Service Mesh - Feat. Cilium, Istio, Linkerd, and Kuma (You Choose!, Ch. 04, Ep. 08)

Service Mesh - Choose Your Own Adventure: The Observability Odyssey

In this episode, we'll go through networking and service mesh observability. The contestants are Cilium, Istio, Linkerd, and Kuma.

Vote for your choice of a tool for signing artifacts at https://cloud-native.slack.com/archives/C05M2NFNVRN. If you have not already joined CNCF Slack, you can do so from https://slack.cncf.io.

This and all other episodes are available at https://www.youtube.com/playlist?list=PLyicRj904Z9-FzCPvGpVHgRQVYJpVmx3Z.

More information about the "Choose Your Own Adventure" project including the source code and links to all the videos can be found at https://github.com/vfarcic/cncf-demo.

٩( ᐛ )و Whitney's YouTube Channel → https://www.youtube.com/@wiggitywhitney

cilium #istio #linkerd #kuma

▬▬▬▬▬▬ 🔗 Additional Info 🔗 ▬▬▬▬▬▬ 🔗 Service Mesh: https://github.com/vfarcic/cncf-demo/tree/main/manuscript/service-mesh/README.md

via YouTube https://www.youtube.com/watch?v=g-tHbIcFYTM

MQTT turns 25 – here’s how it has endured

It’s October 2024 and I’m sitting here in my creative maker studio, wearing a bright t-shirt that excitedly bellows “MQTT 25”! To my left is a top-end Bambu Lab…

October 25, 2024 at 12:26PM

via Instapaper

Location tracking of phones is out of control. Here’s how to fight back.

I KNOW WHAT YOU DID LAST SUMMER Location tracking of phones is out of control. Here’s how to fight back. Unique IDs assigned to Android and iOS devices threaten…

October 25, 2024 at 10:33AM

via Instapaper

ossf/alpha-omega: Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.

October 25, 2024 at 10:24AM

via Instapaper

immichFrame/ImmichFrame at selfh.st

October 25, 2024 at 10:13AM

via Instapaper

Bluesky's Alternate Approach to Feeds Is One of Its Best Features

October 25, 2024 at 10:10AM

via Instapaper

The enterprise verdict on AI models: Why open source will win

Image Credit: VentureBeat via StableDiffusion The enterprise world is rapidly growing its usage of open source large language models (LLMs), driven by companies…

October 24, 2024 at 02:09PM

via Instapaper

Promoting Apps to Production: How To Ensure That a Change Only Deploys to Lower Environments?

Today, we dive into ensuring changes deploy only to lower environments before hitting production. We'll explore two methods: GitOps with pull request reviews and automated policies using Kyverno or OPA Gatekeeper. Discover how signed images and Kubernetes Admission Controllers can help automate and secure your deployment pipeline, ensuring only tested and approved changes reach production. Join us as we answer @Mvvement's question on promoting applications safely. Don't forget to comment your questions below and consider joining the channel for priority responses!

DevOps #Kubernetes #GitOps #DeploymentSecurity

Consider joining the channel: https://www.youtube.com/c/devopstoolkit/join

▬▬▬▬▬▬ 🔗 Additional Info 🔗 ▬▬▬▬▬▬ 🔗 N/A: N/A

▬▬▬▬▬▬ 💰 Sponsorships 💰 ▬▬▬▬▬▬ If you are interested in sponsoring this channel, please visit https://devopstoolkit.live/sponsor for more information. Alternatively, feel free to contact me over Twitter or LinkedIn (see below).

