Best resources, news and tutorials about Kubernetes from last week.
Kaptain
 
Stunning resources, news and tutorials about Kubernetes, Distributed Systems and Containers
🌐 View in your browser.   |  ✍️ Publish on FAUN   |  🦄 Become a sponsor
 
 
Patrons
 
faun.dev faun.dev
 
Advertise with FAUN
 
 
Meet developers where they are, not where you want them to be. Fill the form and download our mediakit.
 
 
goteleport.com goteleport.com
 
👉 What is Identity-Native Infrastructure Access?
 
 
What the largest tech companies like Google and Facebook have discovered as they have grown their infrastructure is that traditional access control systems do not scale. Not only does the risk of a breach increase with each secret, but forcing developers to juggle hundreds of credentials to do their jobs limits productivity and encourages insecure workarounds.

The largest companies in the world have discovered that identity-based access is the way out of the dilemma.

This O'Reilly book will explain the concept of identity-based infrastructure access, and how it differs from more common older approaches based on secrets.
 
 
 
 
 
🔔 Announcement

We're thrilled to announce Humans Behind Code!

Humans Behind Code (HBC) is a project by FAUN, where developers meet other developers and learn about the people behind the tools, libraries, frameworks, and other projects they use to build their applications.

We interview developers and ask them about their projects, their motivations, their struggles, and their successes. It's about sharing knowledge and helping each other grow.

👉 If you're a Developer or a maintainer of a widely adopted Open Source project and you think it's worth talking about it and your experiences in building it, join Humans Behind Code!

Best,
Aymen from FAUN.

If you have any questions, just hit the reply button!
 
 
From FAUNers 🐾
 
faun.dev faun.dev
 
Helm application manager for Kubernetes. Using professional and hand-crafted charts.   ✅
 
 
The plan of this tutorial is constructing an artificial application example consisting of a mixture of RabbitMQ message broker, wrapped in Helm package and maintained by Bitnami and very naive Rest API server connecting to RabbitMQ and sending/receiving messages.

This plan is nothing too unusual for software developers, like writing Node.js application and digging into npm packages for libraries or coding .Net Core application and searching nuget for the same purpose.

By @yurgenua
 
 
👉 Create your FAUN Page if it's not done yet and start sharing your blog posts, news, and tools on FAUN Developer Community, collect badges and more!
 
 
Sponsors
 
nordvpn.sjv.io nordvpn.sjv.io
 
Best VPN Deal
 
 
NordVPN 68% Black Friday discount is here!

👉 Access anything online without restrictions
👉 Add extra layers of security to your digital life
👉 Get the best online protection tools along with your NordVPN service.
👉 Get 3 months FREE with the 2-year plan
 
 
 
From the web
 
martinheinz.dev martinheinz.dev
 
Backup-and-Restore of Containers with Kubernetes Checkpointing API
 
 
Kubernetes v1.25 introduced Container Checkpointing API as an alpha feature. This provides a way to backup-and-restore containers running in Pods, without ever stopping them.

This feature is primarily aimed at forensic analysis, but general backup-and-restore is something any Kubernetes user can take advantage of.

Take a look at this brand-new feature and see how you can enable it in your clusters and leverage it for backup-and-restore or forensic analysis.
 
 
medium.com medium.com
 
Scheduling in Kubernetes
 
 
So In this article, you will learn about :
  • What is a Scheduler?
  • How to manually schedule pods in Kubernetes?
  • Concept of Taints and Tolerations in Kubernetes.
  • Concept of Node Affinity in Kubernetes.
 
 
kmitevski.com kmitevski.com
 
Kubernetes Mutating Webhook with Python and FastAPI
 
 
In this article, you will learn how to easily create a mutating webhook to intercept Kubernetes objects and modify them on the fly.
 
 
www.darkreading.com www.darkreading.com
 
Top 10 Kubernetes Security Risks Every DevSecOps Pro Should Know
 
 
The mission to run any containerized application on any infrastructure makes security a challenge on Kubernetes.
 
 
www.altoros.com www.altoros.com
 
Volcano: Scheduling 300,000 Kubernetes Pods in Production Daily
 
 
Already adopted by 50+ industry giants like Amazon and Tencent, Volcano helps to manage and schedule batch jobs across different frameworks.
 
 
 
Supporters
 
internxt.com internxt.com
 
70% off on the 2TB Internxt Annual Plan
 
 
✅ Encrypted file storage and sharing
✅ Access your files from any device
✅ Get access to all our services

Discount available until December 5th.
 
 
faun.dev faun.dev
 
Post Developers Jobs for Free on FAUN
 
 
Reach developers where they are not where you want them to be.
Post jobs for free reach thousands of developers.
 
