Here goes our latest bunch of interesting Kubernetes-related articles recently spotted online:

1. “Building the lightest-weight Kubernetes dev ephemeral environments” by Galen Marchetti, Kardinal.

“We’re excited to introduce Kardinal, an open-source tool that’s designed to make development and test environments for Kubernetes-deployed applications as lightweight as possible. If you manage multiple application deploys across dev, test, and QA, or you’re spinning up expensive development sandboxes, Kardinal can cut down resource usage and time-to-test by over 90%.”

2. “Exploring Cloud Native projects in CNCF Sandbox. Part 1: 13 arrivals of 2023 H1” by Konstantin Nezhbert & Dmitry Shurupov, Palark.

“New projects are joining CNCF and can surely help with your Cloud Native needs. Let’s discover Inspektor Gadget, Headlamp, Kepler, SlimToolkit, SOPS, Clusternet, Eraser, PipeCD, Microcks, kpt, Xline, HwameiStor, and KubeClipper!”

3. “An Introduction to the OpenTelemetry Collector” by Josh Lee, Altinity.

“By now you’re probably hearing about OpenTelemetry quite often. Maybe you’ve already read the description at opentelemetry.io. Maybe you’re asking yourself, “that’s a lot of words about metrics, traces, logs, and such — but how do I actually start using this thing?” If that sounds like you, then read on…”

4. “The Complete Process of How an External HTTP Request Reaches a Pod Container in Kubernetes” by Rifewang.

“How does an external HTTP/HTTPS request reach a container within a Pod in a Kubernetes cluster?”

5. “Making SRE Workflows Smoother with AI Helpers: Using Ollama, OpenWebUI, and k8sGPT” by Krishnadas N S.

“With Ollama, OpenWebUI, and K8sGPT, you can use AI-powered models to automate initial debugging and reporting steps, streamlining incident response and giving deeper insights into your cluster. [..] For Site Reliability Engineers (SREs), this integrated solution provides an initial overview of their Kubernetes cluster. Meanwhile, our locally hosted AI-powered chatbot assists in safeguarding sensitive information, helping SREs focus on generating reports and composing emails without worrying about data protection.”

#articles

The Certified Kubernetes Administrator (CKA) exam will change starting November 25, 2024.

The new program will include Gateway API, Helm and Kustomize, dynamic volume provisioning, CRDs and operators. You can find more information in this announcement and a good, detailed analysis made by Techiescamp.

#news #career

A new tool is announced for those who use Falco to detect suspicious events and lack a convenient way of reacting to them: Falco Talon.

Thomas Labarussias, the author of Falcosidekick, calls his new project a missing piece for Falco users. Falco Talon is a response engine for managing threats in Kubernetes clusters. It provides you with a simple, no-code solution to react to events from Falco by creating simple rules in YAML. Its features available with the first GA release (v0.1.0) include:

- Numerous ready-to-use actions to perform (actionners), such as kubernetes:exec, kubernetes:log, aws:lambda, cilium:networkpolicy, and more;
- Writing artifacts resulting from actions to local files, AWS S3, or MinIO S3;
- Various notifiers to forward action results, including Kubernetes events, Loki, Slack, webhooks, etc.;
- Structured logs, metrics (Prometheus and OTEL formats), and OTEL traces.

▶️ GitHub repo
📢 Project announcement

#tools #security #news

Last week, SimKube v1.0 was released. This project leverages KWOK (Kubernetes WithOut Kubelet) to simulate Kubernetes scheduling and autoscaling behaviour.

Announcing this release, its author, David R. Morrison, provides an example of using SimKube to compare how autoscaling works in Kubernetes Cluster Autoscaler vs. Karpenter. To run a simulation with SimKube, you need to collect a trace from your production cluster and create virtual K8s nodes (managed by KWOK) with fake Pods. SimKube also features:

- Autoscaling support (with Kubernetes Cluster Autoscaler or Karpenter);
- Collecting metrics from your simulations;
- Exporting traces to Amazon S3, Google Cloud Storage, and Azure Storage;
- Hooks to run arbitrary scripts at different points.

