As this chart suggests (source), major cloud providers are now distinctly faster when it comes to making the latest Kubernetes releases available for their users.

We are definitely leaving behind the times when it took 100+ days to be able to run the newest Kubernetes in the preferred managed service. Now, it takes just about a month to get it for early adopters using AKS and GKE. EKS is close to making it generally available in a month.

#news #reports #AWS #GCP #Azure

Our selection of the latest prominent software updates from the cloud native ecosystem:

1. Gateway API is an official Kubernetes project that implements the next generation of Kubernetes Ingress, Load Balancing, and Service Mesh APIs. Its v1.1 release made support for service mesh and GRPCRoute general available.

2. Argo CD v2.11 has several new features, including reverse sync wave ordering, clusters auto-labelling, and The Apps in Any Namespace becoming stable. You can learn more about the release from this video by Akuity.

3. Flux got a Flux Operator. Developed in ControlPlane, this project is a Kubernetes CRD controller that manages the lifecycle of Flux CD. It is under active development and just saw the first releases.

4. Headlamp v0.24.0 was released. The biggest change for this Kubernetes web UI was getting a new table engine powered by material-react-table, which supports column filtering and better search.

5. Ksctl, the “cloud agnostic Kubernetes management tool”, was updated to v1.2.0. This release introduced a Kubernetes-based storage, export and import methods for the storage interface, firewall rules for all supported cloud providers, new CLI-based logging, and more.

#news #releases

Wondering about your Kubernetes cluster’s network communications? This tool helps you see and analyse all related TCP traffic.

k8spacket collects TCP traffic and TLS connection metadata using eBPF and visualises it via Grafana. Here’s how it works and what it offers:
- It launches as a DaemonSet, which listens to network interfaces on all Kubernetes nodes.
- It checks every 10s (default) to see any changes in the network interfaces.
- eBPF is used to get information about TCP connections inside the cluster and collect information about the TLS handshake process.
- It can display graphs in Grafana and expose Prometheus metrics.
- Visualisation has different types of stats (connections’ number and lifetime, sent/received bytes) and supports filtering (by K8s namespaces, included/excluded workload names).

You can install k8spacket via a Helm chart. To run its latest, fully-eBPF-based versions (v2.x.x), you’ll need a Linux kernel v5.8+.

▶️ GitHub repo: https://github.com/k8spacket/k8spacket

#tools #networking

🎉 Happy 10th anniversary to Kubernetes and everyone involved! What a decade, huh? Here are some prominent stats for the project showing how massive it is today:

- 108k stars for the main GitHub repo
- 4.2m(!) contributions, including 401k commits, were made to 372 K8s repos
- 88.6k individuals and 5.5k companies have contributed to Kubernetes
- Top 10 contributing companies: Google, Red Hat, VMware, Microsoft, IBM, DaoCloud, Amazon, The Scale Factory, Intel, and Huawei
- 158k issues and 312k PRs were opened in the K8s repos
- 197k users in a Slack workspace, 133k Reddit members, 305k Twitter followers, 58k questions asked on StackOverflow
- 359k registrations for three main certifications (CKA, CKS, CKAD)
- 226 certified Kubernetes service providers
- 59 certified Kubernetes distributions
- 77 KubeCons, Kubernetes Forums, Kube Days, and KCDs have been organised worldwide

P.S. You can find the first public commit in the Kubernetes repo here.

#news

A short version (less than 3 minutes) of the "Kubernetes 10 Year Video" has arrived featuring Chris Aniszczyk, Joe Beda, Tim Hockin, and many others. Watch it here: https://www.youtube.com/watch?v=BZ__Pec5pyo

#video

Here are two other great resources related to the Kubernetes 10th anniversary we'd like to recommend:

1. KuberTENes Birthday Bash is a 3.5h video of the official celebration. It features Kelsey Hightower as a host and Chris Aniszczyk, Chen Goldberg, Craig McLuckie, Ville Aikas, Eric Brewer, Solomon Hykes, Dawn Chen, Tim Hockin, Kit Merker, Brian Grant, Alex Polvi, Sarah Novotny, Josh Berkus, Paris Pittman, Lachlan Evenson, Aparna Sinha, Bob Wise, Ian Coldwater, and Janet Kuo as speakers.