▬▬▬▬▬▬ 👋 Contact me 👋 ▬▬▬▬▬▬ ➡ Twitter: https://twitter.com/vfarcic ➡ LinkedIn: https://www.linkedin.com/in/viktorfarcic/

▬▬▬▬▬▬ 🚀 Other Channels 🚀 ▬▬▬▬▬▬ 🎤 Podcast: https://www.devopsparadox.com/ 💬 Live streams: https://www.youtube.com/c/DevOpsParadox

via YouTube https://www.youtube.com/watch?v=8WkFgLDCQg8

AWS CDK Risk: Exploiting a Missing S3 Bucket Allowed Account Takeover

October 24, 2024 at 11:21AM

via Instapaper

• YouTube

October 24, 2024 at 11:02AM

via Instapaper

Week Ending October 20, 2024

https://lwkd.info/2024/20241022

Developer News

Join other members of your SIG for the Kubernetes SIG Meet & Greet & Lunch & Learn at Kubecon on Nov 14th. Sign up to table for your SIG.

If you are a SIG lead, please also add callouts for the Summit opening session to find new contributors for your SIG.

The Summit Social will be at Flanker and will have the usual fun & games. Unusually, due to Utah law, you will be required to bring an ID/passport. Also, the Summit is still looking for volunteers to help staff.

Release Schedule

Next Deadline: Docs placeholder PRs deadline, October 24

We are now in Enhancements Freeze, and Alpha2 has been released. For those working on 1.32 enhancements and documentation updates, now’s the time to open your PR against dev-1.32 on the kubernetes/website repo. It would be awesome if full docs are ready, but a placeholder PR will keep your contribution on track. Final exceptions for missed Enhancements are due on Monday.

October patch releases were delayed due to Go update issues. They are available now for v1.28.15, v1.29.10, v1.30.6, and v1.31.2.

KEP of the Week

KEP 784: Kube Proxy component configuration graduation

This KEP proposes a plan to graduate kube-proxy’s component configuration to beta, addressing its current complexity. Originally configured via command-line flags, kube-proxy’s config became difficult to manage as new features were added, staying in v1alpha1. The current format is hard to use, with poorly grouped options and inconsistencies, making restructuring and stabilization necessary.

This KEP is tracked for alpha release in the ongoing v1.32 cycle.

Other Merges

scheduler_perf test cases added for NodeUpdate event handling

Apply fsGroup policy for ReadWriteOncePod volumes

Fix AssignedPodUpdated in scheduler to check if the incoming events are scale down events

Removed legacy cloud provider integration code from kube-controller-manager

Fix for 1.31 regression that can crash kube-controller-manager’s service-lb-controller loop

Clarification for API validation error for toleration if operator is Exists and value is not empty

Fix for kubelet wrongly dropping the QOSClass field of the Pod’s status when it rejects a Pod

Image pull error used in messages during back-off

Fix for failing storage e2e test

Improvements to CSILimits plugin accuracy by using VolumeAttachments

Added kubelet support for systemd watchdog integration

More fine-grained QHints for podtopologyspread plugin

Add e2e test for custom profile in kubectl debug

container_aligned_compute_resources_count metric added to kubelet to report containers getting aligned compute resources

corev1.Binding deprecation message removed

kubeadm removes preflight check for existence of conntrack binary

e2e tests added for ClusterTrustBundle to prepare promotion to beta

Fixed issue in the kubelet that showed when writeable layers and read-only layers were at different paths within the same mount

Fine-grained kubelet API authorization checks added for kubelet /configz, /healthz and /pods API

CRI adds field to support CPU affinity on Windows

Refactor for node shutdown manager

Promotions

StructuredAuthorizationConfiguration to GA

ServiceAccountTokenJTI, ServiceAccountTokenPodNodeInfo and ServiceAccountTokenNodeBindingValidation to GA

AuthorizeNodeWithSelectors and AuthorizeWithSelectors to beta

RelaxedEnvironmentVariableValidation to beta

Deprecated

PostStartHookContext.StopCh removed

Version Updates

publishing-bot rules updated to Go 1.22.8

via Last Week in Kubernetes Development https://lwkd.info/

October 22, 2024 at 12:30PM

octodns/octodns: Tools for managing DNS across multiple providers

DNS as code - Tools for managing DNS across multiple providers In the vein of infrastructure as code octoDNS provides a set of tools & patterns that make it…

October 23, 2024 at 07:26AM

via Instapaper