▶️ GitHub repo
📢 v1.0 announcement

UPDATE (September 19th): the second part of the SimKube 1.0 announcement was published. It covers running the simulations to compare Kubernetes Cluster Autoscaler & Karpenter.

#tools #news

Here comes our newest digest of the prominent software updates in the Cloud Native ecosystem!

Release Spotlight: minikube v1.34.0

minikube is an official Kubernetes tool for running clusters locally. This week, its v1.34.0 was released, bringing numerous new features and enhancements. They include switching to Kubernetes 1.31.0 as the default version, a new vfkit driver for macOS (based on a new virtualization framework from macOS 11), and a new addon for Volcano (a Cloud Native batch system).

minikube now also supports running x86 QEMU on ARM64, multi-arch support in the ingress-dns addon, darwin/arm64 support in the Parallels driver, and privileged ports on WSL. The addon images command got the -o json option; --driver and --container-runtime options got their shorthands (-d and -c, respectively).


Other noticeable updates in the Cloud Native space:

1. Karmada, a Kubernetes management system for multi-cloud and multi-cluster orchestration (CNCF Incubating project), released its v1.11.0 with significantly improved karmadactl capabilities, including a dozen of new commands (create, patch, label, etc.), the --operation-scope flag, and more detailed output. Other new features include a cluster-level ability to pause and resume resource propagation, standardised generation semantics for multi-cluster workloads, and a custom CRD download strategy in Karmada Operator.

2. Kubespray v2.26.0 switched to installing Kubernetes v1.30.4 by default. It also got support to disable kernel unattended-upgrades on Ubuntu, added the options to configure dependencies for kubelet.service and log levels for various components, deprecated support for CentOS 7 and dropped support for Debian 10.

3. Trivy, a security scanner from Aqua Security, was updated to v0.55.0. It introduced abilities to customize detection sensitivity (the --detection-priority flag) and scan generic YAML and JSON files for misconfigurations, the test scope for pom.xml files, and several improvements for Terraform.

4. Gardener, a framework for automated management and operation of Kubernetes clusters as a service, released its v1.103.0. It got a new NamespacedCloudProfile controller, metrics exposing the Garden resource's condition and last operation, an ability to deploy admission controllers for virtual-garden via gardener-operator, and a dummy admission controller for the provider-local extension.

5. Chainsaw, a tool providing a declarative approach to testing Kubernetes operators and controllers, received numerous new features with its recent v0.2.9. They include server-side validation for resources, support for Kubernetes 1.31 and templating filenames used in operations, improved logging, and more.

6. Kong Gateway announced its v3.8.0 release with full support for OpenTelemetry, incremental configuration sync (in a tech preview), and several new plugins (json-threat-protection, upstream-oauth, header-cert-auth).

#news #releases

Prometheus 3.0.0 Beta was announced during PromCon EU 2024 last week. While it’s not ready for production users, you can already see the features it brings. They include:

- A brand new UI enabled by default. It has a modern look & feel based on Mantine UI with light and dark modes, a face-lifted menu structure, a metrics and labels explorer, a PromLens-style query tree view, and a query explanation tab.
- Remote Write 2.0 (we covered it before in this digest).
- OpenTelemetry support with UTF-8 characters for metric and label names and the ability to serve as a native receiver for the OTLP Metrics protocol.
- Native histograms, which are a higher efficiency and lower cost alternative to classic histograms.
- Agent mode is declared stable.

Find more information via the following resources:
- Release announcement in the project's blog
- GitHub release
- “A Look at the New Prometheus 3.0 UI” by Julius Volz, PromLabs

#news #releases #observability

Did you know there is a way to query Kubernetes as a graph? This project implements a syntax inspired by Neo4j’s Cypher to make it possible.

