What's next for cloud-native computing?
Content from KubeCon and EnvoyCon videos 2021
Hacktoberfest 2021 starts today, deep dive into k8s scheduling, Kubermatic
5 years of Envoy, Kubernetes CVE, getting started with K8s security
State of DevOps report, critical review of the Kubernetes hardening guidance, what happened to Docker, 8 Terraform best practices
Kubernetes dashboards, Path from Kubernetes to Serverless with Kelsey Hightower, and Secret Manager support for Functions
Github Codespaces, KubeCon and learncloudnative.com redesign
Docker updates subscription plan
Docker introduced a new production subscription - Docker Business - for organizations that use Docker at scale and require additional features (SSO, registry access control, ...).
Docker Desktop will remain free for small businesses, personal use, and non-commercial open-source projects. This tier has been renamed Docker Personal. You may use Docker Desktop for free (As part of the Docker personal subscription) for:
- Small companies (<250 employees AND less than $10m in annual revenue)
- Personal use
- Education and learning (students, instructors)
- Non-commercial open source project
For other subscription tiers (Pro, Team, Business), you'll have to pay $5 per user per month.
For an alternative, check out this article by Cirrus Minor that talks about replacing Docker Desktop with hyperkit and minikube.
State of Kubernetes Security Report
Red Hat published the State of Kubernetes security report that examines how companies are adopting Kubernetes, containers, and cloud-native tech and securing Kubernetes apps. One of the exciting findings in the report (amongst others) is that 94% of respondents experienced at least one security incident in their Kubernetes environment. The majority of the issues get attributed to human error and misconfiguration of resources. You can read the full report and other findings here.
Organizing Kubernetes containers
There are different ways and patterns to organize Kubernetes containers. The init containers allow you to separate the applications from the initialization logic.
If you have existing containers but want to augment their behavior, you can use the sidecar container pattern and have an additional container run alongside your app container.
To hide the complexity and provide a unified interface, so your container can access external services or do the opposite - provide a unified interface to external services to access your container, you can use the ambassador and adapter patterns.
I've also talked about these patterns and demonstrated how to use them in one of the Kubernetes YouTube live streams.
ArgoCD - Declarative, GitOps continuous delivery tool for Kubernetes
ArgoCD follows the GitOps pattern where you use Git repo as the source of truth. It runs as a controller in Kubernetes and continuously monitors running apps and compares the current state with the desired state from the Git repository. You can get started with ArgoCD by following the getting started tutorial or watch the full GitOps and ArgoCD video from Anais Urlichs on YouTube.
Links of the week
- The mystery of kubelet eating CPU and IOPS
- Top 9 Open Source DevSecOps tools for Kubernetes
- Observability: The 5-year retrospective
- gRPC: A deep dive into the communication pattern
- A good enough Kubernetes namespace visualization tool
- Deploying single Kubernetes cluster across multiple clouds using k3s and WireGuard
- Tornjak - Workload identity management
- Alpha in Kubernets v1.22: API server tracing