Kubernetes Weekly Newsletter, Kaptain. Curated Kubernetes news, tutorials, tools and more!
🌐 View in your browser.   |  ✍️ Publish on FAUN   |  🦄 Become a sponsor
Allow loading remote contents and showing images to get the best out of this email.
⭐ Patrons
faun.dev faun.dev
Advertise with FAUN
Sponsor FAUN and reach developers where they are, not where you want them to be.

Download our mediakit.
goteleport.com goteleport.com
👉 What is Identity-Native Infrastructure Access?
What the largest tech companies like Google and Facebook have discovered as they have grown their infrastructure is that traditional access control systems do not scale. Not only does the risk of a breach increase with each secret, but forcing developers to juggle hundreds of credentials to do their jobs limits productivity and encourages insecure workarounds.

The largest companies in the world have discovered that identity-based access is the way out of the dilemma.

This O'Reilly book will explain the concept of identity-based infrastructure access, and how it differs from more common older approaches based on secrets.
🔔 Announcement

We're thrilled to announce Humans Behind Code!

Humans Behind Code (HBC) is a project by FAUN, where developers meet other developers and learn about the people behind the tools, libraries, frameworks, and other projects they use to build their applications.

We interview developers and ask them about their projects, their motivations, their struggles, and their successes. It's about sharing knowledge and helping each other grow.

👉 If you're a Developer or a maintainer of a widely adopted Open Source project and you think it's worth talking about it and your experiences in building it, join Humans Behind Code!

Aymen from FAUN.

If you have any questions, just hit the reply button!
🐾 From FAUNers
faun.dev faun.dev
Helm application manager for Kubernetes. Using professional and hand-crafted charts.   ✅
The plan of this tutorial is constructing an artificial application example consisting of a mixture of RabbitMQ message broker, wrapped in Helm package and maintained by Bitnami and very naive Rest API server connecting to RabbitMQ and sending/receiving messages.

This plan is nothing too unusual for software developers, like writing Node.js application and digging into npm packages for libraries or coding .Net Core application and searching nuget for the same purpose.

By @yurgenua
👉 Create your FAUN Page if it's not done yet and start sharing your blog posts, news, and tools on FAUN Developer Community, collect badges and more!
⭐ Sponsors
nordvpn.sjv.io nordvpn.sjv.io
Best VPN Deal
NordVPN 68% Black Friday discount is here!

👉 Access anything online without restrictions
👉 Add extra layers of security to your digital life
👉 Get the best online protection tools along with your NordVPN service.
👉 Get 3 months FREE with the 2-year plan
🔗 From the web
kmitevski.com kmitevski.com
Kubernetes Mutating Webhook with Python and FastAPI
In this article, you will learn how to easily create a mutating webhook to intercept Kubernetes objects and modify them on the fly.
www.darkreading.com www.darkreading.com
Top 10 Kubernetes Security Risks Every DevSecOps Pro Should Know
The mission to run any containerized application on any infrastructure makes security a challenge on Kubernetes.
www.altoros.com www.altoros.com
Volcano: Scheduling 300,000 Kubernetes Pods in Production Daily
Already adopted by 50+ industry giants like Amazon and Tencent, Volcano helps to manage and schedule batch jobs across different frameworks.
medium.com medium.com
Scheduling in Kubernetes
So In this article, you will learn about :
  • What is a Scheduler?
  • How to manually schedule pods in Kubernetes?
  • Concept of Taints and Tolerations in Kubernetes.
  • Concept of Node Affinity in Kubernetes.
martinheinz.dev martinheinz.dev
Backup-and-Restore of Containers with Kubernetes Checkpointing API
Kubernetes v1.25 introduced Container Checkpointing API as an alpha feature. This provides a way to backup-and-restore containers running in Pods, without ever stopping them.

This feature is primarily aimed at forensic analysis, but general backup-and-restore is something any Kubernetes user can take advantage of.

Take a look at this brand-new feature and see how you can enable it in your clusters and leverage it for backup-and-restore or forensic analysis.