Cyphernetes, dubbed Kubernetes Query Language, provides “a mixture of ASCII-art, SQL and JSON” that might render your endless kubectl get -o json + jq combinations more elegant. Its features include:

- Expressions for getting required objects, creating, patching and deleting them;
- Support for macros (minimalistic stored procedures) and graphs (displaying nodes via ASCII art);
- An interactive shell with syntax highlighting and auto-completion;
- An operator (Cyphernetes DynamicOperator) to execute Cypher queries defined in CRDs.

▶️ GitHub repo
📢 Reddit announcement

#tools #CLI

📖 One more bunch of interesting Kubernetes-related articles recently spotted online:

1. “Introducing ClusterCreator: K8s on Proxmox using Terraform and Ansible” by Jairus Christensen.

“In January of 2024, I was searching for an open-source project that I could use to provision and bootstrap Kubernetes clusters on Proxmox infrastructure, much like a cloud provider does. Surprisingly, I didn’t find anything on GitHub that could easily provision and then bootstrap a K8s cluster for me! So I built my own. The final result is incredibly useful for my environment. I can create K8s clusters from scratch in minutes with as little as two commands! As a user, it’s almost just as easy as requesting a K8s cluster from a cloud provider, but all on Proxmox!”

2. “5 Lessons Learned Managing Kubernetes in Enterprise Organizations” by Brian Bensky, Fairwinds.

“[..] deploying Kubernetes at scale in enterprise environments presents unique challenges that are different from those faced in smaller companies. Let’s walk through the key lessons we’ve learned from enabling enterprise clients to deploy applications and services successfully to production environments.”

3. “A Hands-on Guide to OpenTelemetry - Manual Instrumentation for Developers” by Eric D. Schabell, Chronosphere.

“In this series you'll explore how to adopt OpenTelemetry (OTel) and how to instrument an application to collect tracing telemetry. You'll learn how to leverage out-of-the-box automatic instrumentation tools and understand when it's necessary to explore more advanced manual instrumentation for your applications. By the end of this series you'll have an understanding of how telemetry travels from your applications, to the OpenTelemetry Collector, and be ready to bring OpenTelemetry to your future projects.”

4. “Configure ArgoCD, Prometheus, Grafana & AWS Load Balancer Controller on EKS Cluster using Terraform” by Aman Pathak, AWS Community Builder.

“In today’s DevOps-driven world, automating infrastructure deployment is crucial for maintaining efficiency and scalability. Setting up a secure and robust EKS (Elastic Kubernetes Service) cluster, complete with essential tools like ArgoCD, Prometheus, and Grafana, requires careful planning and execution. This guide will walk you through the entire process, from configuring your environment to deploying your infrastructure using Terraform, ensuring that your private EKS cluster is up and running smoothly with all the necessary resources.”

5. “VictoriaLogs: an overview, run in Kubernetes, LogsQL, and Grafana” by Arseny Zinchenko.

“So, since monitoring in my project is built on VictoriaMetrics, and VictoriaLogs has already got the Grafana data source support, it’s time to try it out and compare it with Grafana Loki. [..] So what are we going to do today? Launch VictoriaLogs in Kubernetes; take a look at the capabilities of its LogsQL; connect the Grafana data source; will see how to create a dashboard in Grafana.”

6. “Forensic container checkpointing with CRIU in Kubernetes” by Seifeddine Rajhi, AWS Community Builder.

“Checkpointing is a technique for ensuring that applications can recover from failures and maintain their state. It captures the state of a running process, including its memory, file descriptors, and other metadata. In this demo, we’ll talk about the concept of Kubernetes checkpointing, its benefits, and how you can use it to improve your application’s fault tolerance. We will also dive into how CRIU (Checkpoint/Restore In Userspace) is used to implement this feature and explore some creative use cases.”

7. “Persistent Storage in Kubernetes: A Comprehensive Guide” by Senthil Raja Chermapandian.

