SHOP SAFE Act Reintroduced, Because Some Congressmembers Really Want to Kill Online Marketplaces - Technology & Marketing Law Blog
Two years ago, I covered the introduction of the SHOP SAFE Act, which would create a new species of trademark liability for online marketplaces. My 5,000 word post deconstructed the bill in detail so check it out to see what...
MOVEit maker announces new critical vulnerability affecting a different file transfer tool
The company behind a popular file transfer service that was exploited by ransomware hackers has announced a new set of vulnerabilities affecting another file transfer tool.
Pitfalls of relying on eBPF for security monitoring (and some solutions)
By Artem Dinaburg eBPF (extended Berkeley Packet Filter) has emerged as the de facto Linux standard for security monitoring and endpoint observability. It is used by technologies such as BPFTrace, …
Progress Software says business impact ‘minimal’ from MOVEit attack spree
While the company reported $951,000 in cyber incident and vulnerability response expenses for its third quarter, they represent just a sliver of its revenue.
Raspberry Pi 5 Benchmarks: Significantly Better Performance, Improved I/O Review
After a difficult few years of global supply chain woes leading to limited available and heightened retail pricing on the Raspberry Pi single board computers, today there is finally an update to the family.
iOS 17 update secretly changed your privacy settings; here's how to set them back
Many iPhone users who upgraded their iPhones to the recently-released iOS 17
will be alarmed to hear that they may have actually downgraded their security
and privacy.
Vulnerability in popular ‘libwebp’ code more widespread than expected
Initial alerts about a bug in the obscure but widely used libwebp library have expanded into concerns that it affects not only web browsers like Chrome, but also many other common pieces of software.
More AI than you can shake a stick at | Build Generative AI Applications with Foundation Models – Amazon Bedrock – #AWS
Amazon Bedrock is a fully managed service that makes leading foundation models available through an API along with a broad set of capabilities to quickly build and scale generative AI applications.
How to Be a Good Open Source Contributor During Hacktoberfest and Beyond
In anticipation of Hacktoberfest, Ashley Willis emphasizes the importance of meaningful contributions to open-source projects, sharing insights from her journey and promising to offer specific guidelines for enriching both maintainers and contributors.
Announcing GoReleaser v1.21 — mostly bug fixes | Carlos Becker
A boring release, mostly bug fixes. Boring is good.
Highlights You can now sort tags by semver in GoReleaser Pro Docker pushes will now be retried when the registry yields a 503. It’ll retry 10 times. Winget: added support for package_dependencies and update schema version to 1.5.0. GoReleaser will now run against Gerrit, Soft-Serve, and other Git providers, as long as the SCM release is disabled. You can now ignore Git tags that match a regular expression.
Can folks stop asking me for links via cold emails? K… thnx. | Google: Links No Longer A Top Three Ranking Signal
Google has been downplaying the importance of links in its ranking algorithm for the past couple of years now. But last Thursday, at PubCon, Gary Illyes from the Google Search team said he wouldn't e
Four years of building has OLSM volleyball as a D2 title contender
Ranked No. 5 in the state, OLSM showed off its talents on Thursday night when it visited Royal Oak Shrine and earned a 25-14, 25-10, 25-17 victory to move to 6-0 in the CHSL.
Author: Fabrizio Pandini (VMware)
What a journey so far!
Starting from the initial blog post “How we made Kubernetes insanely easy to install” in September 2016, followed by an exciting growth that lead to general availability / “Production-Ready Kubernetes Cluster Creation with kubeadm” two years later.
And later on a continuous, steady and reliable flow of small improvements that is still going on as of today.
What is kubeadm? (quick refresher)
kubeadm is focused on bootstrapping Kubernetes clusters on existing infrastructure and performing an essential set of maintenance tasks. The core of the kubeadm interface is quite simple: new control plane nodes
are created by running kubeadm init and
worker nodes are joined to the control plane by running
kubeadm join .
Also included are utilities for managing already bootstrapped clusters, such as control plane upgrades
and token and certificate renewal.
To keep kubeadm lean, focused, and vendor/infrastructure agnostic, the following tasks are out of its scope:
Infrastructure provisioning
Third-party networking
Non-critical add-ons, e.g. for monitoring, logging, and visualization
Specific cloud provider integrations
Infrastructure provisioning, for example, is left to other SIG Cluster Lifecycle projects, such as the
Cluster API . Instead, kubeadm covers only the common denominator
in every Kubernetes cluster: the
control plane .
The user may install their preferred networking solution and other add-ons on top of Kubernetes
after cluster creation.
Behind the scenes, kubeadm does a lot. The tool makes sure you have all the key components:
etcd, the API server, the scheduler, the controller manager. You can join more control plane nodes
for improving resiliency or join worker nodes for running your workloads. You get cluster DNS
and kube-proxy set up for you. TLS between components is enabled and used for encryption in transit.
Let's celebrate! Past, present and future of kubeadm
In all and for all kubeadm's story is tightly coupled with Kubernetes' story, and with this amazing community.
Therefore celebrating kubeadm is first of all celebrating this community, a set of people, who joined forces in finding a common ground, a minimum viable tool, for bootstrapping Kubernetes clusters.
This tool, was instrumental to the Kubernetes success back in time as well as it is today, and the silver line of kubeadm's value proposition can be summarized in two points
An obsession in making things deadly simple for the majority of the users: kubeadm init & kubeadm join, that's all you need!
