Here goes our latest bunch of interesting Kubernetes-related articles recently spotted online:
1. “Piloting through the Fog: A Tale of Migrating to a New Kubernetes Platform” by Jacob Brandt, Klaviyo.
2. “A guide to modern Kubernetes network policies” by Scott Rigby, Buoyant.
3. “Using the Kubernetes Resource Model to provision Cloud infrastructure” by Briant Grant, original lead architect of Kubernetes.
4. “OpenTofu: RKE2 Cluster with Cilium on Azure” by Eleni Grosdouli.
5. “Building a Real-world Kubernetes Operator” by Anurag Rajawat.
#articles
1. “Piloting through the Fog: A Tale of Migrating to a New Kubernetes Platform” by Jacob Brandt, Klaviyo.
“I have some experience with Docker and ECS, but I am a complete noob when it comes to Kubernetes and related technologies. [..] In this post I go through my journey of migrating one such service from Klaviyo’s legacy kubernetes platform, to our new spiffy, well-managed platform.”
2. “A guide to modern Kubernetes network policies” by Scott Rigby, Buoyant.
“This guide is for anyone interested in learning more about policy-based controls for your Kubernetes network traffic. You will learn about the different types of policies and why they matter, the pros and cons of each, how to define them, and when to combine them.”
3. “Using the Kubernetes Resource Model to provision Cloud infrastructure” by Briant Grant, original lead architect of Kubernetes.
“In previous posts, I touched on the topic of Kubernetes being used as a universal control plane and using the Kubernetes Resource Model as a declarative configuration mechanism. In this post, I want to go into more depth regarding the use of the Kubernetes control plane and API to provision Cloud infrastructure declaratively.
4. “OpenTofu: RKE2 Cluster with Cilium on Azure” by Eleni Grosdouli.
“We will demonstrate how to use OpenTofu to automate the deployment. [..] Additionally, we will demonstrate how easy it is to customise the Cilium configuration and enable kube-vip for LoadBalancer services from the HCL (HashiCorp Configuration Language) definition.”
5. “Building a Real-world Kubernetes Operator” by Anurag Rajawat.
“In this series of in-depth tutorials, you'll learn how to build a real-world Kubernetes Operator in Golang with integration and end-to-end testing. We'll focus on hands-on coding to give you practical experience. We'll build an operator similar to Nimbus from scratch, just like my team did.”
#articles
👍4
Here comes our newest digest of the prominent software updates in the Cloud Native ecosystem!
Release Spotlight: Longhorn v1.7.0
Longhorn is a distributed block storage for Kubernetes and a CNCF Incubating project. Its recent v1.7.0 introduced several new V2 Data Engine features, including online replica rebuilding, data plane live upgrade, filesystem trim (efficient unused space reclaiming), and block-type disk support for SPDK AIO, NVMe, and Virtio bdev drivers. Note that V2 Data Engine is still considered a preview feature.
This new Longhorn version also added COS (Container-Optimized OS) support, high availability improvements (HA for backing images, RWX volumes fast failover), periodic and on-demand full backups, and a brand-new CLI tool to manage Longhorn (
Other noticeable updates in the Cloud Native space:
1. Numaflow, a Kubernetes-native, serverless platform to run massively parallel data/streaming jobs, was updated to v1.3.0. It brought a Batch Map mode (to process multiple data items in a UDF single call), built-in Jetstream source, read-only view for UI, Kubernetes model in Rust, and much more.
2. Portainer 2.21 was released and became the platform's first LTS (Long Term Support) version. Its community edition also got a new menu structure and numerous performance improvements (including front-end data caching for Kubernetes environments).
3. Xline, a geo-distributed KV store for metadata management and a CNCF Sandbox project, got its v0.7.0. This update introduced a CURP WAL (Write-Ahead-Log) implementation, deduplication command, snapshot restore via
4. mariadb-operator has seen its v0.0.30 with significantly refined Galera cluster recovery process, an ability to bootstrap Galera clusters from existing PVCs, new
5. The Kubernetes scheduler simulator project has released its v0.3.0. With this update, the simulator got a
#news #releases
Release Spotlight: Longhorn v1.7.0
Longhorn is a distributed block storage for Kubernetes and a CNCF Incubating project. Its recent v1.7.0 introduced several new V2 Data Engine features, including online replica rebuilding, data plane live upgrade, filesystem trim (efficient unused space reclaiming), and block-type disk support for SPDK AIO, NVMe, and Virtio bdev drivers. Note that V2 Data Engine is still considered a preview feature.
This new Longhorn version also added COS (Container-Optimized OS) support, high availability improvements (HA for backing images, RWX volumes fast failover), periodic and on-demand full backups, and a brand-new CLI tool to manage Longhorn (
longhornctl). You can find more details in this release announcement.Other noticeable updates in the Cloud Native space:
1. Numaflow, a Kubernetes-native, serverless platform to run massively parallel data/streaming jobs, was updated to v1.3.0. It brought a Batch Map mode (to process multiple data items in a UDF single call), built-in Jetstream source, read-only view for UI, Kubernetes model in Rust, and much more.