“In this blog post, we will delve into the world of persistent storage in Kubernetes, exploring its importance, different types, and considerations for choosing the right solution. [..] Open source storage solutions include Ceph, GlusterFS, Rook, and OpenEBS.”

#articles

Kubecost is acquired by IBM

Kubecost is a well-known solution for Kubernetes cost monitoring and management. Created in 2019 by ex-Googlers, it came along with the Open Source project called OpenCost. The latter was accepted in the CNCF Sandbox in 2022. This acquisition is tightly related to another FinOps deal in 2023 when IBM acquired Apptio Inc.

More information:
- IBM press release
- TechCrunch coverage
- IBM FinOps suite announced earlier this year
- Reddit discussion

#news #finops

Do you prefer a terminal to manage your Kubernetes resources yet find yourself sometimes kubectl’ing a bit too much? There’s a new rising star in the K8s TUI space!

kty, dubbed “the terminal for Kubernetes” and written in Rust, was recently created to empower you with a console-based dashboard for interacting with K8s clusters via any SSH client (including the one you might have on your phone!). You will need to install it to your cluster in order to:

- Log in to your cluster via OpenID providers’ accounts, such as GitHub or Google;
- Navigate through your Kubernetes Pods and filter them (listing Nodes will be added soon);
- Check your Pods’ manifests, get a shell, read the logs;
- Forward traffic from your local machine to the cluster and vice versa;
- Transfer files from your Pods via SCP or SFTP.

▶️ GitHub repo
📢 Reddit announcement

#tools #CLI

The recent ISSTA (International Symposium on Software Testing and Analysis) 2024 conference featured a research article called “An Empirical Study on Kubernetes Operator Bugs”. Its authors conducted the first comprehensive study on 210 operator bugs from 36 Kubernetes operators, including those for PostgreSQL, MySQL, Redis, Elasticsearch, OpenTelemetry, Prometheus, etc.

Some of the findings are:
- The most common bug patterns in the K8s operators are incorrect state observation and analysis (60%), incorrect reconciliation (27%), incorrect custom resource definition (9%), and incorrect access control configuration (4%).
- 83% of operator bugs require updating specific state properties or updating them with specific values.
- 54% of operator bugs only lead to silent failures such as unstable state and undesired state.

🔗 Article DOI and its full PDF.

#news #articles

Here comes our newest digest of the prominent software updates in the Cloud Native ecosystem!

Release Spotlight: CloudNativePG 1.24.0

CNPG is a Kubernetes operator for PostgreSQL databases. Last month, the project announced its new v1.24.0 release with significant updates. Perhaps the two most prominent features are Distributed PostgreSQL Topologies, which enable hybrid and multi-cloud CNPG deployments, and Managed Services, which allow advanced service management, including accessing PostgreSQL outside Kubernetes.

CNPG 1.24 also got an enhanced synchronous replication API with the synchronous_standby_names option, WAL disk space exhaustion prevention, declarative delayed replicas, transparent support for the allow_alter_system parameter (from PostgreSQL 17), an ability to define postInit and postInitTemplate instructions in configmaps or secrets, and more. You can find more information on GitHub.


Other noticeable updates in the Cloud Native space:

1. OpenTelemetry Collector v0.109.0 with an updated GitHub Receiver (previously known as Git Provider Receiver) adhering to the CICD Semantic Conventions 1.27.0 and GitHub metrics promoted to alpha. Other new features include a receiver for Google Cloud monitoring, support for Prometheus-created timestamps, exponential histogram support for Elasticsearch, encoding extensions in the Kafka receiver, and more.

2. CRI-O, an OCI-based implementation of Kubernetes Container Runtime Interface (a graduated CNCF project), was updated to v1.31.0 with crun as the default OCI runtime. It also got support for fine-grained SupplementalGroups control and Kubernetes image volume source (both appeared in Kubernetes v1.31), sigstore signature verification for policies corresponding to a certain Kubernetes namespace, new --no-sync-log option, new crio check subcommand, etc.

