Cloud Native Digest: Harbor v2.11 release

KubeSphere
4 min readJun 17, 2024

--

Open source projects worth checking out

Descheduler

The descheduler is a tool that can be used to optimize the placement of pods in a Kubernetes cluster. It finds pods that can be moved and evicts them, allowing the default scheduler to reschedule them onto more appropriate nodes.

Prowler

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more.

Terranetes Controller

The terraform controller manages the life cycles of a terraform resource, allowing developers to self-serve dependencies in a controlled manner.

Wireguard Operator

This project provides a painless way to deploy the WireGuard VPN on Kubernetes clusters. It aims to simplify the deployment and management of WireGuard on Kubernetes.

Technical recommendations

How to Encrypt Kubernetes Secrets?

The article discusses how to encrypt Kubernetes Secrets using AWS KMS. It first explains the basics of Kubernetes Secrets and why it’s important to encrypt them. The author then provides detailed steps on how to encrypt Secrets using AWS KMS, including: 1) creating an AWS KMS key, 2) configuring the Kubernetes cluster to use AWS KMS for Secret encryption, and 3) creating encrypted Secrets in Kubernetes. Finally, the article also mentions other methods for encrypting Kubernetes Secrets, such as using Sealed Secrets and Vault. Overall, the article provides a practical guide and approach for enhancing the security of Secrets in a Kubernetes environment by leveraging AWS KMS encryption.

Monitoring a multi-cluster Kubernetes Deployment

In this article, we will do a Terraform deployment of the Prometheus Operator, Thanos, and Grafana for multi-cluster monitoring. This setup is easily scalable, resilient to node failures, and can provide monitoring for multiple Kubernetes clusters from one Grafana instance. The main focus will be Thanos and how to aggregate data from various sources to achieve centralized real-time monitoring across multiple highly resilient clusters.

HPA vs VPA

The article discusses the autoscaling features in Kubernetes, which include:

· Cluster Autoscaler: Automatically adds or removes nodes in the cluster based on resource supply and demand.
· Horizontal Pod Autoscaler (HPA): Automatically scales workload resources like Deployments and StatefulSets based on application load, typically measured by metrics like CPU utilization.
· Vertical Pod Autoscaler (VPA): Automatically adjusts the CPU and memory requests and limits of containers based on their actual resource usage.

The article explains the pros and cons of HPA and VPA. HPA is suitable for stateless applications or stateful applications that support parallel execution, but it cannot detect underutilization at the container level. VPA, on the other hand, can optimize resource requests and limits at the container level.

What’s new in cloud native

Harbor v2.11 release — The SBOMs release

The Harbor team is thrilled to announce the release of Harbor 2.11! Packed with groundbreaking features, performance enhancements, and new integrations, this release sets a new standard for container registry management.

Exciting New Features:

· SBOM Generation and Management
· Supporting OCI Distribution Spec v1.1.0
· Integration with VolcEngine Registry
· Horbor는 한국 커뮤니티를 사랑합니다! — Korean UI Translation

ORAS v1.2.0

The ORAS project maintainers are proud to announce ORAS CLI v1.2.0 and ORAS-go v2.5.0. These two releases are ready for production use. ORAS CLI v1.2.0 introduces OCI Spec v1.1.0 support, formatted output, brand-new terminal experience with progress bar, and more!

werf 2.0

For four years, we have been developing and improving werf 1.2. Now, we are proud to unveil werf 2.0 stable! It accumulates all changes delivered to werf throughout the last 300+ releases and comes with Nelm — our new deployment engine, replacing Helm. Nelm is backward compatible with Helm, so there’s no need to make any special changes to the charts — you can use them just like before.

Cloud Native Computing Foundation and Linux Foundation Release Line-up for KubeCon + CloudNativeCon + Open Source Summit + AI_dev China 2024

Hong Kong — June 12, 2024 — The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software and Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the schedule for KubeCon + CloudNativeCon + Open Source Summit + AI_dev China. The conference will take place in Hong Kong from August 21–23, 2024, and will feature 145 sessions, including 20 maintainer track sessions.

About KubeSphere

KubeSphere is an open source container platform built on top Kubernetes with applications at its core. It provides full-stack IT automated operation and streamlined DevOps workflows.

KubeSphere has been adopted by thousands of enterprises across the globe, such as Aqara, Sina, Benlai, China Taiping, Huaxia Bank, Sinopharm, WeBank, Geko Cloud, VNG Corporation and Radore. KubeSphere offers wizard interfaces and various enterprise-grade features for operation and maintenance, including Kubernetes resource management, DevOps (CI/CD), application lifecycle management, service mesh, multi-tenant management, monitoring, logging, alerting, notification, storage and network management, and GPU support. With KubeSphere, enterprises are able to quickly establish a strong and feature-rich container platform.

To stay updated, visit our official website or follow us on Twitter.

--

--

KubeSphere

KubeSphere (https://kubesphere.io) is an open source distributed operating system providing cloud native stack with Kubernetes as its kernel.