Cloud Native Digest: LitmusChaos audit complete
Open source projects worth checking out
Gardener
Gardener implements the automated management and operation of Kubernetes clusters as a service and provides a fully validated extensibility framework that can be adjusted to any programmatic cloud or infrastructure provider.
Grafana Mimir
Grafana Mimir provides horizontally scalable, highly available, multi-tenant, long-term storage for Prometheus.
Terragrunt
Terragrunt is a flexible orchestration tool that allows Infrastructure as Code written in OpenTofu/Terraform to scale.
Cluster Template
A template for deploying a Talos Kubernetes cluster including Flux for GitOps.
Volcano
Volcano is a batch system built on Kubernetes. It provides a suite of mechanisms that are commonly required by many classes of batch & elastic workload including: machine learning/deep learning, bioinformatics/genomics and other “big data” applications. These types of applications typically run on generalized domain frameworks like TensorFlow, Spark, Ray, PyTorch, MPI, etc, which Volcano integrates with.
Technical recommendations
Authentication and Authorization with ISTIO and OPA on Kubernetes
This article discusses the process of implementing authentication and authorization on Kubernetes using Istio and OPA (Open Policy Agent). First, it introduces Istio as a service mesh platform that manages service-to-service traffic and security policies. Next, it presents OPA as a policy engine capable of defining and enforcing complex access control policies. The article provides a detailed explanation of how to configure the integration of Istio with OPA, including how to define authorization policies with OPA and apply these policies within Istio to achieve fine-grained access control and security management. Finally, the article emphasizes the effectiveness of this integration method in enhancing the security of services in a Kubernetes environment.
Python Performance in Kubernetes: HTTP Libraries vs. Kubernetes Clients
The article compares the performance of different Python libraries in a Kubernetes environment. It primarily contrasts HTTP libraries (such as `requests` and `httpx`) with Kubernetes client libraries (like `kubernetes-py` and `k8s`) in terms of performance.
The article starts by outlining the testing environment and methodology, including the creation of test cases to evaluate the response times and throughput of each library. It then compares the efficiency of HTTP libraries versus Kubernetes client libraries in sending requests, processing responses, and interacting with the Kubernetes API. The results show that Kubernetes client libraries offer higher performance and better integration capabilities when handling Kubernetes-specific operations, while HTTP libraries perform better in general request handling.
In conclusion, the article recommends using Kubernetes client libraries for tasks involving Kubernetes operations, as they provide optimized performance and functionality for such use cases.
What’s new in cloud native
LitmusChaos audit complete
With the help of 7ASecurity and the Cloud Native Computing Foundation, this project can continue to provide secure chaos testing environments for developers.
This engagement was a whitebox security review paired with pentesting performed by the team at 7ASecurity. The audit report emphasizes that despite the number and severity of the findings of this audit, LitmusChaos has well-implemented security efforts that reflect well on the function, build, and maintenance of the project. LitmusChaos’s maintainers have provided proof of fixes for all issues related to this audit, which have been verified by 7ASecurity and are available in the audit report.
Orca Security Launches First K8s Testing/Staging Environment
The Orca Research Pod has created KTE, an open source Kubernetes Testing Environment for AWS (EKS), Microsoft Azure (AKS), and Google Cloud (GKE), to help organizations improve their Kubernetes security by providing a safe and controlled space to identify and address potential vulnerabilities before they affect production systems.
About KubeSphere
KubeSphere is an open source container platform built on top Kubernetes with applications at its core. It provides full-stack IT automated operation and streamlined DevOps workflows.
KubeSphere has been adopted by thousands of enterprises across the globe, such as Aqara, Sina, Benlai, China Taiping, Huaxia Bank, Sinopharm, WeBank, Geko Cloud, VNG Corporation and Radore. KubeSphere offers wizard interfaces and various enterprise-grade features for operation and maintenance, including Kubernetes resource management, DevOps (CI/CD), application lifecycle management, service mesh, multi-tenant management, monitoring, logging, alerting, notification, storage and network management, and GPU support. With KubeSphere, enterprises are able to quickly establish a strong and feature-rich container platform.
To stay updated, visit our official website or follow us on Twitter.