3. Jaeger, a distributed tracing system (a graduated CNCF project), is getting closer to its v2 with v1.61.0 / v2.0.0-rc1. Jaeger v2 introduces a new architecture for Jaeger backend components based on the OpenTelemetry Collector framework. You can read more about it in this article. The latest release also brought numerous experimental features, such as validation in badger storage and memory storage configs, tail-based sampling processor extension, and health check extension.

4. Argo CD v2.13 RC was announced with 40+ new features. They include a new argocd appset generate command to preview application manifests, a dry-run mode for argocd appset create, promotion of the multi-source applications from beta to stable, an ability to use regexps to configure the allowed namespaces, improved reconcile performance for applications with many resources, added Application Set metrics, and more.

5. KCL, a constraint-based record and functional language (a CNCF Sandbox project), released its v0.10.0 with numerous changes in the core, toolchain, IDE, libraries, and SDKs. Some of them are attribute access and index access in assignment statements, a new kcl test tool, a new KCL C/C++ language SDK, KCL WASM lib support for Mode.js and browser integration. A new KCL Playground based on WASM is now also available here.

#news #releases

A new (third) edition of the “Kubernetes – An Enterprise Guide” book* by Scott Surovich and Marc Boorstein was recently published. Packt now offers free digital copies of the book in exchange for unbiased reader reviews. It got an overwhelming response on Reddit with 500+ comments in less than two days. You can reach Maran Fernandes on LinkedIn to join the crowd.

* It covers networking, security (RBAC, KubeArmor, OPA, GateKeeper, Vault, External Secret Operator), service mesh (Istio), CI/CD (GitLab, Argo CD), observability (Prometheus, Grafana, OpenSearch), and multitenancy (vCluster) topics.

P.S. If you’re interested in books about Kubernetes, see our earlier post listing five of them as the community recommends.

#career

Here goes our latest bunch of interesting Kubernetes-related articles recently spotted online:

1. “Kubernetes security fundamentals: Admission Control” by Rory McCune, Datadog.

“In this post we'll take a look at admission control, another key aspect of Kubernetes security. Admission control is the last of the three stages that requests go through when they're being processed by a Kubernetes cluster. Assuming that the request has valid credentials and is authorized, Kubernetes admission controllers will process the request and may modify or reject it during that process.”

2. “High Availability Alertmanager on Kubernetes: No Alerts Left Behind” by Joe Banks.

“For alerting in Python Discord and other personal projects I am a big fan of AlertManager. Unlike other much more complex alerting and on-call systems, AlertManager is a dead-simple Go application which is easy to deploy and configured solely with YAML files. [..] This article covers my approach to making AlertManager highly available on Kubernetes, and how you can do the same.”

3. “Developer's Guide to Installing OpenTelemetry Collector” by Prathamesh Sonpatki, Last9.

“Learn how to install and configure the OpenTelemetry Collector for enhanced observability. This guide covers Docker, Kubernetes, and Linux installations with step-by-step instructions and configuration examples.”

4. “Using GitHub as a Helm Chart Repository” by Christian Huth.

“GitHub Pages in combination with the GitHub Releaser Action make it really easy to publish your Helm Charts securely and reliably. You can use a custom domain to change the default domain to suit your needs and make the Helm Repository easily accessible. [..] In this guide, I'll show you how to set up a Helm Chart Repository in less than 10 minutes using GitHub Pages and GitHub Action Workflows.”

5. “Securing Kubernetes and Containers: Best Practices to Reduce Attack Surface” by Nathan Hueck.

“By following these best practices for securing Kubernetes and Containers in cloud environments, you can significantly reduce the attack surface and ensure that your containerised workloads are protected from common security threats. [..] Secure the Kubernetes API; Secure the Kubelet; Pod Security; Network Security; Secrets Management; Image Security; Monitoring and Logging; Regular Patching and Updates; Auditing Kubernetes; Additionally Securing Containers.”