2. Portainer 2.21 was released and became the platform's first LTS (Long Term Support) version. Its community edition also got a new menu structure and numerous performance improvements (including front-end data caching for Kubernetes environments).
3. Xline, a geo-distributed KV store for metadata management and a CNCF Sandbox project, got its v0.7.0. This update introduced a CURP WAL (Write-Ahead-Log) implementation, deduplication command, snapshot restore via
xlineutl, and SSL/TLS support.4. mariadb-operator has seen its v0.0.30 with significantly refined Galera cluster recovery process, an ability to bootstrap Galera clusters from existing PVCs, new
suspend feature, MariaDB authentication plugins for supplying hashed passwords, initial CEL (Common Expression Language) support, and other new features.5. The Kubernetes scheduler simulator project has released its v0.3.0. With this update, the simulator got a
syncer that continuously syncs the simulator cluster's resources to the external cluster's ones. It also added Kubernetes 1.30 support, ARM64 support, optimised Dockerfiles, and several other improvements.#news #releases
👍2❤1
It’s gratifying to see our first 500 subscribers! 🥳 We came here literally “from scratch” in less than five months when our first post was published (April 18th, 2024).
The steady growth of interest reassures that Kubernative is on the right track and provides helpful content for Cloud Native enthusiasts and various engineers involved in DevOps, SRE, platform engineering, and software development.
Thank you for reading us and sharing our content with like-minded folks! 🤗
The steady growth of interest reassures that Kubernative is on the right track and provides helpful content for Cloud Native enthusiasts and various engineers involved in DevOps, SRE, platform engineering, and software development.
Thank you for reading us and sharing our content with like-minded folks! 🤗
🎉13❤4🔥3👍1
Have you considered using or maybe even used KubeInvaders to make chaos engineering in Kubernetes fun? It features a new demo now! But first, let’s recall what this tool is about.
KubeInvaders describes itself as a “gamified Chaos Engineering tool for Kubernetes,” which sums it up perfectly. There was a classic shoot 'em up arcade video game from the 70s, Space Invaders, involving a laser cannon to shoot rows of aliens. This project mimics it by using your actual Kubernetes Pods as aliens you’re shooting. It comes with various features, including:
- Shuffling the positions of the Pods to be killed;
- Randomly switching between namespaces;
- Showing you online stats (running/not running/deleted Pods) and events;
- Exposing Prometheus metrics;
- Programming mode (beta) to define your chaos experiments in YAML.
Now, the project also has a live demo, meaning you can open your web browser and play with KubeInvaders against a preconfigured Kubernetes cluster.
▶️ GitHub repo
🕹 Live demo
#tools #fun
KubeInvaders describes itself as a “gamified Chaos Engineering tool for Kubernetes,” which sums it up perfectly. There was a classic shoot 'em up arcade video game from the 70s, Space Invaders, involving a laser cannon to shoot rows of aliens. This project mimics it by using your actual Kubernetes Pods as aliens you’re shooting. It comes with various features, including:
- Shuffling the positions of the Pods to be killed;
- Randomly switching between namespaces;
- Showing you online stats (running/not running/deleted Pods) and events;
- Exposing Prometheus metrics;
- Programming mode (beta) to define your chaos experiments in YAML.
Now, the project also has a live demo, meaning you can open your web browser and play with KubeInvaders against a preconfigured Kubernetes cluster.
▶️ GitHub repo
🕹 Live demo
#tools #fun
❤3👍2
The organisers of Kubernetes Community Days Munich 2024, which happened this summer, have uploaded videos with all the talks. It was quite a big event, and we’re lucky to enjoy almost 50 videos in this playlist on YouTube.
If someone wants recommendations on what to choose, here are some (biased 😉) suggestions:
- “Choose Your Own Adventure: The Struggle for Security” by Whitney Lee (VMware Tanzu) and Viktor Farcic (Upbound).
- “Goodbye Ingress - Hello Gateway API” by Simon Pearce (SysEleven).
- “Fast Kubernetes Autoscaling with Knative” by Stefan Billet (QAware).
- “Kubernetes Authentication 2.0: Structured Authentication Configuration” by Maksim Nabokikh (Palark).
- “Kubernetes with Guardrails – How Mercedes-Benz enables Developers across 900+ Clusters” by Tjark Rasche (Mercedes-Benz Tech Innovation).
- “Oh No Our Kubernetes Cluster Has Been Compromised! Will YOU Save the Day?” by Benoît Entzmann (feesh) and Chay Te (dbi services).
#video #events
If someone wants recommendations on what to choose, here are some (biased 😉) suggestions:
- “Choose Your Own Adventure: The Struggle for Security” by Whitney Lee (VMware Tanzu) and Viktor Farcic (Upbound).
- “Goodbye Ingress - Hello Gateway API” by Simon Pearce (SysEleven).
- “Fast Kubernetes Autoscaling with Knative” by Stefan Billet (QAware).
- “Kubernetes Authentication 2.0: Structured Authentication Configuration” by Maksim Nabokikh (Palark).
- “Kubernetes with Guardrails – How Mercedes-Benz enables Developers across 900+ Clusters” by Tjark Rasche (Mercedes-Benz Tech Innovation).
