Welcome!
What a week it was. KubeCon EU 2020 was this past week. And amongst all the announcements there was a lot of activity and interaction too. Two things I realized this week were, first, y’all are really bubble gumming and duct taping clusters together into production like it’s no big deal just waiting to be bit by something. Second, the Kubernetes community is really an amazing bunch of people, in general.
I asked what some folks thought were the highlights of the week’s festivities and I’d like to share those here:
Alexis “Horgix” Chotard said, “The openness and transparency of Case Studies, especially the one from @milesbxf and @suhailpatel here
Joshua Bezaleel said, “Holly Cummins keynote on climate. That was amazing.”
There was a ton of praise for Ian Coldwater and Brad Geesaman’s talk, Advanced Persistence Threats: The Future of Kubernetes Attacks. Ian Coldwater was the talk of the conference pretty much.
I have no idea when any of these talks are going to be publicly available. But, you can log back into the terrible platform and watch the talks and keynotes on-demand at the moment.
DevOps’ish is brought to you by Accurics. They have recently released a rewrite of Terrascan that uses the incubating Cloud Native Computing Foundation project, Open Policy Agent.
People
Mozilla is dead
“If the official news and the unofficial information come true, I believe that Mozilla will die. Ciao Firefox, ciao Thunderbird. Sorry. Also goodbye to all other products that nobody ordered.” Pocket is a critical tool in the workflow for DevOps’ish (and yes, I pay for it).
Thinking of Skipping Vacation? Don’t!
Definitely been mulling this one over given the current state of the world. This article convinced me to take more time off. I’ll be taking a week off at some point in the fall I think.
Open-source earthquake alert system aims to revolutionize seismic monitoring
“As sensors are deployed around the globe, the open-source project aims to improve current earthquake detection and alert systems and using machine learning and other technologies.”
Atlassian tells employees they can work from home indefinitely
To an extent, a lot of companies are going to go this route as companies look at how operations have gone and how soon they can get out of leases. Also, I’m grounded until July 2021 at the earliest.
Equal access to tech can reduce poverty and increase diversity
“We need to remove the barriers of access to education, technology and career advancement that are keeping people of color from the same opportunities and achievements others enjoy. Even helping one kid in this way would be amazing. This would be one of the greatest hacks ever.”
Process
Softbank confirms talks to offload Arm as it posts rebound profit
Arm being sold is going to be a game changer. The new owner will have the future of computing in their hands (if they don’t screw it up).
Scribd acquires presentation-sharing service SlideShare from LinkedIn
This is good news so long as they actually decouple it from LinkedIn and allow alternative login methods.
Webinar | Empower DevOps and Security Teams with Kubernetes-native Security
Startups and enterprises alike are embracing containerization and Kubernetes, but security struggles to move at the pace of DevOps, bogged down by tools and processes not suited for cloud-native technology. Register for this webinar where cloud-native security experts from AWS, Informatica, and StackRox will discuss how to apply Kubernetes-native security and controls to protect containers and Kubernetes without slowing down application development and rollout. Date: Sep 03, 2020 | 10 AM PDT SPONSORED
Intel Publishes 18 New Security Advisories For 52 Vulnerabilities
If it has the word Intel on it, patch it.
A college kid created a fake, AI-generated blog. It reached #1 on Hacker News
Proof that we’re all just gullible meat sacks. “It was super easy actually,“ he says, “which was the scary part.”
NSA discloses new Russian-made Drovorub malware targeting Linux
“The malicious framework has various modules that ensure stealthiness, persistence, and complete access to the compromised machine with the highest privileges.”
Tools
Introducing Hierarchical Namespaces
Yo dawg, I heard your namespaces need namespaces. “In its simplest form, a hierarchical namespace is a regular Kubernetes namespace that contains a small custom resource that identifies a single, optional, parent namespace. This establishes the concept of ownership across namespaces, not just within them.”
Introducing Tekton Hub
Tekton Hub provides a central hub for searching and sharing Tekton resources across many distributed Tekton catalogs hosted by various organizations and teams.
pomerium/pomerium
Pomerium is an identity-aware access proxy. They’re marketing this as “a VPN alternative.”
Crunchy PostgreSQL for Kubernetes
Crunchy PostgreSQL for Kubernetes takes your favorite database (Postgres) and makes it easy to run on K8s. Includes HA, backups, and monitoring. Need extra support or architectural guidance? Reach out to Crunchy Data and learn how we can help with your Postgres needs. SPONSORED
How the Cortex and Thanos projects collaborate to make scaling Prometheus better for all
“Thanos now supports a push-based model via its recently introduced receiver component, and many improvements have been done both in terms of scalability and performances. Likewise, Cortex’s operational complexity has been significantly reduced: we introduced the single binary mode, removed some external dependencies, and worked hard to improve the documentation.”
Create a wifi hotspot with Raspberry Pi 3 and Fedora
I could easily see how this would come in handy in many ways. When I start traveling again, I might be packing one of these.
Moving from docker-compose to Podman pods
“Follow the migration of a virtual machine from Docker to Podman.”
Under the hood of Linkerd’s state-of-the-art Rust proxy, Linkerd2-proxy
You’re going to start seeing a lot more love for Linkerd here. “‘Unlike general purpose proxies such as Envoy, NGINX, and haproxy, the open source Linkerd2-proxy is designed to do only one thing and do it better than anyone else: be a service mesh sidecar proxy.’”
aquasecurity/trivy
A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI
DevOps’ish Tweet of the Week
Want more? Be sure to check out the notes from this week’s issue to see what didn’t make it to the newsletter.