1_r/devopsish

Amazon CodeWhisperer is an AI code service that provides real-time code suggestions in your Integrated Development Environment (IDE) to…

The Cybersecurity and Infrastructure Security Agency (CISA) added an issue affecting a popular print management software tool to its list of exploited vulnerabilities on Friday.

The tech layoffs have now reached Red Hat with 'hundreds of jobs' being cut and the initial round of layoffs being announced today.

The text-based SQL learning game for data scientists and marketers

Learn about a new, privacy-preserving in-app telemetry system that 1Password is trialing with its employees.

"We will reduce the associate base of Red Hat over the next few weeks," CEO Matt Hicks wrote in the email. He said the layoffs would be "just under 4% in total."

After years of getting a free ride from open source projects, the company is developing its own obsession with contributing.

Author : Jeffrey Ying (Google), Antoine Pelisse (Google) Before Kubernetes v1.8 (!), typos, mis-indentations or minor errors in YAMLs could have catastrophic consequences (e.g. a typo like forgetting the trailing s in replica: 1000 could cause an outage, because the value would be ignored and missing, forcing a reset of replicas back to 1). This was solved back then by fetching the OpenAPI v2 in kubectl and using it to verify that fields were correct and present before applying. Unfortunately, at that time, Custom Resource Definitions didn’t exist, and the code was written under that assumption. When CRDs were later introduced, the lack of flexibility in the validation code forced some hard decisions in the way CRDs exposed their schema, leaving us in a cycle of bad validation causing bad OpenAPI and vice-versa. With the new OpenAPI v3 and Server Field Validation being GA in 1.27, we’ve now solved both of these problems. Server Side Field Validation offers resource validation on create, update and patch requests to the apiserver and was added to Kubernetes in v1.25, beta in v1.26 and is now GA in v1.27. It provides all the functionality of kubectl validate on the server side. OpenAPI is a standard, language agnostic interface for discovering the set of operations and types that a Kubernetes cluster supports. OpenAPI V3 is the latest standard of the OpenAPI and is an improvement upon OpenAPI V2 which has been supported since Kubernetes 1.5. OpenAPI V3 support was added in Kubernetes in v1.23, moved to beta in v1.24 and is now GA in v1.27. OpenAPI V3 What does OpenAPI V3 offer over V2 Built-in types Kubernetes offers certain annotations on fields that are not representable in OpenAPI V2, or sometimes not represented in the OpenAPI v2 that Kubernetes generate. Most notably, the "default" field is published in OpenAPI V3 while omitted in OpenAPI V2. A single type that can represent multiple types is also expressed correctly in OpenAPI V3 with the oneOf field. This includes proper representations for IntOrString and Quantity. Custom Resource Definitions In Kubernetes, Custom Resource Definitions use a structural OpenAPI V3 schema that cannot be represented as OpenAPI V2 without a loss of certain fields. Some of these include nullable, default, anyOf, oneOf, not, etc. OpenAPI V3 is a completely lossless representation of the CustomResourceDefinition structural schema. How do I use it? The OpenAPI V3 root discovery can be found at the /openapi/v3 endpoint of a Kubernetes API server. OpenAPI V3 documents are grouped by group-version to reduce the size of the data transported, the separate documents can be accessed at /openapi/v3/apis/group/version and /openapi/v3/api/v1 representing the legacy group version. Please refer to the Kubernetes API Documentation for more information around this endpoint. Various consumers of the OpenAPI have already been updated to consume v3, including the entirety of kubectl, and server side apply. An OpenAPI V3 Golang client is available in client-go . Server Side Field Validation The query parameter fieldValidation may be used to indicate the level of field validation the server should perform. If the parameter is not passed, server side field validation is in Warn mode by default. Strict: Strict field validation, errors on validation failure Warn: Field validation is performed, but errors are exposed as warnings rather than failing the request Ignore: No server side field validation is performed kubectl will skip client side validation and will automatically use server side field validation in Strict mode. Controllers by default use server side field validation in Warn mode. With client side validation, we had to be extra lenient because some fields were missing from OpenAPI V2 and we didn’t want to reject possibly valid objects. This is all fixed in server side validation. Additional documentation may be found here What's next? With Server Side Field Validation and OpenAPI V3 released as GA, we introduce more accurate representations of Kubernetes resources. It is recommended to use server side field validation over client side, but with OpenAPI V3, clients are free to implement their own validation if necessary (to “shift things left”) and we guarantee a full lossless schema published by OpenAPI. Some existing efforts will further improve the information available through OpenAPI including CEL validation and admission , along with OpenAPI annotations on built-in types. Many other tools can be built for authoring and transforming resources using the type information found in the OpenAPI v3. How to get involved? These two features are driven by the SIG API Machinery community, available on the slack channel #sig-api-machinery, through the mailing list and we meet every other Wednesday at 11:00 AM PT on Zoom. We offer a huge thanks to all the contributors who helped design, implement, and review these two features. Alexander Zielenski Antoine Pelisse Daniel Smith David Eads Jeffrey Ying Jordan Liggitt Kevin Delgado Sean Sullivan

Software Agentur aus Süddeutschland. 9 Jahre Erfahrung in der Cloud- und Webentwicklung mit Golang, Kubernetes und Javascript.

Older adults use voice assistant devices more often with training and flyers with instructions to complement their daily routine, according to a new University of Michigan study that looked at long-term usage.

For the first time evidence that attackers are exploiting Kubernetes (K8s) Role-Based Access Control (RBAC) in the wild to create backdoors.

Instead of using his time and military training for good, 21-year-old Josiah Garcia decided to become a hired gun—and failed in an epic way.

Pumpkin Sandstorm. Spandex Tempest. Charming Kitten. Is this really how we want to name the hackers wreaking havoc worldwide?

A 2TB SSD costs $150 or less, so why are companies charging us $4,000 to get a laptop with one?

Sudan is experiencing severe internet outages amid a power struggle that has pitted the army against a powerful paramilitary force in the streets of the capital Khartoum and around the country.

From supply chain security to confidential computing, Uptycs addresses the evolving landscape of cloud security

The Linux Foundation has launched a new organization to maintain and further develop TLA+, the spec language for programming.

The surprising story of the supply chain hack of VoIP provider 3CX got even crazier this week. Here's what your application security need to know.

Chicken Soup for the Soul Entertainment CEO Bill Rouhana tells THR he wants to buy the DVD business, though a Netflix source said it is not for sale, and will be wound down.

Construction of Google's campus in San Jose, California, has been halted as the company's cost-cutting efforts stifle development.

A new investigation calls out Chromebooks for their short lifespans.

The Rust Foundation is an independent non-profit organization to steward the Rust programming language and ecosystem, with a unique focus on supporting the set of maintainers that govern and develop the project.

NPR loses controversial tag, but state-controlled outlets had labels removed, too.

Ansible can great for automating routine IT tasks, but some may feel stymied by the command line. For those, here's how to install the Semaphore graphical user interface.

Modern UI for Ansible. Contribute to ansible-semaphore/semaphore development by creating an account on GitHub.

Document assesses Beijing’s ambitions to disrupt communications during wartime.

Design quirks, limited parts, and other ways Chromebooks frustrate repairs.

BuzzFeed is shutting down BuzzFeed News because it is not able to turn a profit, according to a memo CEO Jonah Peretti sent to company staff Thursday. The digital publisher is laying off 15% of its…