Kubernetes cluster security assessment with kube-bench and kube-hunter”

#tools #security

Since the KuberTENes parties all around the world are approaching, a fun challenge was initiated by the community: installing and running Kubernetes v1.0! 😮

For those interested in making it, Carlos Santana, Amim Moises Salum Knabben, and James Spurin have prepared everything you need to start. Their tutorial uses the Free Google Cloud Shell tier and guides you through running Kubernetes 1.0 right in the browser.

A few KuberTENes party organisers—including those in Florianópolis, Raleigh, Amsterdam, and Edinburgh—have already confirmed that they will follow this tutorial during their events. Join them out there or go on your own quest!

Here’s the GitHub repo you need to try out Kubernetes v1.0 today: https://github.com/spurin/kubernetes-v1.0-lab

#news #fun

Our selection of the latest prominent software updates from the cloud native ecosystem:

1. Crossplane v1.16 is out, and the project anticipates more first-time contributors than ever. As for changes themselves, Crossplane providers can now export fine-grained data about the operations they perform on managed resources; resource clean-up is now much faster; the Composition Functions got a secure way to authenticate to external systems.

2. Helm v3.15.0 became the project’s latest feature release, yet not many new features are on board. There are two notable changes mentioned: a) an opt-in to hide secrets when running a dry-run for install and upgrade and b) added robustness to the wait checks.

3. Kubespray v2.25.0 is available with Ubuntu 24.04 support, added scheduler plugins support, new remove_anonymous_access option, and many other updates (including Argo CD 2.11.0, Helm 3.14.2, Docker 26.1, kube-vip 0.8.0, and more).

4. Caddy Gateway v0.1.0 is the first public release of the Kubernetes Gateway API implementation, which uses Caddy as the underlying web server.

#news #releases

In case you're still using AWS ECS and lack a neat CLI tool to manage your resources, meet this great project, which brings you a K9s-like experience.

e1s is a terminal app that allows you to browse and manage AWS ECS (Elastic Container Service) resources. Its interface is inspired by K9s, a well-known Kubernetes TUI. The first public version of e1s was released last June, and today offers tons of features. Here are some of them:
- EC2 ECS and Fargate launch types’ support.
- Describing clusters, services, tasks and task definitions, containers, and service autoscaling.
- Editing services, registering new task definitions, stopping tasks.
- Launching interactive exec in containers; starting port forwarding; transferring files.
- Displaying CloudWatch logs and utilisation metrics (CPU, memory).
- Numerous key bindings; theme and colour customisations.
- Available for Linux, macOS and Windows. The installation methods are: pre-built binaries, Homebrew, Docker image, AWS CloudShell, and go install.

▶️ GitHub repo: https://github.com/keidarcy/e1s

#tools #CLI #AWS

As this chart suggests (source), major cloud providers are now distinctly faster when it comes to making the latest Kubernetes releases available for their users.

We are definitely leaving behind the times when it took 100+ days to be able to run the newest Kubernetes in the preferred managed service. Now, it takes just about a month to get it for early adopters using AKS and GKE. EKS is close to making it generally available in a month.

#news #reports #AWS #GCP #Azure

Our selection of the latest prominent software updates from the cloud native ecosystem:

1. Gateway API is an official Kubernetes project that implements the next generation of Kubernetes Ingress, Load Balancing, and Service Mesh APIs. Its v1.1 release made support for service mesh and GRPCRoute general available.

2. Argo CD v2.11 has several new features, including reverse sync wave ordering, clusters auto-labelling, and The Apps in Any Namespace becoming stable. You can learn more about the release from this video by Akuity.

3. Flux got a Flux Operator. Developed in ControlPlane, this project is a Kubernetes CRD controller that manages the lifecycle of Flux CD. It is under active development and just saw the first releases.

4. Headlamp v0.24.0 was released. The biggest change for this Kubernetes web UI was getting a new table engine powered by material-react-table, which supports column filtering and better search.