2. 10 Years of Kubernetes is an excellent post on the Kubernetes blog that overviews the project's history, milestones, and stats.

Our selection of the latest prominent software updates from the cloud native ecosystem:

1. OpenTelemetry Collector v0.101.0 and v0.102.0 were released with numerous features, including a new container parser that auto-detects the log format for parsing, early implementation of the AWS S3 receiver, new metrics for SQL Server, introduction of the GeoIP processor, and more.

2. With Dex v2.40.0, this OIDC identity provider migrated to log/slog for structured logging, got support for OAuth 2.0 Token Introspection (RFC7662) and configurable prompt type for Google Connector.

3. Argo Image Updater, a companion controller to Argo CD, got its v0.13 with 5 new features, such as support for Argo CD multi-source applications, an annotation for write-back Git repository (for Helm charts outside of Git), and support for separate GitHub credentials.

4. mariadb-operator, which allows you to manage MariaDB databases in Kubernetes declaratively via CRDs, released v0.0.29 with a new role-aware update strategy (ReplicasFirstPrimaryLast) and mutable my.cnf configuration.

#news #releases

RBAC Wizard is a simple web UI that visualises your RBAC configurations in Kubernetes. Here’s what this tool offers:

* See all your RBACs listed in a table with customisable columns.
* Search your objects by typing their names and filter them by kind; view a manifest you need.
* Navigate through a map of your existing RBAC resources.
* Install it via Homebrew or go install.
* Be ready for the new features ahead since this project is ultimately new, with its v0.0.1 released just last month.

▶️ GitHub repo: https://github.com/pehlicd/rbac-wizard

#tools #security

Our selection of the latest prominent software updates from the cloud native ecosystem:

1. Apache SkyWalking 10 was released last month. Written in Java, it is an APM (Application Performance Monitor) tool for distributed systems with a focus on microservices, containers, and cloud native apps. This latest release brings numerous new features, including the ability to monitor the Kubernetes network traffic by using eBPF.

2. Istio v1.22 is another noticeable release from May. Istio APIs are promoted to v1, Gateway API became stable for service mesh, and Delta xDS was enabled by default. Find a more detailed overview of the latest changes in this recent blog post.

3. k0smotron 1.0 was released by Mirantis last week. This Open Source tool helps you to manage Kubernetes clusters using k0s, the company’s distribution focused on edge and IoT. The new version brings remote machine support, improves the control plane’s high availability, enables updates-in-place, and adds support for clusterctl CLI.

4. Kargo v0.7.0 was released by Akuity last week. This project is described as “a next-generation continuous delivery and application lifecycle orchestration platform,” which aims to “provide an intuitive and flexible layer above existing GitOps tooling.” Its latest version got improvements for ECR and Google Artifact Registry, better artifact discovery, and manual “freight” assembly.

#news #releases

Another bunch of interesting articles recently spotted online:

1. “Two-node HA Kubernetes for edge computing cost savings” by Tyler Gillson, Spectro Cloud.

"[..] three node Kubernetes clusters provide stronger guarantees with arguably less architectural complexity, yet they impose massive capital expenditure at scale, not only in the cost of the boxes themselves, but cabling, shipping, software, power consumption and other factors. If you’re looking to optimize costs or an edge compute use case, a two node solution can instantly cut costs and materialize serious savings.”

2. “Load balancing and scaling long-lived connections in Kubernetes” by Daniele Polencic, Learnk8s.

“Kubernetes doesn't load balance long-lived connections, and some Pods might receive more requests than others. Consider client-side load balancing or a proxy if you're using HTTP/2, gRPC, RSockets, AMQP, or any other long-lived database connection.”

3. “Learned it the hard way: Don’t use Cilium’s default Pod CIDR” by Isala Piyarisi, WSO2.

