Shulou(Shulou.com)06/02 Report--

Author | Wang Siyu, Chen Jie, ao Xiaojian

Industry news that Falco enters the CNCF Incubator project

Originally entered sandbox in August 2018, it aims to support the configuration of rules in the Kubernetes runtime environment to enhance application security and reduce risk.

Kubernetes v1.17.1 release

Resolve some cloud provider and kubelet related issues, such as:

Kubelet update Pod ready status failed kubelet cleanup Pod volumes occurred panicCFP 2020 K8s Contributor Summit Amsterdam started soliciting talk

It will be held at the same time as KubeCon 2020 EU. K8s contributor is welcome to attend the meeting.

Istio 1.14.3 release

Istio released version 1.4.3, which fixes some bug to improve system robustness and user experience.

Important upstream advances KubenetesLoadBalancer Service supports many different protocol types of port

Currently, multiple port can be written to a LoadBalancer Service, but these port must be of the same type, such as tcp or udp. This PR allows many different types of port to be defined in a LoadBalancer Service to support service services provided by different cloud vendors. (corresponding PR)

Resolve configuration issues for component-specific ComponentConfig

ComponentConfig is to support the writing of Kubernetes-style configuration files to various Kubernetes core components as startup configuration, rather than directly through the command line parameter configuration, this KEP is to solve the specific configuration problems of different components when writing ComponentConfig.

Add release api interface to device manager

Add release interface to Kubelet devicemanager to support device plugin to release devices that have been assigned to Pod.

Type Manager interface {/ /... / / Release release devices allocated to pods. Add conditions to Release (pod * v1.Pod) error} PDB status

Conditions is used to report some status information of the current PDB, such as PodDisruptionBudgetFailure (Failure), and for disruption controller to report status identification during the failSafe phase.

Type PodDisruptionBudgetStatus struct {/ /... / / Conditions represents the latest available observations of a PDB's current state. / / + patchMergeKey=type / / + patchStrategy=merge Conditions [] PodDisruptionBudgetCondition} Istio enables TCP metadata exchange for Telemetry V2

Telemetry V2 relies on the exchange of metadata between peer agents so that they can produce rich telemetry information without relying on side lookup. Istio 1.4 uses "x-envoy-peer-metadata" http header to support the metadata exchange of http traffic. Istio 1.5 will support the exchange of metadata for TCP traffic, a proposal that has been approved.

Implement deny and exclude in AuthorizationPolicy

The Istioi community proposes to change the API of AuthorizationPolicy to support deny and exclude semantics. Goals include support for rejecting requests by using AuthorizationPolicy and support for negative matching (not_XXX) in AuthorizationPolicy. Users do not need to copy or modify their existing policies to use the new features.

Verifiable custom properties

In addition to the SPIFFE identity (service account and namespace), customers are allowed to create and use verifiable custom attributes in the Istio authorization. The current proposal is still in its early stages, discussing motivations and use cases, collecting feedback, and has not yet begun to design.

Flux is recommended for open source projects

An operator (CNCF sandbox project) for GitOps processes, which supports listening for Git changes and automatically triggering a series of operations such as packaging and deployment.

Kubeless

Serverless framework that conforms to the native Kubernetes mode. After installing the deployment, you only need to submit the code written by yourself and rely on it to kubeless cli, and kubeless is responsible for the deployment and operation.

Read the recommended "Manage Thousands of Clusters with GitOps and the Cluster API" this week.

How the Weaveworks team manages thousands of Kubernetes clusters through GitOps and Cluster API. Among them, GitOps uses the Flux tool introduced in the above open source project recommendation to open up the GitOps link, and combined with Cluster API to form a GitOps mode of multi-cluster management.

"Vault replication across multiple datacenters on Kubernetes"

This article describes how to manage Vault clusters across multiple data centers based on Kubernetes.

"Kubernetes Networking Demystified-A Brief Guide"

Starting from a network connection, this paper introduces all kinds of network links and configurations in Kubernetes, including Service, Load balancer, kube-proxy, Pod network, etc., which are recommended to students who are interested in Kubernetes network mechanism.

"getting started with K8s from scratch | GPU management and Device Plugin working mechanism"

This paper mainly introduces the management mode of GPU in K8s, how to configure GPU for container, and the working principle of corresponding Extended Resource and Device Plugin.

"K8s practice | how to solve the problem of security isolation of multi-tenant clusters? "

How to solve the problem of security isolation of multi-tenant clusters is a key problem in the cloud of enterprises. This paper mainly introduces the basic concepts and common application forms of Kubernetes multi-tenant clusters, as well as the relevant schemes to quickly implement multi-tenant clusters based on the existing security management capabilities of Kubernetes native and ACK clusters under the business scenario of sharing clusters within enterprises.

Cloud Native practice Summit is about to open

"Alibaba Cloud Native focus on micro services, Serverless, containers, Service Mesh and other technology areas, focus on cloud native popular technology trends, cloud native large-scale landing practice, to be the official account of cloud native developers."

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.