Kubernetes Weekly Newsletter, Kaptain. Curated Kubernetes news, tutorials, tools and more!
🌐 View in your browser.   |  ✍️ Publish on FAUN   |  🦄 Become a sponsor
 
Allow loading remote contents and showing images to get the best out of this email.
Kaptain
 
 
 
 

🎉🔗 Tech Enthusiasts, Assemble! 🔗🎉

Calling all DevOps heroes, Kubernetes sailors, Golang wizards, and Cloud-natives! 🚀
FAUN has Subreddits just waiting for you. Join the community, where sharing is caring, and knowledge is limitless! 🌟


Engage in thought-provoking discussions, share your mighty projects, soak in wisdom from industry gurus, and forge bonds with tech aficionados around the globe! 🌍🔗💬

The realms of knowledge are infinite – let's explore them together! 🚀🔥

 
 
🔗 From the web
 
engineering.outschool.com engineering.outschool.com
 
Gitlab Runner on Kubernetes
 
 

Outschool uses GitLab SaaS along with self-hosted GitLab Runner to fulfill their CI/CD needs and improve their system's performance and scalability for a wide range of functionality. They utilize a combination of community-provided Terraform modules and Docker Machine executors to enable auto-scaling and experiment with new versions of CI jobs.

 
 
medium.com medium.com
 
Distributed Tracing — Past, Present and Future   ✅
 
 

Distributed Tracing, once a highly anticipated technology, has seen moderate adoption and faces challenges in implementation, sampling, and limited developer usage. However, the future holds promise with advancements such as auto-instrumentation without code changes, AI-based selection of relevant requests, and the emergence of rich distributed traces that encompass various debugging information, leading to a more comprehensive observability solution for distributed architectures.

 
 
0xdc.me 0xdc.me
 
How to find unused Prometheus metrics using mimirtool
 
 

The article explains how to analyze and extract the list of used and unused metrics in a Prometheus setup. By using mimirtool, the author demonstrates how to identify metrics used in Grafana dashboards, Prometheus rules, and other sources. This analysis helps optimize resource usage and provides insights for improving dashboard design and alerts.

 
 
medium.com medium.com
 
Why and How We Use Prometheus to Monitor Kubernetes
 
 

ZipRecruiter moved from using Icinga to Prometheus for monitoring their Kubernetes environment due to Icinga's server-centric model not aligning well with the fluid nature of Kubernetes nodes. Prometheus's unstructured labels and pull-driven approach for collecting information proved to be more suitable for their monitoring needs. They also faced challenges with high cardinality in Prometheus metrics and the need for longer-term storage capabilities. Additionally, they implemented a serverless cloud meta-monitoring system using AWS Lambda to watch multiple Prometheus instances and detect broader issues. Finally, they shared key insights for a successful migration, emphasizing a gradual transition, educating teams on Prometheus usage, and leveraging auto-discovery features in Kubernetes.

 
 
www.signadot.com www.signadot.com
 
Service Mesh vs. API Gateway on Kubernetes
 
 

In Kubernetes, a service mesh is a dedicated infrastructure layer that handles communication and observability between services within a distributed system, while an API gateway acts as a centralized entry point for external clients to access services. The service mesh focuses on internal service-to-service communication, traffic management, and observability, while the API gateway handles request routing, protocol transformation, and security enforcement for external clients. Both serve different purposes in a microservices architecture and can complement each other. The K8s Gateway API standardizes the interfaces for both the API gateway and service mesh.

 
 
blog.apartment304.com blog.apartment304.com
 
Don't Migrate to Kubernetes
 
 

Migrating to Kubernetes can be daunting for many organizations. Shifting the goal from “use Kubernetes” to having good operational practices makes for an easier, iterative transition.

 
 
kubernetes.io kubernetes.io
 
Confidential Kubernetes: Use Confidential Virtual Machines and Enclaves to improve your cluster security   ✅
 
 

Confidential Computing (CC) introduces hardware-enforced Trusted Execution Environments (TEEs) to protect data in use. TEEs like AMD SEV, Intel SGX, and Intel TDX provide secure environments for computations, while technologies such as ARM TrustZone and AWS Nitro Enclaves offer TEE solutions for specific devices and cloud platforms. These TEEs ensure confidentiality, integrity, attestation, and recoverability of data, with each technology offering different features and limitations. The performance overhead of CC is relatively low, making it suitable for real-world workloads, and it complements other encryption techniques like Fully Homomorphic Encryption (FHE), Zero Knowledge Proofs (ZKP), and Multi-Party Computations (MPC). Use cases include Confidential Containers (CoCo) and secure projects in cloud-native environments.

 
 
kubernetes.io kubernetes.io
 
Verifying Container Image Signatures Within CRI Runtimes   ✅
 
 

The Kubernetes community has implemented container image-based artifact signing since release v1.24, and other projects have followed suit. To verify these signatures, manual methods can be used for testing purposes, but for production environments, automation tools like the sigstore policy-controller can be utilized. Additionally, CRI-O, a container runtime, now supports container image signature verification starting from version v1.28, simplifying the validation process.