- “Oh No Our Kubernetes Cluster Has Been Compromised! Will YOU Save the Day?” by Benoît Entzmann (feesh) and Chay Te (dbi services).
#video #events
❤4
Here goes our latest bunch of interesting Kubernetes-related articles recently spotted online:
1. “Building the lightest-weight Kubernetes dev ephemeral environments” by Galen Marchetti, Kardinal.
2. “Exploring Cloud Native projects in CNCF Sandbox. Part 1: 13 arrivals of 2023 H1” by Konstantin Nezhbert & Dmitry Shurupov, Palark.
3. “An Introduction to the OpenTelemetry Collector” by Josh Lee, Altinity.
4. “The Complete Process of How an External HTTP Request Reaches a Pod Container in Kubernetes” by Rifewang.
5. “Making SRE Workflows Smoother with AI Helpers: Using Ollama, OpenWebUI, and k8sGPT” by Krishnadas N S.
#articles
1. “Building the lightest-weight Kubernetes dev ephemeral environments” by Galen Marchetti, Kardinal.
“We’re excited to introduce Kardinal, an open-source tool that’s designed to make development and test environments for Kubernetes-deployed applications as lightweight as possible. If you manage multiple application deploys across dev, test, and QA, or you’re spinning up expensive development sandboxes, Kardinal can cut down resource usage and time-to-test by over 90%.”
2. “Exploring Cloud Native projects in CNCF Sandbox. Part 1: 13 arrivals of 2023 H1” by Konstantin Nezhbert & Dmitry Shurupov, Palark.
“New projects are joining CNCF and can surely help with your Cloud Native needs. Let’s discover Inspektor Gadget, Headlamp, Kepler, SlimToolkit, SOPS, Clusternet, Eraser, PipeCD, Microcks, kpt, Xline, HwameiStor, and KubeClipper!”
3. “An Introduction to the OpenTelemetry Collector” by Josh Lee, Altinity.
“By now you’re probably hearing about OpenTelemetry quite often. Maybe you’ve already read the description at opentelemetry.io. Maybe you’re asking yourself, “that’s a lot of words about metrics, traces, logs, and such — but how do I actually start using this thing?” If that sounds like you, then read on…”
4. “The Complete Process of How an External HTTP Request Reaches a Pod Container in Kubernetes” by Rifewang.
“How does an external HTTP/HTTPS request reach a container within a Pod in a Kubernetes cluster?”
5. “Making SRE Workflows Smoother with AI Helpers: Using Ollama, OpenWebUI, and k8sGPT” by Krishnadas N S.
“With Ollama, OpenWebUI, and K8sGPT, you can use AI-powered models to automate initial debugging and reporting steps, streamlining incident response and giving deeper insights into your cluster. [..] For Site Reliability Engineers (SREs), this integrated solution provides an initial overview of their Kubernetes cluster. Meanwhile, our locally hosted AI-powered chatbot assists in safeguarding sensitive information, helping SREs focus on generating reports and composing emails without worrying about data protection.”
#articles
👍2
The Certified Kubernetes Administrator (CKA) exam will change starting November 25, 2024.
The new program will include Gateway API, Helm and Kustomize, dynamic volume provisioning, CRDs and operators. You can find more information in this announcement and a good, detailed analysis made by Techiescamp.
#news #career
The new program will include Gateway API, Helm and Kustomize, dynamic volume provisioning, CRDs and operators. You can find more information in this announcement and a good, detailed analysis made by Techiescamp.
#news #career
👍4❤2
A new tool is announced for those who use Falco to detect suspicious events and lack a convenient way of reacting to them: Falco Talon.
Thomas Labarussias, the author of Falcosidekick, calls his new project a missing piece for Falco users. Falco Talon is a response engine for managing threats in Kubernetes clusters. It provides you with a simple, no-code solution to react to events from Falco by creating simple rules in YAML. Its features available with the first GA release (v0.1.0) include:
- Numerous ready-to-use actions to perform (
- Writing artifacts resulting from actions to local files, AWS S3, or MinIO S3;
- Various notifiers to forward action results, including Kubernetes events, Loki, Slack, webhooks, etc.;
- Structured logs, metrics (Prometheus and OTEL formats), and OTEL traces.
▶️ GitHub repo
📢 Project announcement
#tools #security #news
Thomas Labarussias, the author of Falcosidekick, calls his new project a missing piece for Falco users. Falco Talon is a response engine for managing threats in Kubernetes clusters. It provides you with a simple, no-code solution to react to events from Falco by creating simple rules in YAML. Its features available with the first GA release (v0.1.0) include:
- Numerous ready-to-use actions to perform (
actionners), such as kubernetes:exec, kubernetes:log, aws:lambda, cilium:networkpolicy, and more;- Writing artifacts resulting from actions to local files, AWS S3, or MinIO S3;
- Various notifiers to forward action results, including Kubernetes events, Loki, Slack, webhooks, etc.;
- Structured logs, metrics (Prometheus and OTEL formats), and OTEL traces.
▶️ GitHub repo
📢 Project announcement
#tools #security #news
❤3👍2
Last week, SimKube v1.0 was released. This project leverages KWOK (Kubernetes WithOut Kubelet) to simulate Kubernetes scheduling and autoscaling behaviour.