“Despite extensive testing, complex systems like Cilium, with nearly 2000 configurable values, can still allow misconfigurations to slip though which could lead to unexpected failures. This incident taught us the importance of methodically troubleshooting network issues and understanding low-level networking infrastructure and skills, often taken away by cloud abstractions.”

4. “Optimizing Application Resilience: A Deep Dive into Kubernetes Pod Disruption Budgets and Rollout Strategies” by Nicolas Labrot, ARHS Spikeseed.

“By effectively implementing both PDBs and rollout strategies, you can enhance the resilience and reliability of your Kubernetes-managed applications, ensuring they remain stable and available even during disruption and updates.”

5. “From Fragile to Faultless: Kubernetes Self-Healing In Practice” by City Storage Systems.

“In this blog we share our experience illustrating how minor glitches, if left unattended, could quickly escalate and impact business continuity. Rather than engaging in constant firefighting we designed a self-healing framework, often implementing automations with a turnaround time of as little as 1 day. [..] While our journey began with a focus on AKS, this framework is a general-purpose pattern to improve resilience of any Kubernetes platform.”

#articles

Have you heard of a new tool that automates right-sizing your resources for Kubernetes and dares to be “the best VPA not to waste memory”? Meet Kondense:

* It auto-scales pods based on memory pressure, meaning all cold/unused memory pages are continuously removed.
* Technically, it runs as a sidecar and resizes containers in its pod to facilitate the required memory pressure. Every second, all unused memory is taken away while preventing out-of-memory errors.
* This tool's memory resize algorithm is based on Meta's Transparent Memory Offloading (TMO).
* While it’s focused on memory, CPU resources are resized, too (based on CPU usage).
* It works for Kubernetes clusters that run on Linux only; containerd version should be 1.6.9+, and the container’s Linux kernel should be 4.20+.

➡️ GitHub repo
📣 Reddit announcement

#tools

Another bunch of interesting articles recently spotted online:

1. “Driving etcd Stability and Kubernetes Success” by Marek Siarkowicz, Google.

“... just as a backbone connects to every other part of the body, etcd facilitates communication and coordination between all the components of Kubernetes, allowing it to move, adapt, and thrive in the dynamic world of distributed systems.”

2. “Kubernetes: The Road to 1.0” by Brian Grant, original lead architect of Kubernetes.

“I started an R&D project in 2010 called Omega to redesign Borg for how it was being used and to better support the ecosystem around Borg. In many ways, Kubernetes is more “open-source Omega” than “open-source Borg”, but it benefited from the lessons learned from both Borg and Omega.”

3. “Falco from A to Y” by Quentin Joly, SRE at French government.

“In this article, we will explore what Falco is and how to be alerted of abnormal events on our servers, as well as how to set it up in a Kubernetes environment.”

4. “My Recommended Kubernetes Resources for Newbies” by Marcus Noble, CNCF Ambassador.

“Recently, a friend of mine asked me what resources I'd recommend to start learning about Kubernetes. He was a victim of the layoffs that seem to be so prevalent right now and has experience as a classic SysOps / SysAdmin engineer but no expose to Kubernetes yet and wanted to learn to help improve his job-hunting prospects.”

#articles

Our selection of the latest prominent software updates from the cloud native ecosystem:

1. Harbor 2.11 was released earlier this month, bringing various updates to this cloud native registry. They include SBOM generation and management, OCI Distribution Specification v1.1.0 support, Volcengine Registry integration, and better performance.

2. Perses is an observability visualisation project, which aims to become a standard dashboard visualisation tool for Prometheus and other data sources. Its recent v0.46 release added a full-screen view for panels and instant query table view, added tracing support and introduced Graph tab in Explorer, made Explorer sharable, and introduced a dedicated config for the frontend.

3. Kubecost was updated to v2.3, introducing an efficiency dashboard (pinpointing your main sources of wasting computing resources), accelerated data ingestion, new PostgreSQL integration, and enhanced anomaly detection.

4. Glasskube, dubbed “the next generation package manager for Kubernetes”, has got its v0.10.0 release. It added package scopes (packages can be cluster-scoped or namespace-scoped now) and two new commands (purge and repo update).