5. Ksctl, the “cloud agnostic Kubernetes management tool”, was updated to v1.2.0. This release introduced a Kubernetes-based storage, export and import methods for the storage interface, firewall rules for all supported cloud providers, new CLI-based logging, and more.

#news #releases

Wondering about your Kubernetes cluster’s network communications? This tool helps you see and analyse all related TCP traffic.

k8spacket collects TCP traffic and TLS connection metadata using eBPF and visualises it via Grafana. Here’s how it works and what it offers:
- It launches as a DaemonSet, which listens to network interfaces on all Kubernetes nodes.
- It checks every 10s (default) to see any changes in the network interfaces.
- eBPF is used to get information about TCP connections inside the cluster and collect information about the TLS handshake process.
- It can display graphs in Grafana and expose Prometheus metrics.
- Visualisation has different types of stats (connections’ number and lifetime, sent/received bytes) and supports filtering (by K8s namespaces, included/excluded workload names).

You can install k8spacket via a Helm chart. To run its latest, fully-eBPF-based versions (v2.x.x), you’ll need a Linux kernel v5.8+.

▶️ GitHub repo: https://github.com/k8spacket/k8spacket

#tools #networking

🎉 Happy 10th anniversary to Kubernetes and everyone involved! What a decade, huh? Here are some prominent stats for the project showing how massive it is today:

- 108k stars for the main GitHub repo
- 4.2m(!) contributions, including 401k commits, were made to 372 K8s repos
- 88.6k individuals and 5.5k companies have contributed to Kubernetes
- Top 10 contributing companies: Google, Red Hat, VMware, Microsoft, IBM, DaoCloud, Amazon, The Scale Factory, Intel, and Huawei
- 158k issues and 312k PRs were opened in the K8s repos
- 197k users in a Slack workspace, 133k Reddit members, 305k Twitter followers, 58k questions asked on StackOverflow
- 359k registrations for three main certifications (CKA, CKS, CKAD)
- 226 certified Kubernetes service providers
- 59 certified Kubernetes distributions
- 77 KubeCons, Kubernetes Forums, Kube Days, and KCDs have been organised worldwide

P.S. You can find the first public commit in the Kubernetes repo here.

#news

A short version (less than 3 minutes) of the "Kubernetes 10 Year Video" has arrived featuring Chris Aniszczyk, Joe Beda, Tim Hockin, and many others. Watch it here: https://www.youtube.com/watch?v=BZ__Pec5pyo

#video

Here are two other great resources related to the Kubernetes 10th anniversary we'd like to recommend:

1. KuberTENes Birthday Bash is a 3.5h video of the official celebration. It features Kelsey Hightower as a host and Chris Aniszczyk, Chen Goldberg, Craig McLuckie, Ville Aikas, Eric Brewer, Solomon Hykes, Dawn Chen, Tim Hockin, Kit Merker, Brian Grant, Alex Polvi, Sarah Novotny, Josh Berkus, Paris Pittman, Lachlan Evenson, Aparna Sinha, Bob Wise, Ian Coldwater, and Janet Kuo as speakers.

2. 10 Years of Kubernetes is an excellent post on the Kubernetes blog that overviews the project's history, milestones, and stats.

Our selection of the latest prominent software updates from the cloud native ecosystem:

1. OpenTelemetry Collector v0.101.0 and v0.102.0 were released with numerous features, including a new container parser that auto-detects the log format for parsing, early implementation of the AWS S3 receiver, new metrics for SQL Server, introduction of the GeoIP processor, and more.

2. With Dex v2.40.0, this OIDC identity provider migrated to log/slog for structured logging, got support for OAuth 2.0 Token Introspection (RFC7662) and configurable prompt type for Google Connector.

3. Argo Image Updater, a companion controller to Argo CD, got its v0.13 with 5 new features, such as support for Argo CD multi-source applications, an annotation for write-back Git repository (for Helm charts outside of Git), and support for separate GitHub credentials.