Announcing this release, its author, David R. Morrison, provides an example of using SimKube to compare how autoscaling works in Kubernetes Cluster Autoscaler vs. Karpenter. To run a simulation with SimKube, you need to collect a trace from your production cluster and create virtual K8s nodes (managed by KWOK) with fake Pods. SimKube also features:
- Autoscaling support (with Kubernetes Cluster Autoscaler or Karpenter);
- Collecting metrics from your simulations;
- Exporting traces to Amazon S3, Google Cloud Storage, and Azure Storage;
- Hooks to run arbitrary scripts at different points.
▶️ GitHub repo
📢 v1.0 announcement
UPDATE (September 19th): the second part of the SimKube 1.0 announcement was published. It covers running the simulations to compare Kubernetes Cluster Autoscaler & Karpenter.
#tools #news
Announcing this release, its author, David R. Morrison, provides an example of using SimKube to compare how autoscaling works in Kubernetes Cluster Autoscaler vs. Karpenter. To run a simulation with SimKube, you need to collect a trace from your production cluster and create virtual K8s nodes (managed by KWOK) with fake Pods. SimKube also features:
- Autoscaling support (with Kubernetes Cluster Autoscaler or Karpenter);
- Collecting metrics from your simulations;
- Exporting traces to Amazon S3, Google Cloud Storage, and Azure Storage;
- Hooks to run arbitrary scripts at different points.
▶️ GitHub repo
📢 v1.0 announcement
UPDATE (September 19th): the second part of the SimKube 1.0 announcement was published. It covers running the simulations to compare Kubernetes Cluster Autoscaler & Karpenter.
#tools #news
Here comes our newest digest of the prominent software updates in the Cloud Native ecosystem!
Release Spotlight: minikube v1.34.0
minikube is an official Kubernetes tool for running clusters locally. This week, its v1.34.0 was released, bringing numerous new features and enhancements. They include switching to Kubernetes 1.31.0 as the default version, a new
minikube now also supports running x86 QEMU on ARM64, multi-arch support in the
Other noticeable updates in the Cloud Native space:
1. Karmada, a Kubernetes management system for multi-cloud and multi-cluster orchestration (CNCF Incubating project), released its v1.11.0 with significantly improved
2. Kubespray v2.26.0 switched to installing Kubernetes v1.30.4 by default. It also got support to disable kernel
3. Trivy, a security scanner from Aqua Security, was updated to v0.55.0. It introduced abilities to customize detection sensitivity (the
4. Gardener, a framework for automated management and operation of Kubernetes clusters as a service, released its v1.103.0. It got a new
5. Chainsaw, a tool providing a declarative approach to testing Kubernetes operators and controllers, received numerous new features with its recent v0.2.9. They include server-side validation for resources, support for Kubernetes 1.31 and templating filenames used in operations, improved logging, and more.
6. Kong Gateway announced its v3.8.0 release with full support for OpenTelemetry, incremental configuration sync (in a tech preview), and several new plugins (json-threat-protection, upstream-oauth, header-cert-auth).
#news #releases
Release Spotlight: minikube v1.34.0
minikube is an official Kubernetes tool for running clusters locally. This week, its v1.34.0 was released, bringing numerous new features and enhancements. They include switching to Kubernetes 1.31.0 as the default version, a new
vfkit driver for macOS (based on a new virtualization framework from macOS 11), and a new addon for Volcano (a Cloud Native batch system).minikube now also supports running x86 QEMU on ARM64, multi-arch support in the
ingress-dns addon, darwin/arm64 support in the Parallels driver, and privileged ports on WSL. The addon images command got the -o json option; --driver and --container-runtime options got their shorthands (-d and -c, respectively).Other noticeable updates in the Cloud Native space:
1. Karmada, a Kubernetes management system for multi-cloud and multi-cluster orchestration (CNCF Incubating project), released its v1.11.0 with significantly improved
karmadactl capabilities, including a dozen of new commands (create, patch, label, etc.), the --operation-scope flag, and more detailed output. Other new features include a cluster-level ability to pause and resume resource propagation, standardised generation semantics for multi-cluster workloads, and a custom CRD download strategy in Karmada Operator.2. Kubespray v2.26.0 switched to installing Kubernetes v1.30.4 by default. It also got support to disable kernel
unattended-upgrades on Ubuntu, added the options to configure dependencies for kubelet.service and log levels for various components, deprecated support for CentOS 7 and dropped support for Debian 10.3. Trivy, a security scanner from Aqua Security, was updated to v0.55.0. It introduced abilities to customize detection sensitivity (the
--detection-priority flag) and scan generic YAML and JSON files for misconfigurations, the test scope for pom.xml files, and several improvements for Terraform.4. Gardener, a framework for automated management and operation of Kubernetes clusters as a service, released its v1.103.0. It got a new
NamespacedCloudProfile controller, metrics exposing the Garden resource's condition and last operation, an ability to deploy admission controllers for virtual-garden via gardener-operator, and a dummy admission controller for the provider-local extension.5. Chainsaw, a tool providing a declarative approach to testing Kubernetes operators and controllers, received numerous new features with its recent v0.2.9. They include server-side validation for resources, support for Kubernetes 1.31 and templating filenames used in operations, improved logging, and more.