#news #releases

Using lots of kubectl commands daily? Here’s another helpful tool to simplify context and namespace switching, prompt modification, and more!

Kubie, called “a more powerful alternative to kubectx and kubens,” enhances your CLI experience even further with extra features. Here’s what it offers:

- Context and namespace switching with selectable menus and quick commands.
- Spawning a shell or recursive shell in the given context, namespace, context + namespace.
- Executing shell commands in the given context + namespace or namespace + contexts matched by the wildcard (without spawning a shell);
- Configurable prompt.
- Checking your Kubernetes configuration files for issues.
- Support for bash, dash, fish, xonsh, and zsh. Autocompletion for bash and fish.
- Written in Rust. Installable via a binary for Linux and macOS, Cargo, Homebrew, MacPorts, Nix, pacman (Arch Linux).

▶️ GitHub repo

#tools #CLI

Hi everyone! Here goes our latest bunch of interesting Kubernetes-related articles recently spotted online:

1. “Kubernetes: containers, and the “lost” SIGTERM signals” by Arseny Zinchenko.

“We have an API service with Gunicorn in Kubernetes that periodically returns 502, 503, 504 errors. I started debugging it, and found a weird thing: there were no messages in the logs about the received SIGTERM, so I first went to deal with Kubernetes - why doesn't it send it?”

2. “Stateful apps in Kubernetes. From history and fundamentals to operators” by Palark.

“In this article, we will explore how stateful apps work in Kubernetes and what you should consider before and while running your stateful components in K8s. To make it even more practical, we will cover several well-known K8s operators to tackle your ClickHouse, Redis, Kafka, PostgreSQL, and MySQL instances.”

3. “Understanding DNS in Kubernetes” by Povilas Versockas.

“In this post, we will cover the following: Overview of DNS Resolution and CoreDNS, the default DNS provider in Kubernetes; Kubernetes DNS policies, such as ClusterFirst, Default, and None, and their effects on pod DNS configurations. Differences between The GNU C Library (glibc) and musl libraries.”

4. ArgoCD Series by Maryam Tavakkoli, a CNCF Ambassador. “Part 1: Terminologies and Architecture" and “Part 2: (Basic) Core Concepts”.

“In this ArgoCD series, I aim to explain its concepts and terminologies from the beginning and provide a detailed technical guide on using it, all with declarative approaches.”

#articles

Our selection of the latest prominent software updates from the cloud native ecosystem:

1. Traefik 3.0 was released two months ago, but it’s an essential update we missed in our digests before. New features for this Cloud Native application proxy include support for WebAssembly, OpenTelemetry, Kubernetes Gateway API, SPIFFE, gRPC-Web, and production-ready HTTP/3.

2. Vitess, a Cloud Native database solution for horizontal scaling of MySQL, was updated to version 20. It brought automated and scheduled backups, enhanced DML support, and experimental multi-tenant imports in VReplication.

3. Coroot v1.3.0 was released. This Open Source APM & observability tool got support for monitoring MySQL and memcached, an automated discovery for database monitoring, an AWS integration, external calls tracing, and more.

4. Podman Desktop 1.11 has got an experimental light mode (which is called the most-requested feature), upgraded UI, node and volume listings in the Kubernetes functionality, and macOS Rosetta support.

5. Kubewarden, a policy engine for Kubernetes, was updated to 1.14. It comes with a new host capability that allows policies to fetch the container image configuration, a CEL policy capable of running Kubernetes VAP policies without any modifications, and a new CEL Policy on Artifact Hub.

6. KCL v0.9.0 brought several new features to this constraint-based record and functional language for configuration and policy scenarios. They include numerous new language and toolchain features (such as TOML format in kcl run and kcl import, adding dependencies from private third-party OCI Registries and Git repositories in kcl mod add), a new fast runtime mode, optimised performance for KCL IDE, new standard libraries, such as file for file input/output operations and template for writing template configurations, and much, much more.

#news #releases

Looking for a practical way to learn Kubernetes security? You might be interested in this project!