 
 
Quick Hits
 
 
DH2i released DxEnterprise container sidecar.
  • Provider of IT infrastructure solution DH2i has unveiled DxEnterprise (DxE) version 22 that introduces a new container sidecar to enable application-level high availability (HA) clustering for stateful containers in Kubernetes (K8s).
  • The DxE v22 sidecar delivers a separate container that can run alongside an application container in a Kubernetes pod.
  • For database architects and developers, the DxE sidecar delivers three key deployment benefits, namely isolation, quick deployment, and scalability.
  • The primary application can run independently in one container while the DxE sidecar hosts complementary HA clustering services which can help to isolate failures.
 
 
KubeVela 1.6 is released, a cloud-native application platform with united delivery and day-2 management.
  • Ding Yu (General Manager of the Alibaba Cloud-Native Application Platform) released the new milestone release v1.6 of KubeVela during the 2022 Apsara Conference.
  • This release is a qualitative change in KubeVela from application delivery to application management.
  • It also creates a precedent in the industry to build an application platform with delivery and management integrated based on a scalable model.
 
 
Docker team announced that Docker Hub can now help you distribute any type of application artifact.
  • Before this announcement, you could only use Docker Hub to store and distribute container images — or artifacts usable by container runtimes. This became a limitation since container image distribution is just the tip of the application delivery iceberg.
  • Nowadays, modern application delivery requires numerous types of artifacts: Helm charts, WebAssembly modules, Docker Volumes, SBOMs, OPA bundles and many other custom artifacts.
  • Developers often share these with clients that need them since they add immense value to each project.
  • Now, you can keep everything in one place without having to leverage multiple registries.
 
 
AWS Fargate adds support for monitoring storage utilization.
  • AWS Fargate adds the ability to monitor the utilization of the ephemeral storage attached to a Amazon Elastic Container Service (ECS) task.
  • Customers can track the storage utilization with Amazon CloudWatch Container Insights and ECS Task Metadata endpoint.
  • Container Insights helps monitor usage, visualize metrics on CloudWatch dashboards, and create alarms to be notified when the usage is approaching the configured storage limits.
  • Additionally, ECS Task metadata endpoint makes it easy to query for storage utilization metric and build integrations with custom monitoring solutions.
 
 
Book picks
 
amzn.to amzn.to
 
Hacking Kubernetes
 
 
This book begins with a vanilla Kubernetes installation with built-in defaults.

You'll examine an abstract threat model of a distributed system running arbitrary workloads, and then progress to a detailed assessment of each component of a secure Kubernetes system.
  • Understand where your Kubernetes system is vulnerable with threat modelling techniques
  • Focus on pods, from configurations to attacks and defenses
  • Secure your cluster and workload traffic
  • Define and enforce policy with RBAC, OPA, and Kyverno
  • Dive deep into sandboxing and isolation techniques
  • Learn how to detect and mitigate supply chain attacks
  • Explore filesystems, volumes, and sensitive information at rest
  • Discover what can go wrong when running multitenant workloads in a cluster
  • Learn what you can do if someone breaks in despite you having controls in place
 
 
 
Tools
 
github.com github.com
 
slok/tfe-drift
 
 
Automated Terraform cloud and enterprise drift detection
 
 
github.com github.com
 
alibaba/higress
 
 
Next-generation Cloud Native Gateway
 
 
github.com github.com
 
DovAmir/awesome-design-patterns
 
 
A curated list of software and architecture related design patterns.
 
 
github.com github.com
 
datreeio/CRDs-catalog
 
 
Over 100 popular Kubernetes CRDs (CustomResourceDefinition) in JSON schema format.
 
 
github.com github.com
 
aserto-dev/topaz
 
 
Cloud-native authorization for modern applications and APIs
 
 
 
Meme of the week
 
 
 

Kaptain #347: Scheduling 300,000 Kubernetes Pods in Production Daily
Legend: ✅ = editors' choice / ♻️ = Old but gold / ✨ = sponsored / 🔰 = beginner friendly

You received this email because you are subscribed to FAUN.
🐾 FAUN is a world wide community of developers 👣 We help developers learn and grow by keeping them up with what matters.

You can manage your subscription options here (recommended) or use the old way here (legacy). If you have any problem, read this or reply to this email.

Important: We are gradually migrating to a new system. If you don't create an account on FAUN (here), you will stop receiving our weekly newsletter.