6. Kong Gateway announced its v3.8.0 release with full support for OpenTelemetry, incremental configuration sync (in a tech preview), and several new plugins (json-threat-protection, upstream-oauth, header-cert-auth).
#news #releases
👍4
Prometheus 3.0.0 Beta was announced during PromCon EU 2024 last week. While it’s not ready for production users, you can already see the features it brings. They include:
- A brand new UI enabled by default. It has a modern look & feel based on Mantine UI with light and dark modes, a face-lifted menu structure, a metrics and labels explorer, a PromLens-style query tree view, and a query explanation tab.
- Remote Write 2.0 (we covered it before in this digest).
- OpenTelemetry support with UTF-8 characters for metric and label names and the ability to serve as a native receiver for the OTLP Metrics protocol.
- Native histograms, which are a higher efficiency and lower cost alternative to classic histograms.
- Agent mode is declared stable.
Find more information via the following resources:
- Release announcement in the project's blog
- GitHub release
- “A Look at the New Prometheus 3.0 UI” by Julius Volz, PromLabs
#news #releases #observability
- A brand new UI enabled by default. It has a modern look & feel based on Mantine UI with light and dark modes, a face-lifted menu structure, a metrics and labels explorer, a PromLens-style query tree view, and a query explanation tab.
- Remote Write 2.0 (we covered it before in this digest).
- OpenTelemetry support with UTF-8 characters for metric and label names and the ability to serve as a native receiver for the OTLP Metrics protocol.
- Native histograms, which are a higher efficiency and lower cost alternative to classic histograms.
- Agent mode is declared stable.
Find more information via the following resources:
- Release announcement in the project's blog
- GitHub release
- “A Look at the New Prometheus 3.0 UI” by Julius Volz, PromLabs
#news #releases #observability
👍4
Did you know there is a way to query Kubernetes as a graph? This project implements a syntax inspired by Neo4j’s Cypher to make it possible.
Cyphernetes, dubbed Kubernetes Query Language, provides “a mixture of ASCII-art, SQL and JSON” that might render your endless
- Expressions for getting required objects, creating, patching and deleting them;
- Support for macros (minimalistic stored procedures) and graphs (displaying nodes via ASCII art);
- An interactive shell with syntax highlighting and auto-completion;
- An operator (Cyphernetes DynamicOperator) to execute Cypher queries defined in CRDs.
▶️ GitHub repo
📢 Reddit announcement
#tools #CLI
Cyphernetes, dubbed Kubernetes Query Language, provides “a mixture of ASCII-art, SQL and JSON” that might render your endless
kubectl get -o json + jq combinations more elegant. Its features include:- Expressions for getting required objects, creating, patching and deleting them;
- Support for macros (minimalistic stored procedures) and graphs (displaying nodes via ASCII art);
- An interactive shell with syntax highlighting and auto-completion;
- An operator (Cyphernetes DynamicOperator) to execute Cypher queries defined in CRDs.
▶️ GitHub repo
📢 Reddit announcement
#tools #CLI
👍1
📖 One more bunch of interesting Kubernetes-related articles recently spotted online:
1. “Introducing ClusterCreator: K8s on Proxmox using Terraform and Ansible” by Jairus Christensen.
2. “5 Lessons Learned Managing Kubernetes in Enterprise Organizations” by Brian Bensky, Fairwinds.
3. “A Hands-on Guide to OpenTelemetry - Manual Instrumentation for Developers” by Eric D. Schabell, Chronosphere.
4. “Configure ArgoCD, Prometheus, Grafana & AWS Load Balancer Controller on EKS Cluster using Terraform” by Aman Pathak, AWS Community Builder.
5. “VictoriaLogs: an overview, run in Kubernetes, LogsQL, and Grafana” by Arseny Zinchenko.
6. “Forensic container checkpointing with CRIU in Kubernetes” by Seifeddine Rajhi, AWS Community Builder.
7. “Persistent Storage in Kubernetes: A Comprehensive Guide” by Senthil Raja Chermapandian.
#articles
1. “Introducing ClusterCreator: K8s on Proxmox using Terraform and Ansible” by Jairus Christensen.
“In January of 2024, I was searching for an open-source project that I could use to provision and bootstrap Kubernetes clusters on Proxmox infrastructure, much like a cloud provider does. Surprisingly, I didn’t find anything on GitHub that could easily provision and then bootstrap a K8s cluster for me! So I built my own. The final result is incredibly useful for my environment. I can create K8s clusters from scratch in minutes with as little as two commands! As a user, it’s almost just as easy as requesting a K8s cluster from a cloud provider, but all on Proxmox!”
2. “5 Lessons Learned Managing Kubernetes in Enterprise Organizations” by Brian Bensky, Fairwinds.
“[..] deploying Kubernetes at scale in enterprise environments presents unique challenges that are different from those faced in smaller companies. Let’s walk through the key lessons we’ve learned from enabling enterprise clients to deploy applications and services successfully to production environments.”