Kubernetes Goat provides you with a cluster that is “vulnerable by design". After deploying it, you’re getting easy-to-use access to 20+ scenarios covering various security aspects. Accompanied by guides, you can follow these scenarios to validate your knowledge and get new practical skills. Here are some of the techniques and technologies they cover:

- DIND exploitation and container escape;
- getting access to internal and non-exposed services;
- exploiting the misconfigured/overly permissive permissions;
- Docker & Kubernetes CIS benchmarks;
- kubeaudit for auditing Kubernetes clusters;
- Falco for detecting security issues;
- Cilium Tetragon for performing runtime security monitoring;
- Kyverno policy engine.

▶️ GitHub repo

#tools #security

Our selection of the latest prominent software updates from the cloud native ecosystem:

1. k8sgpt is a tool bringing AI power to simplify troubleshooting and scanning your Kubernetes clusters. With its most recent 0.3.38 release, it got support for two new AI providers, Ollama and IBM watsonx.ai.

2. Percona Operator for PostgreSQL was updated to v2.4.0, and several new features were introduced. They include fully automated upgrades of PgSQL major versions, support for PgSQL tablespaces, and using AWS IAM roles to access S3 buckets for backups.

3. KWOK (Kubernetes Without Kubelet) is a toolkit for simulating a K8s cluster with thousands of nodes. Its latest release, v0.6.0, brings numerous changes, such as sidecar container support in stage policy, Helm charts support, numerous improvements in Stage API and kwokctl (--all and --force flags for kwokctl delete cluster, nerdctl support, etc.).

4. Harvester, the hyperconverged infrastructure (HCI) solution from SUSE built on Kubernetes, was updated to v1.3.1. New features include support for NVIDIA vGPU, ARM64, HA two-node clusters, devices with frequent power interruptions or relocations (such as edge), managed DHCP, and Fleet integration.

5. KubeBlocks, “a control plane software that runs and manages databases, message queues and other stateful applications on K8s”, has released v0.9.0. Some of its highlights include support for topologies in ClusterDefinition API, managing horizontal scaling of distributed databases, using InstanceSets instead of StatefulSets to manage Pods, PostgreSQL PITR, MySQL Replication mode, Redis Cluster mode support.

#news #releases

Need to validate your Kubernetes configuration and do it fast? Try this tool in your CI or locally.

Kubeconform is a K8s manifest validator inspired by kubeval (which hasn’t been developed for years). It validates your manifests against official Kubernetes OpenAPI specifications and focuses on being highly performant. Here are some of its features:

- Adjustable strictness considering missing schemas, additional properties (not in the schema), and duplicated keys;
- A configurable set of kinds (or GVKs) to ignore or reject, file paths to ignore;
- Schemas caching and adjustable number of concurrent goroutines;
- Various output formats (including text, JSON, and JUnit);
- Support for multiple schema locations to validate CRDs (CustomResourceDefinitions) and OpenShift schemas;
- Ready-to-use CI integrations for GitHub Actions and GitLab;
- Installable via Golang package manager, Homebrew, and winget (Windows). Helm charts are also available.

▶️ GitHub repo

➕ A few related repos from various contributors:
- kubeconform-helm is a set of tools to test Helm chats with kubeconform
- helm-kubeconform is a kubeconform Helm plugin
- helm-kubeconform-action is a GitHub Action to validate Helm charts with kubeconform
- kustomize-plugin-kubeconform is a kubeconform plugin to validate manifests schema within Kusomize

#tools

Do you love Vim and kubectl? There’s something exceptional for you!

kubectl.nvim is a Neovim plugin providing Vim-like navigation for your Kubernetes cluster and familiar key bindings. Here’s what it offers today:

- Navigation through your K8s resources via Vim buffer, with hierarchy awareness (e.g. going through Deployment to a Pod and its container).
- Other UI features include coloured output, sorting by headers, and floating windows for additional data (descriptions, logs).
- Changing contexts and namespaces.
- Running custom kubectl commands.
- Executing into containers.
- Displaying a diff for configurations.

▶️ GitHub repo
📣 Reddit announcement

#tools #CLI