#articles

EDB, the original authors of CloudNativePG, celebrates the leadership of its well-known Kubernetes operator for PostgreSQL in GitHub stars. The project was launched just two years ago, and now it has surpassed all other Open Source PgSQL operators in stargazers.

This happened just recently: at the time of writing this post, CNPG had 4291 stars vs. 4264 for its closest opponent (an operator from Zalando). Also, as we all know, GitHub stars are quite a vague metric. However, the star history chart confirms an overall trend in how the community adopts CNPG.

P.S. Here, you can find an overview of CNPG and a brief comparison with other solutions.

#news #databases

If you’re interested in running local/private LLMs (leveraging Ollama and similar solutions) on Kubernetes, take a look at this new project.

KubeAI serves an OpenAI-compatible HTTP API in Kubernetes, providing you with a drop-in OpenAI replacement and simplifying the needed operations. The project’s authors call it “a Model Operator that manages vLLM and Ollama servers [inside Kubernetes].” Most noticeable KubeAI features include:

- Support for various Open Source model servers, including vLLM, Ollama, FasterWhisper, and Infinity. (Speech-to-Text and Text-Embedding are supported.)
- An option to preload LLMs in custom container images.
- Autoscaling based on load.
- A Chat UI based on OpenWebUI.
- An ability to work in the CPU-only mode and with GPUs. TPU support is planned.
- No dependencies (such as service meshes) and installable in regular K8s clusters, OpenShift, and managed K8s solutions (currently, there’s an instruction for GKE with Autopilot).

▶️ GitHub repo

#tools #genai

Just a few prominent recent events regarding new/maturing CNCF projects:

1. Perses, a dashboard tool to visualise observability data from Prometheus/Thanos/Jaeger aspiring to become a standard, was accepted as a CNCF Sandbox project in the end of August.

2. Artifact Hub, a web app to find, install, and publish packages and configurations for Cloud Native software, became a CNCF Incubating project (after being in its Sandbox for 4 years).

3. CloudNativePG, a Kubernetes operator for PostgreSQL (we covered it just recently), has applied to join CNCF Sandbox. Interestingly, it is the second attempt to do so, with the first one carried out (and failed) in April 2022 when the project was just born.

#tools #news #cncfprojects

Here comes our newest digest of the prominent software updates in the Cloud Native ecosystem!

1. Cortex, a scalable long-term storage for Prometheus (a CNCF Incubating project), got its v1.18.0 with lots of updates. They include an experimental native histogram ingestion, support for filtering alerts (ListRules API), new query rejection mechanism, a token bucket limiter, and ingester metadata API limits.

2. Argo Workflows, a workflow engine for orchestrating parallel jobs on Kubernetes, has seen its v3.6.0-rc1 with hundreds(!) of changes. Some of its new features are using Prometheus TLS by default, configurable individual metrics, OpenTelemetry metrics and numerous new other metrics (Pod pending counter, Pod phase counter, leader metric, etc.), multiple schedules in CronWorkflow, SQLite-based memory store for live workflows, dynamic templateRef naming, support for ephemeral credentials for S3, and many UI improvements.

3. Kanister, a framework for application-level data management on K8s (a CNCF Sandbox project), released v0.111.0 with support for read-only and write access modes when kando connects to Kopia repository server, cache size limits for Kopia server, an ability to pass labels and annotations when creating/cloning volume snapshot resources, and customisation of the labels and annotations of the temporary Pods created by Kanister.

4. Kata Containers 3.9.0 introduced support for pulling cosign-signed images, refined device management for kata-agent, image annotations for remote hypervisors, SetPolicy support in agent-ctl, and more.

5. Devtron, a tool integration platform for Kubernetes, was updated to v0.7.2. This release brought support for creating plugins at pipeline stage level, TLS support for Git and GitOps, GitOps support for OCI repositories, GitLab webhook support, async Argo CD app refresh operation, and other features.