3. “A Hands-on Guide to OpenTelemetry - Manual Instrumentation for Developers” by Eric D. Schabell, Chronosphere.
“In this series you'll explore how to adopt OpenTelemetry (OTel) and how to instrument an application to collect tracing telemetry. You'll learn how to leverage out-of-the-box automatic instrumentation tools and understand when it's necessary to explore more advanced manual instrumentation for your applications. By the end of this series you'll have an understanding of how telemetry travels from your applications, to the OpenTelemetry Collector, and be ready to bring OpenTelemetry to your future projects.”
4. “Configure ArgoCD, Prometheus, Grafana & AWS Load Balancer Controller on EKS Cluster using Terraform” by Aman Pathak, AWS Community Builder.
“In today’s DevOps-driven world, automating infrastructure deployment is crucial for maintaining efficiency and scalability. Setting up a secure and robust EKS (Elastic Kubernetes Service) cluster, complete with essential tools like ArgoCD, Prometheus, and Grafana, requires careful planning and execution. This guide will walk you through the entire process, from configuring your environment to deploying your infrastructure using Terraform, ensuring that your private EKS cluster is up and running smoothly with all the necessary resources.”
5. “VictoriaLogs: an overview, run in Kubernetes, LogsQL, and Grafana” by Arseny Zinchenko.
“So, since monitoring in my project is built on VictoriaMetrics, and VictoriaLogs has already got the Grafana data source support, it’s time to try it out and compare it with Grafana Loki. [..] So what are we going to do today? Launch VictoriaLogs in Kubernetes; take a look at the capabilities of its LogsQL; connect the Grafana data source; will see how to create a dashboard in Grafana.”
6. “Forensic container checkpointing with CRIU in Kubernetes” by Seifeddine Rajhi, AWS Community Builder.
“Checkpointing is a technique for ensuring that applications can recover from failures and maintain their state. It captures the state of a running process, including its memory, file descriptors, and other metadata. In this demo, we’ll talk about the concept of Kubernetes checkpointing, its benefits, and how you can use it to improve your application’s fault tolerance. We will also dive into how CRIU (Checkpoint/Restore In Userspace) is used to implement this feature and explore some creative use cases.”
7. “Persistent Storage in Kubernetes: A Comprehensive Guide” by Senthil Raja Chermapandian.
“In this blog post, we will delve into the world of persistent storage in Kubernetes, exploring its importance, different types, and considerations for choosing the right solution. [..] Open source storage solutions include Ceph, GlusterFS, Rook, and OpenEBS.”
#articles
❤1
Kubecost is acquired by IBM
Kubecost is a well-known solution for Kubernetes cost monitoring and management. Created in 2019 by ex-Googlers, it came along with the Open Source project called OpenCost. The latter was accepted in the CNCF Sandbox in 2022. This acquisition is tightly related to another FinOps deal in 2023 when IBM acquired Apptio Inc.
More information:
- IBM press release
- TechCrunch coverage
- IBM FinOps suite announced earlier this year
- Reddit discussion
#news #finops
Kubecost is a well-known solution for Kubernetes cost monitoring and management. Created in 2019 by ex-Googlers, it came along with the Open Source project called OpenCost. The latter was accepted in the CNCF Sandbox in 2022. This acquisition is tightly related to another FinOps deal in 2023 when IBM acquired Apptio Inc.
More information:
- IBM press release
- TechCrunch coverage
- IBM FinOps suite announced earlier this year
- Reddit discussion
#news #finops
🤔4
Do you prefer a terminal to manage your Kubernetes resources yet find yourself sometimes kubectl’ing a bit too much? There’s a new rising star in the K8s TUI space!
kty, dubbed “the terminal for Kubernetes” and written in Rust, was recently created to empower you with a console-based dashboard for interacting with K8s clusters via any SSH client (including the one you might have on your phone!). You will need to install it to your cluster in order to:
- Log in to your cluster via OpenID providers’ accounts, such as GitHub or Google;
- Navigate through your Kubernetes Pods and filter them (listing Nodes will be added soon);
- Check your Pods’ manifests, get a shell, read the logs;
- Forward traffic from your local machine to the cluster and vice versa;
- Transfer files from your Pods via SCP or SFTP.
▶️ GitHub repo
📢 Reddit announcement
#tools #CLI
kty, dubbed “the terminal for Kubernetes” and written in Rust, was recently created to empower you with a console-based dashboard for interacting with K8s clusters via any SSH client (including the one you might have on your phone!). You will need to install it to your cluster in order to:
- Log in to your cluster via OpenID providers’ accounts, such as GitHub or Google;
- Navigate through your Kubernetes Pods and filter them (listing Nodes will be added soon);
- Check your Pods’ manifests, get a shell, read the logs;
- Forward traffic from your local machine to the cluster and vice versa;
- Transfer files from your Pods via SCP or SFTP.
▶️ GitHub repo
📢 Reddit announcement
#tools #CLI
👍3
The recent ISSTA (International Symposium on Software Testing and Analysis) 2024 conference featured a research article called “An Empirical Study on Kubernetes Operator Bugs”. Its authors conducted the first comprehensive study on 210 operator bugs from 36 Kubernetes operators, including those for PostgreSQL, MySQL, Redis, Elasticsearch, OpenTelemetry, Prometheus, etc.