 
 
positive.security positive.security
 
Hacking Auto-GPT and escaping its docker container   ✅
 
 

Auto-GPT vulnerability allows arbitrary code execution and docker escape: Researchers discovered an attack that tricks Auto-GPT into executing arbitrary code by injecting malicious prompts during seemingly harmless tasks. The attack also exploits vulnerabilities in self-built versions of the Auto-GPT docker image and non-docker versions, allowing code execution outside of the intended sandboxing.

 
 
medium.com medium.com
 
Grafana vs. Prometheus Agent
 
 

The Prom agent is an implementation of the Grafana agent specifically focused on metrics observability. It provides a separate service for scraping metrics and writing them to another system for storage, querying, and alerting, offering a solution for scaling metrics collection in Prometheus while decoupling it from other functionalities.

 
 
medium.com medium.com
 
Demystifying OOM Killer in Kubernetes: Tracking Down Memory Issues
 
 

The OOM killer is a critical component in Kubernetes that terminates pods when they exceed their memory limit, freeing up memory for other important processes and preventing system crashes. By monitoring memory metrics, particularly the `container_memory_working_set_bytes`, the OOM killer identifies the processes or pods responsible for memory overload and ensures the overall stability of the cluster.

 
 
matduggan.com matduggan.com
 
GKE (Google Kubernetes Engine) Review
 
 

GKE (Google Kubernetes Engine) is a highly recommended managed Kubernetes service that simplifies the setup and management of Kubernetes clusters. It offers features like automatic detection of outdated APIs, built-in ancillary services (such as DNS and load balancing), easy cluster replication, and backup and restore capabilities. GKE also utilizes Container-Optimized OS, an operating system designed specifically for running containers, which provides security, stability, and hassle-free updates.

 
 

 
⭐ Supporters
 
leanpub.com leanpub.com
 
Exclusive 20% Discount on "Cloud Native Microservices With Kubernetes" - Limited Time Offer!
 
 

We are thrilled to announce a special offer for our widely acclaimed book, "Cloud Native Microservices With Kubernetes - A Comprehensive Guide to Building, Scaling, Deploying, Observing, and Managing Highly-Available Microservices in Kubernetes".

Starting today and running until July 31st, we're offering an exclusive 20% discount off the regular price!

To take advantage of this offer, simply use this coupon link .

Don't miss this opportunity. Remember, the offer is only valid until July 31st. Grab your copy now and unlock the full potential of cloud-native microservices with Kubernetes!

We look forward to empowering your journey in the world of cloud computing!

Happy learning!
FAUN Team

 
 
👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.
 
🛍️ Swag Store
 
 
ByteVibe New Arrivals: Desk Mats
 
❤️ 20% exclusive discount for FAUNers on all products (+free shipping included) when you use the code "THANKSFAUN".
 
🎦 Videos
 
www.youtube.com www.youtube.com
 
Exposing Custom Host Metrics Using the Prometheus Node Exporter
 
 

How to use the Node Exporter's "textfile" collector module to expose custom host metrics.

 
 

 
⚙️ Tools
 
github.com github.com
 
binpash/try
 
 

Inspect a command's effects before modifying your live system

 
 
github.com github.com
 
ksoclabs/kbom
 
 

KBOM - Kubernetes Bill of Materials

 
 
github.com github.com
 
Llandy3d/pytheus
 
 

Experimenting with a new prometheus client for python

 
 
👉 Spread the word and help developers find and follow your Open Source project by promoting it on FAUN. Get in touch for more information.
 
🤔 Did you know?
 
 

The Apollo 11 guidance computer, which helped land humans on the moon, had less processing power than a modern-day smartphone.

 
 
😂 Meme of the week
 
 
 
 
❤️ Thanks for reading
 
 
👋 Keep in touch and follow us on social media:
- 💼LinkedIn
- 📝Medium
- 🐦Twitter
- 👥Facebook
- 📰Reddit
- 📸Instagram

👌 Was this newsletter helpful?
We'd really appreciate it if you could forward it to your friends! You can also donate to help us keep this newsletter going.

🙏 Never miss an issue!
To receive our future emails in your inbox, don't forget to add community@faun.dev to your contacts.

ℹ️ Have a question or feedback?
Feel free to reply to this email. We'd love to hear from you!

🤩 Want to sponsor our newsletter?
Reach out to us at sponsors@faun.dev and we'll get back to you as soon as possible.
 

Kaptain #381: Demystifying OOM Killer in Kubernetes
Legend: ✅ = Editor's Choice / ♻️ = Old but Gold / ⭐ = Promoted / 🔰 = Beginner Friendly

You received this email because you are subscribed to FAUN.
🐾 FAUN is a world wide community of developers 👣 We help developers learn and grow by keeping them up with what matters.

You can manage your subscription options here (recommended) or use the old way here (legacy). If you have any problem, read this or reply to this email.

Important: We are gradually migrating to a new system. If you don't create an account on FAUN (here), you will stop receiving our weekly newsletter.