6. PipeCD, a GitOps-style continuous delivery platform for apps across different environments (a CNCF Sandbox project), got its v0.49.0 featuring significantly improved AWS Lambda support (plan preview, drift detection, etc.), ECS enhancements (drift detection, LiveState UI), OIDC support for the SSO, and sending OpenTelemetry traces to control plane.

#news #releases

Our newest bunch of interesting Kubernetes-related articles recently spotted online:

1. “The Beginner's Guide to Securing Kubernetes” by Ophir Kelmen, Hunters.

“In this article, you will learn foundational terms and concepts essential for securing Kubernetes clusters. Whether you're a beginner or an experienced professional, this guide covers the critical knowledge required to understand the security dimensions of Kubernetes and methods to identify and detect specific attack techniques. No prior knowledge of Kubernetes is necessary to benefit from the article.”

2. “OpenTelemetry Tracing in 200 lines of code” by Jeremy Morrell.

“It’s no wonder then that most developers approach tracing libraries as unknownable black boxes. We add them to our applications, cross our fingers, and hope they give us useful information when the pager goes off at 2am. They are likely a lot simpler than you expect! Once you peel back the layers, I find a useful mental model of tracing looks like “fancy logging” combined with “context propagation” a.k.a “passing some IDs around”.”

3. “The Istio Service Mesh for People Who Have Stuff to Do” by Luca Cavallin.

“Istio is a powerful tool that simplifies traffic management, security, and observability for microservices. Contributing to Istio gave me insight into how it helps solve some of the complex challenges that come with running distributed systems. If you're running a microservices architecture or planning to scale, Istio can help you make your system more resilient and easier to manage.”

4. “Node.js 20 upgrade: a journey through unexpected HEAP issues with Kubernetes” by Loïc “Ztec” Doubinine, Deezer.

“When using Node.js in a Kubernetes environment, and more broadly in a containerized scenario, you must consider the memory and CPU reservation. It needs to be configured in order to set limits to your process that would otherwise consume more than you expected. Also, setting it to low values requires attention to ensure the process accommodates the limit appropriately.”

5. “Introduction to the Gateway API: Revolutionizing Kubernetes Networking” by Disha Virk.

“Traditional tools like the Ingress API have long been the backbone for exposing services to external traffic, but as environments grow more sophisticated, developers and operators are looking for greater flexibility, extensibility, and fine-grained control over network traffic. In this article, we’ll dive deep into what the Gateway API is, why it was developed, and how it’s set to transform the way we handle networking in Kubernetes.”

6. “Keycloak with istio and Oauth2-Proxy” by Chris Haessig.

“Setting up Istio with Keycloak and OAuth2 Proxy is a common pattern for adding authentication and authorization to your microservices architecture. Each component plays a crucial role in securing access to resources while maintaining flexibility and scalability. Keycloak acts as an identity provider (IdP) and OAuth2 authorization server. It manages user authentication, including multi-factor authentication (MFA), single sign-on (SSO), and federation. By integrating OAuth2 Proxy, you can convert the OAuth2 authentication flow from Keycloak into HTTP headers that are passed to backend services. This decouples services from handling authentication logic, allowing centralized security management.”

#articles

CNCF has published another project journey report: etcd. It covers the whole story of this well-known key-value store (since 2013), featuring various stats and focusing on the years under the CNCF guidance (since 2018).

Some of the facts are:
- in CNCF, etcd has seen 65k contributions from 400+ companies;
- top contributing companies (cumulative) are CoreOS, Google, VMware, Red Hat, and Amazon;
- the project has its own SIG-etcd (introduced in 2023);
- there were 38 keynotes, talks, sessions, meetings, and workshops dedicated to etcd at KubeCons.

P.S. You can find more project reports (Kubernetes, Harbor, OpenTelemetry, and Argo) here.

#news #databases #cncfprojects