4. mariadb-operator, which allows you to manage MariaDB databases in Kubernetes declaratively via CRDs, released v0.0.29 with a new role-aware update strategy (ReplicasFirstPrimaryLast) and mutable my.cnf configuration.

#news #releases

RBAC Wizard is a simple web UI that visualises your RBAC configurations in Kubernetes. Here’s what this tool offers:

* See all your RBACs listed in a table with customisable columns.
* Search your objects by typing their names and filter them by kind; view a manifest you need.
* Navigate through a map of your existing RBAC resources.
* Install it via Homebrew or go install.
* Be ready for the new features ahead since this project is ultimately new, with its v0.0.1 released just last month.

▶️ GitHub repo: https://github.com/pehlicd/rbac-wizard

#tools #security

Our selection of the latest prominent software updates from the cloud native ecosystem:

1. Apache SkyWalking 10 was released last month. Written in Java, it is an APM (Application Performance Monitor) tool for distributed systems with a focus on microservices, containers, and cloud native apps. This latest release brings numerous new features, including the ability to monitor the Kubernetes network traffic by using eBPF.

2. Istio v1.22 is another noticeable release from May. Istio APIs are promoted to v1, Gateway API became stable for service mesh, and Delta xDS was enabled by default. Find a more detailed overview of the latest changes in this recent blog post.

3. k0smotron 1.0 was released by Mirantis last week. This Open Source tool helps you to manage Kubernetes clusters using k0s, the company’s distribution focused on edge and IoT. The new version brings remote machine support, improves the control plane’s high availability, enables updates-in-place, and adds support for clusterctl CLI.

4. Kargo v0.7.0 was released by Akuity last week. This project is described as “a next-generation continuous delivery and application lifecycle orchestration platform,” which aims to “provide an intuitive and flexible layer above existing GitOps tooling.” Its latest version got improvements for ECR and Google Artifact Registry, better artifact discovery, and manual “freight” assembly.

#news #releases

Another bunch of interesting articles recently spotted online:

1. “Two-node HA Kubernetes for edge computing cost savings” by Tyler Gillson, Spectro Cloud.

"[..] three node Kubernetes clusters provide stronger guarantees with arguably less architectural complexity, yet they impose massive capital expenditure at scale, not only in the cost of the boxes themselves, but cabling, shipping, software, power consumption and other factors. If you’re looking to optimize costs or an edge compute use case, a two node solution can instantly cut costs and materialize serious savings.”

2. “Load balancing and scaling long-lived connections in Kubernetes” by Daniele Polencic, Learnk8s.

“Kubernetes doesn't load balance long-lived connections, and some Pods might receive more requests than others. Consider client-side load balancing or a proxy if you're using HTTP/2, gRPC, RSockets, AMQP, or any other long-lived database connection.”

3. “Learned it the hard way: Don’t use Cilium’s default Pod CIDR” by Isala Piyarisi, WSO2.

“Despite extensive testing, complex systems like Cilium, with nearly 2000 configurable values, can still allow misconfigurations to slip though which could lead to unexpected failures. This incident taught us the importance of methodically troubleshooting network issues and understanding low-level networking infrastructure and skills, often taken away by cloud abstractions.”

4. “Optimizing Application Resilience: A Deep Dive into Kubernetes Pod Disruption Budgets and Rollout Strategies” by Nicolas Labrot, ARHS Spikeseed.

“By effectively implementing both PDBs and rollout strategies, you can enhance the resilience and reliability of your Kubernetes-managed applications, ensuring they remain stable and available even during disruption and updates.”

5. “From Fragile to Faultless: Kubernetes Self-Healing In Practice” by City Storage Systems.

“In this blog we share our experience illustrating how minor glitches, if left unattended, could quickly escalate and impact business continuity. Rather than engaging in constant firefighting we designed a self-healing framework, often implementing automations with a turnaround time of as little as 1 day. [..] While our journey began with a focus on AKS, this framework is a general-purpose pattern to improve resilience of any Kubernetes platform.”