Some of the findings are:
- The most common bug patterns in the K8s operators are incorrect state observation and analysis (60%), incorrect reconciliation (27%), incorrect custom resource definition (9%), and incorrect access control configuration (4%).
- 83% of operator bugs require updating specific state properties or updating them with specific values.
- 54% of operator bugs only lead to silent failures such as unstable state and undesired state.
🔗 Article DOI and its full PDF.
#news #articles
Some of the findings are:
- The most common bug patterns in the K8s operators are incorrect state observation and analysis (60%), incorrect reconciliation (27%), incorrect custom resource definition (9%), and incorrect access control configuration (4%).
- 83% of operator bugs require updating specific state properties or updating them with specific values.
- 54% of operator bugs only lead to silent failures such as unstable state and undesired state.
🔗 Article DOI and its full PDF.
#news #articles
🔥5
Here comes our newest digest of the prominent software updates in the Cloud Native ecosystem!
Release Spotlight: CloudNativePG 1.24.0
CNPG is a Kubernetes operator for PostgreSQL databases. Last month, the project announced its new v1.24.0 release with significant updates. Perhaps the two most prominent features are Distributed PostgreSQL Topologies, which enable hybrid and multi-cloud CNPG deployments, and Managed Services, which allow advanced service management, including accessing PostgreSQL outside Kubernetes.
CNPG 1.24 also got an enhanced synchronous replication API with the
Other noticeable updates in the Cloud Native space:
1. OpenTelemetry Collector v0.109.0 with an updated GitHub Receiver (previously known as Git Provider Receiver) adhering to the CICD Semantic Conventions 1.27.0 and GitHub metrics promoted to alpha. Other new features include a receiver for Google Cloud monitoring, support for Prometheus-created timestamps, exponential histogram support for Elasticsearch, encoding extensions in the Kafka receiver, and more.
2. CRI-O, an OCI-based implementation of Kubernetes Container Runtime Interface (a graduated CNCF project), was updated to v1.31.0 with crun as the default OCI runtime. It also got support for fine-grained
3. Jaeger, a distributed tracing system (a graduated CNCF project), is getting closer to its v2 with v1.61.0 / v2.0.0-rc1. Jaeger v2 introduces a new architecture for Jaeger backend components based on the OpenTelemetry Collector framework. You can read more about it in this article. The latest release also brought numerous experimental features, such as validation in badger storage and memory storage configs, tail-based sampling processor extension, and health check extension.
4. Argo CD v2.13 RC was announced with 40+ new features. They include a new
5. KCL, a constraint-based record and functional language (a CNCF Sandbox project), released its v0.10.0 with numerous changes in the core, toolchain, IDE, libraries, and SDKs. Some of them are attribute access and index access in assignment statements, a new
#news #releases
Release Spotlight: CloudNativePG 1.24.0
CNPG is a Kubernetes operator for PostgreSQL databases. Last month, the project announced its new v1.24.0 release with significant updates. Perhaps the two most prominent features are Distributed PostgreSQL Topologies, which enable hybrid and multi-cloud CNPG deployments, and Managed Services, which allow advanced service management, including accessing PostgreSQL outside Kubernetes.
CNPG 1.24 also got an enhanced synchronous replication API with the
synchronous_standby_names option, WAL disk space exhaustion prevention, declarative delayed replicas, transparent support for the allow_alter_system parameter (from PostgreSQL 17), an ability to define postInit and postInitTemplate instructions in configmaps or secrets, and more. You can find more information on GitHub. Other noticeable updates in the Cloud Native space:
1. OpenTelemetry Collector v0.109.0 with an updated GitHub Receiver (previously known as Git Provider Receiver) adhering to the CICD Semantic Conventions 1.27.0 and GitHub metrics promoted to alpha. Other new features include a receiver for Google Cloud monitoring, support for Prometheus-created timestamps, exponential histogram support for Elasticsearch, encoding extensions in the Kafka receiver, and more.
2. CRI-O, an OCI-based implementation of Kubernetes Container Runtime Interface (a graduated CNCF project), was updated to v1.31.0 with crun as the default OCI runtime. It also got support for fine-grained
SupplementalGroups control and Kubernetes image volume source (both appeared in Kubernetes v1.31), sigstore signature verification for policies corresponding to a certain Kubernetes namespace, new --no-sync-log option, new crio check subcommand, etc.3. Jaeger, a distributed tracing system (a graduated CNCF project), is getting closer to its v2 with v1.61.0 / v2.0.0-rc1. Jaeger v2 introduces a new architecture for Jaeger backend components based on the OpenTelemetry Collector framework. You can read more about it in this article. The latest release also brought numerous experimental features, such as validation in badger storage and memory storage configs, tail-based sampling processor extension, and health check extension.
