Cloud Native Digest: Harbor v2.11 release
Open source projects worth checking out
Descheduler
The descheduler is a tool that can be used to optimize the placement of pods in a Kubernetes cluster. It finds pods that can be moved and evicts them, allowing the default scheduler to reschedule them onto more appropriate nodes.
Prowler
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more.
Terranetes Controller
The terraform controller manages the life cycles of a terraform resource, allowing developers to self-serve dependencies in a controlled manner.
Wireguard Operator
This project provides a painless way to deploy the WireGuard VPN on Kubernetes clusters. It aims to simplify the deployment and management of WireGuard on Kubernetes.
Technical recommendations
How to Encrypt Kubernetes Secrets?
The article discusses how to encrypt Kubernetes Secrets using AWS KMS. It first explains the basics of Kubernetes Secrets and why it’s important to encrypt them. The author then provides detailed steps on how to encrypt Secrets using AWS KMS, including: 1) creating an AWS KMS key, 2) configuring the Kubernetes cluster to use AWS KMS for Secret encryption, and 3) creating encrypted Secrets in Kubernetes. Finally, the article also mentions other methods for encrypting Kubernetes Secrets, such as using Sealed Secrets and Vault. Overall, the article provides a practical guide and approach for enhancing the security of Secrets in a Kubernetes environment by leveraging AWS KMS encryption.
Monitoring a multi-cluster Kubernetes Deployment
In this article, we will do a Terraform deployment of the Prometheus Operator, Thanos, and Grafana for multi-cluster monitoring. This setup is easily scalable, resilient to node failures, and can provide monitoring for multiple Kubernetes clusters from one Grafana instance. The main focus will be Thanos and how to aggregate data from various sources to achieve centralized real-time monitoring across multiple highly resilient clusters.
HPA vs VPA
The article discusses the autoscaling features in Kubernetes, which include:
· Cluster Autoscaler: Automatically adds or removes nodes in the cluster based on resource supply and demand.
· Horizontal Pod Autoscaler (HPA): Automatically scales workload resources like Deployments and StatefulSets based on application load, typically measured by metrics like CPU utilization.
· Vertical Pod Autoscaler (VPA): Automatically adjusts the CPU and memory requests and limits of containers based on their actual resource usage.
The article explains the pros and cons of HPA and VPA. HPA is suitable for stateless applications or stateful applications that support parallel execution, but it cannot detect underutilization at the container level. VPA, on the other hand, can optimize resource requests and limits at the container level.
What’s new in cloud native
Harbor v2.11 release — The SBOMs release
The Harbor team is thrilled to announce the release of Harbor 2.11! Packed with groundbreaking features, performance enhancements, and new integrations, this release sets a new standard for container registry management.
Exciting New Features:
· SBOM Generation and Management
· Supporting OCI Distribution Spec v1.1.0
· Integration with VolcEngine Registry
· Horbor는 한국 커뮤니티를 사랑합니다! — Korean UI Translation
ORAS v1.2.0
The ORAS project maintainers are proud to announce ORAS CLI v1.2.0 and ORAS-go v2.5.0. These two releases are ready for production use. ORAS CLI v1.2.0 introduces OCI Spec v1.1.0 support, formatted output, brand-new terminal experience with progress bar, and more!
werf 2.0
For four years, we have been developing and improving werf 1.2. Now, we are proud to unveil werf 2.0 stable! It accumulates all changes delivered to werf throughout the last 300+ releases and comes with Nelm — our new deployment engine, replacing Helm. Nelm is backward compatible with Helm, so there’s no need to make any special changes to the charts — you can use them just like before.
Cloud Native Computing Foundation and Linux Foundation Release Line-up for KubeCon + CloudNativeCon + Open Source Summit + AI_dev China 2024
Hong Kong — June 12, 2024 — The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software and Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the schedule for KubeCon + CloudNativeCon + Open Source Summit + AI_dev China. The conference will take place in Hong Kong from August 21–23, 2024, and will feature 145 sessions, including 20 maintainer track sessions.
About KubeSphere
KubeSphere is an open source container platform built on top Kubernetes with applications at its core. It provides full-stack IT automated operation and streamlined DevOps workflows.
KubeSphere has been adopted by thousands of enterprises across the globe, such as Aqara, Sina, Benlai, China Taiping, Huaxia Bank, Sinopharm, WeBank, Geko Cloud, VNG Corporation and Radore. KubeSphere offers wizard interfaces and various enterprise-grade features for operation and maintenance, including Kubernetes resource management, DevOps (CI/CD), application lifecycle management, service mesh, multi-tenant management, monitoring, logging, alerting, notification, storage and network management, and GPU support. With KubeSphere, enterprises are able to quickly establish a strong and feature-rich container platform.
To stay updated, visit our official website or follow us on Twitter.