⭐ Supporters
faun.dev faun.dev
Post Developers Jobs for Free on FAUN
Reach developers where they are not where you want them to be.
Post jobs for free reach thousands of developers.
internxt.com internxt.com
70% off on the 2TB Internxt Annual Plan
✅ Encrypted file storage and sharing
✅ Access your files from any device
✅ Get access to all our services

Discount available until December 5th.
📺 Quick Hits
DH2i released DxEnterprise container sidecar.
  • Provider of IT infrastructure solution DH2i has unveiled DxEnterprise (DxE) version 22 that introduces a new container sidecar to enable application-level high availability (HA) clustering for stateful containers in Kubernetes (K8s).
  • The DxE v22 sidecar delivers a separate container that can run alongside an application container in a Kubernetes pod.
  • For database architects and developers, the DxE sidecar delivers three key deployment benefits, namely isolation, quick deployment, and scalability.
  • The primary application can run independently in one container while the DxE sidecar hosts complementary HA clustering services which can help to isolate failures.
KubeVela 1.6 is released, a cloud-native application platform with united delivery and day-2 management.
  • Ding Yu (General Manager of the Alibaba Cloud-Native Application Platform) released the new milestone release v1.6 of KubeVela during the 2022 Apsara Conference.
  • This release is a qualitative change in KubeVela from application delivery to application management.
  • It also creates a precedent in the industry to build an application platform with delivery and management integrated based on a scalable model.
Docker team announced that Docker Hub can now help you distribute any type of application artifact.
  • Before this announcement, you could only use Docker Hub to store and distribute container images — or artifacts usable by container runtimes. This became a limitation since container image distribution is just the tip of the application delivery iceberg.
  • Nowadays, modern application delivery requires numerous types of artifacts: Helm charts, WebAssembly modules, Docker Volumes, SBOMs, OPA bundles and many other custom artifacts.
  • Developers often share these with clients that need them since they add immense value to each project.
  • Now, you can keep everything in one place without having to leverage multiple registries.
AWS Fargate adds support for monitoring storage utilization.
  • AWS Fargate adds the ability to monitor the utilization of the ephemeral storage attached to a Amazon Elastic Container Service (ECS) task.
  • Customers can track the storage utilization with Amazon CloudWatch Container Insights and ECS Task Metadata endpoint.
  • Container Insights helps monitor usage, visualize metrics on CloudWatch dashboards, and create alarms to be notified when the usage is approaching the configured storage limits.
  • Additionally, ECS Task metadata endpoint makes it easy to query for storage utilization metric and build integrations with custom monitoring solutions.
📚 Book picks
amzn.to amzn.to
Hacking Kubernetes
This book begins with a vanilla Kubernetes installation with built-in defaults.

You'll examine an abstract threat model of a distributed system running arbitrary workloads, and then progress to a detailed assessment of each component of a secure Kubernetes system.
  • Understand where your Kubernetes system is vulnerable with threat modelling techniques
  • Focus on pods, from configurations to attacks and defenses
  • Secure your cluster and workload traffic
  • Define and enforce policy with RBAC, OPA, and Kyverno
  • Dive deep into sandboxing and isolation techniques
  • Learn how to detect and mitigate supply chain attacks
  • Explore filesystems, volumes, and sensitive information at rest
  • Discover what can go wrong when running multitenant workloads in a cluster
  • Learn what you can do if someone breaks in despite you having controls in place
⚙️ Tools
github.com github.com
Automated Terraform cloud and enterprise drift detection
github.com github.com
Next-generation Cloud Native Gateway
github.com github.com
A curated list of software and architecture related design patterns.
github.com github.com
Cloud-native authorization for modern applications and APIs
github.com github.com
Over 100 popular Kubernetes CRDs (CustomResourceDefinition) in JSON schema format.
👉 Spread the word and help developers find and follow your Open Source project by promoting it on FAUN. Get in touch for more information.
😂 Meme of the week
❤️ Thanks for reading
👋 Keep in touch
Follow us on 🐦Twitter
Follow us on 👥Facebook
Follow us on 💼LinkedIn
Follow us on 📰Reddit

👌 Was this newsletter helpful?
We'd really appreciate it if you could forward it to your friends!

🙏 Never miss our messages!
To receive our future emails in your inbox, please take a quick second and consider adding our email (community@faun.dev) to your contact list. This guide will help you.

ℹ️ Have a question or feedback?
Feel free to reply to this email. We'd love to hear from you!

Kaptain #347: Scheduling 300,000 Kubernetes Pods in Production Daily
Legend: ✅ = Editor's Choice / ♻️ = Old but Gold / ⭐ = Promoted / 🔰 = Beginner Friendly

You received this email because you are subscribed to FAUN.
🐾 FAUN is a world wide community of developers 👣 We help developers learn and grow by keeping them up with what matters.

You can manage your subscription options here (recommended) or use the old way here (legacy). If you have any problem, read this or reply to this email.

Important: We are gradually migrating to a new system. If you don't create an account on FAUN (here), you will stop receiving our weekly newsletter.