4. Argo CD v2.13 RC was announced with 40+ new features. They include a new
argocd appset generate command to preview application manifests, a dry-run mode for argocd appset create, promotion of the multi-source applications from beta to stable, an ability to use regexps to configure the allowed namespaces, improved reconcile performance for applications with many resources, added Application Set metrics, and more.5. KCL, a constraint-based record and functional language (a CNCF Sandbox project), released its v0.10.0 with numerous changes in the core, toolchain, IDE, libraries, and SDKs. Some of them are attribute access and index access in assignment statements, a new
kcl test tool, a new KCL C/C++ language SDK, KCL WASM lib support for Mode.js and browser integration. A new KCL Playground based on WASM is now also available here.#news #releases
👍4
A new (third) edition of the “Kubernetes – An Enterprise Guide” book* by Scott Surovich and Marc Boorstein was recently published. Packt now offers free digital copies of the book in exchange for unbiased reader reviews. It got an overwhelming response on Reddit with 500+ comments in less than two days. You can reach Maran Fernandes on LinkedIn to join the crowd.
* It covers networking, security (RBAC, KubeArmor, OPA, GateKeeper, Vault, External Secret Operator), service mesh (Istio), CI/CD (GitLab, Argo CD), observability (Prometheus, Grafana, OpenSearch), and multitenancy (vCluster) topics.
P.S. If you’re interested in books about Kubernetes, see our earlier post listing five of them as the community recommends.
#career
* It covers networking, security (RBAC, KubeArmor, OPA, GateKeeper, Vault, External Secret Operator), service mesh (Istio), CI/CD (GitLab, Argo CD), observability (Prometheus, Grafana, OpenSearch), and multitenancy (vCluster) topics.
P.S. If you’re interested in books about Kubernetes, see our earlier post listing five of them as the community recommends.
#career
👍3
Here goes our latest bunch of interesting Kubernetes-related articles recently spotted online:
1. “Kubernetes security fundamentals: Admission Control” by Rory McCune, Datadog.
2. “High Availability Alertmanager on Kubernetes: No Alerts Left Behind” by Joe Banks.
3. “Developer's Guide to Installing OpenTelemetry Collector” by Prathamesh Sonpatki, Last9.
4. “Using GitHub as a Helm Chart Repository” by Christian Huth.
5. “Securing Kubernetes and Containers: Best Practices to Reduce Attack Surface” by Nathan Hueck.
#articles
1. “Kubernetes security fundamentals: Admission Control” by Rory McCune, Datadog.
“In this post we'll take a look at admission control, another key aspect of Kubernetes security. Admission control is the last of the three stages that requests go through when they're being processed by a Kubernetes cluster. Assuming that the request has valid credentials and is authorized, Kubernetes admission controllers will process the request and may modify or reject it during that process.”
2. “High Availability Alertmanager on Kubernetes: No Alerts Left Behind” by Joe Banks.
“For alerting in Python Discord and other personal projects I am a big fan of AlertManager. Unlike other much more complex alerting and on-call systems, AlertManager is a dead-simple Go application which is easy to deploy and configured solely with YAML files. [..] This article covers my approach to making AlertManager highly available on Kubernetes, and how you can do the same.”
3. “Developer's Guide to Installing OpenTelemetry Collector” by Prathamesh Sonpatki, Last9.
“Learn how to install and configure the OpenTelemetry Collector for enhanced observability. This guide covers Docker, Kubernetes, and Linux installations with step-by-step instructions and configuration examples.”
4. “Using GitHub as a Helm Chart Repository” by Christian Huth.
“GitHub Pages in combination with the GitHub Releaser Action make it really easy to publish your Helm Charts securely and reliably. You can use a custom domain to change the default domain to suit your needs and make the Helm Repository easily accessible. [..] In this guide, I'll show you how to set up a Helm Chart Repository in less than 10 minutes using GitHub Pages and GitHub Action Workflows.”
5. “Securing Kubernetes and Containers: Best Practices to Reduce Attack Surface” by Nathan Hueck.
“By following these best practices for securing Kubernetes and Containers in cloud environments, you can significantly reduce the attack surface and ensure that your containerised workloads are protected from common security threats. [..] Secure the Kubernetes API; Secure the Kubelet; Pod Security; Network Security; Secrets Management; Image Security; Monitoring and Logging; Regular Patching and Updates; Auditing Kubernetes; Additionally Securing Containers.”
#articles
❤3👍2
EDB, the original authors of CloudNativePG, celebrates the leadership of its well-known Kubernetes operator for PostgreSQL in GitHub stars. The project was launched just two years ago, and now it has surpassed all other Open Source PgSQL operators in stargazers.
This happened just recently: at the time of writing this post, CNPG had 4291 stars vs. 4264 for its closest opponent (an operator from Zalando). Also, as we all know, GitHub stars are quite a vague metric. However, the star history chart confirms an overall trend in how the community adopts CNPG.
P.S. Here, you can find an overview of CNPG and a brief comparison with other solutions.
#news #databases
This happened just recently: at the time of writing this post, CNPG had 4291 stars vs. 4264 for its closest opponent (an operator from Zalando). Also, as we all know, GitHub stars are quite a vague metric. However, the star history chart confirms an overall trend in how the community adopts CNPG.
P.S. Here, you can find an overview of CNPG and a brief comparison with other solutions.
#news #databases
👍3