A sharp focus on a well-defined problem scope: bootstrapping Kubernetes clusters on existing infrastructure. As our slogan says: keep it simple, keep it extensible!
This silver line, this clear contract, is the foundation the entire kubeadm user base relies on, and this post is a celebration for kubeadm's users as well.
We are deeply thankful for any feedback from our users, for the enthusiasm that they are continuously showing for this tool via Slack, GitHub, social media, blogs, in person at every KubeCon or at the various meet ups around the world. Keep going!
What continues to amaze me after all those years is the great things people are building on top of kubeadm, and as of today there is a strong and very active list of projects doing so:
minikube
kind
Cluster API
Kubespray
and many more; if you are using Kubernetes today, there is a good chance that you are using kubeadm even without knowing it 😜
This community, the kubeadm’s users, the projects building on top of kubeadm are the highlights of kubeadm’s 7th birthday celebration and the foundation for what will come next!
Stay tuned, and feel free to reach out to us!
Try kubeadm to install Kubernetes today
Get involved with the Kubernetes project on GitHub
Connect with the community on Slack
Follow us on Twitter @Kubernetesio for latest updates
Blog: kubeadm: Use etcd Learner to Join a Control Plane Node Safely
Author: Paco Xu (DaoCloud)
The kubeadm tool now supports etcd learner mode, which
allows you to enhance the resilience and stability
of your Kubernetes clusters by leveraging the learner mode
feature introduced in etcd version 3.4.
This guide will walk you through using etcd learner mode with kubeadm. By default, kubeadm runs
a local etcd instance on each control plane node.
In v1.27, kubeadm introduced a new feature gate EtcdLearnerMode . With this feature gate enabled,
when joining a new control plane node, a new etcd member will be created as a learner and
promoted to a voting member only after the etcd data are fully aligned.
What are the advantages of using etcd learner mode?
etcd learner mode offers several compelling reasons to consider its adoption
in Kubernetes clusters:
Enhanced Resilience : etcd learner nodes are non-voting members that catch up with
the leader's logs before becoming fully operational. This prevents new cluster members
from disrupting the quorum or causing leader elections, making the cluster more resilient
during membership changes.
Reduced Cluster Unavailability : Traditional approaches to adding new members often
result in cluster unavailability periods, especially in slow infrastructure or misconfigurations.
etcd learner mode minimizes such disruptions.
Simplified Maintenance : Learner nodes provide a safer and reversible way to add or replace
cluster members. This reduces the risk of accidental cluster outages due to misconfigurations or
missteps during member additions.
Improved Network Tolerance : In scenarios involving network partitions, learner mode allows
for more graceful handling. Depending on the partition a new member lands, it can seamlessly
integrate with the existing cluster without causing disruptions.
In summary, the etcd learner mode improves the reliability and manageability of Kubernetes clusters
during member additions and changes, making it a valuable feature for cluster operators.
How nodes join a cluster that's using the new mode
Create a Kubernetes cluster backed by etcd in learner mode
For a general explanation about creating highly available clusters with kubeadm, you can refer to
Creating Highly Available Clusters with kubeadm .
To create a Kubernetes cluster, backed by etcd in learner mode, using kubeadm, follow these steps:
# kubeadm init --feature-gates=EtcdLearnerMode=true ...
kubeadm init --config= kubeadm-config.yaml
The kubeadm configuration file is like below:
apiVersion : kubeadm.k8s.io/v1beta3
kind : ClusterConfiguration
featureGates :
EtcdLearnerMode : true
The kubeadm tool deploys a single-node Kubernetes cluster with etcd set to use learner mode.
Join nodes to the Kubernetes cluster
Before joining a control-plane node to the new Kubernetes cluster, ensure that the existing control plane nodes
and all etcd members are healthy.
Check the cluster health with etcdctl . If etcdctl isn't available, you can run this tool inside a container image.
You would do that directly with your container runtime using a tool such as crictl run and not through Kubernetes
Here is an example on a client command that uses secure communication to check the cluster health of the etcd cluster:
ETCDCTL_API = 3 etcdctl --endpoints 127.0.0.1:2379 \
--cert= /etc/kubernetes/pki/etcd/server.crt \
--key= /etc/kubernetes/pki/etcd/server.key \
--cacert= /etc/kubernetes/pki/etcd/ca.crt \
member list
...
dc543c4d307fadb9, started, node1, https://10.6.177.40:2380, https://10.6.177.40:2379, false
To check if the Kubernetes control plane is healthy, run kubectl get node -l node-role.kubernetes.io/control-plane=
and check if the nodes are ready.
Note: It is recommended to have an odd number of members in a etcd cluster.
Before joining a worker node to the new Kubernetes cluster, ensure that the control plane nodes are healthy.
What's next
The feature gate EtcdLearnerMode is alpha in v1.27 and we expect it to graduate to beta in the next
minor release of Kubernetes (v1.29).
etcd has an open issue that may make the process more automatic:
Support auto-promoting a learner member to a voting member .
Learn more about the kubeadm configuration format here.
Feedback
Was this guide helpful? If you have any feedback or encounter any issues, please let us know.
Your feedback is always welcome! Join the bi-weekly SIG Cluster Lifecycle meeting
or weekly kubeadm office hours . Or reach us via Slack (channel #kubeadm ), or the SIG's mailing list .
%2Fcdn.vox-cdn.com%2Fuploads%2Fchorus_asset%2Ffile%2F23932925%2Facastro_STK108__03.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2)