#articles

Have you heard of a new tool that automates right-sizing your resources for Kubernetes and dares to be “the best VPA not to waste memory”? Meet Kondense:

* It auto-scales pods based on memory pressure, meaning all cold/unused memory pages are continuously removed.
* Technically, it runs as a sidecar and resizes containers in its pod to facilitate the required memory pressure. Every second, all unused memory is taken away while preventing out-of-memory errors.
* This tool's memory resize algorithm is based on Meta's Transparent Memory Offloading (TMO).
* While it’s focused on memory, CPU resources are resized, too (based on CPU usage).
* It works for Kubernetes clusters that run on Linux only; containerd version should be 1.6.9+, and the container’s Linux kernel should be 4.20+.

➡️ GitHub repo
📣 Reddit announcement

#tools

Another bunch of interesting articles recently spotted online:

1. “Driving etcd Stability and Kubernetes Success” by Marek Siarkowicz, Google.

“... just as a backbone connects to every other part of the body, etcd facilitates communication and coordination between all the components of Kubernetes, allowing it to move, adapt, and thrive in the dynamic world of distributed systems.”

2. “Kubernetes: The Road to 1.0” by Brian Grant, original lead architect of Kubernetes.

“I started an R&D project in 2010 called Omega to redesign Borg for how it was being used and to better support the ecosystem around Borg. In many ways, Kubernetes is more “open-source Omega” than “open-source Borg”, but it benefited from the lessons learned from both Borg and Omega.”

3. “Falco from A to Y” by Quentin Joly, SRE at French government.

“In this article, we will explore what Falco is and how to be alerted of abnormal events on our servers, as well as how to set it up in a Kubernetes environment.”

4. “My Recommended Kubernetes Resources for Newbies” by Marcus Noble, CNCF Ambassador.

“Recently, a friend of mine asked me what resources I'd recommend to start learning about Kubernetes. He was a victim of the layoffs that seem to be so prevalent right now and has experience as a classic SysOps / SysAdmin engineer but no expose to Kubernetes yet and wanted to learn to help improve his job-hunting prospects.”

#articles

Our selection of the latest prominent software updates from the cloud native ecosystem:

1. Harbor 2.11 was released earlier this month, bringing various updates to this cloud native registry. They include SBOM generation and management, OCI Distribution Specification v1.1.0 support, Volcengine Registry integration, and better performance.

2. Perses is an observability visualisation project, which aims to become a standard dashboard visualisation tool for Prometheus and other data sources. Its recent v0.46 release added a full-screen view for panels and instant query table view, added tracing support and introduced Graph tab in Explorer, made Explorer sharable, and introduced a dedicated config for the frontend.

3. Kubecost was updated to v2.3, introducing an efficiency dashboard (pinpointing your main sources of wasting computing resources), accelerated data ingestion, new PostgreSQL integration, and enhanced anomaly detection.

4. Glasskube, dubbed “the next generation package manager for Kubernetes”, has got its v0.10.0 release. It added package scopes (packages can be cluster-scoped or namespace-scoped now) and two new commands (purge and repo update).

#news #releases

Using lots of kubectl commands daily? Here’s another helpful tool to simplify context and namespace switching, prompt modification, and more!

Kubie, called “a more powerful alternative to kubectx and kubens,” enhances your CLI experience even further with extra features. Here’s what it offers:

- Context and namespace switching with selectable menus and quick commands.
- Spawning a shell or recursive shell in the given context, namespace, context + namespace.
- Executing shell commands in the given context + namespace or namespace + contexts matched by the wildcard (without spawning a shell);
- Configurable prompt.
- Checking your Kubernetes configuration files for issues.
- Support for bash, dash, fish, xonsh, and zsh. Autocompletion for bash and fish.
- Written in Rust. Installable via a binary for Linux and macOS, Cargo, Homebrew, MacPorts, Nix, pacman (Arch Linux).

▶️ GitHub repo

#tools #CLI