Introduction | Dalec

Dalec is a project aimed at providing a declarative format for building system packages and containers from those packages. Our goal is to provide a secure and…

August 29, 2024 at 10:55AM

via Instapaper

will-moss/isaiah: Self-hostable clone of lazydocker for the web. Manage your Docker fleet with ease

August 29, 2024 at 10:55AM

via Instapaper

Week Ending August 25, 2024

https://lwkd.info/2024/20240828

Developer News

KubeCon + CloudNativeCon + Open Source Summit China 2024 happened last week in Hong Kong. The event had various talks on AI, running AI workloads on Kubernetes and the CNCF ecosystem, and updates from various maintainers of different CNCF projects. There was also a keynote by Linus Torvalds. Videos will be posted in the CNCF YouTube channel soon.

Release Schedule

Next Deadline: 1.32 cycle begins, September 9

We’re in the period between releases. Shadow applications for the v1.32 release team are open until September 6. The tentative dates for the v1.32 cycle are from September 9th to December 11th, 2024.

Featured PRs

126745: Improve PVC protection controller’s scalability by batch-processing PVCs by namespace & caching live pod list results [fixed dead loop issue with idle work queue]

This PR significantly enhances the scalability of the PVC Protection Controller by implementing batch processing of PVCs by namespace and caching live pod list results. It resolves a critical dead loop issue in the idle work queue and addresses performance bottlenecks in large clusters by reducing the number of API calls required for PVC deletion. As a result, the kube-controller-manager’s CPU usage is optimized, ensuring more efficient and reliable operation, especially in environments with high pod and PVC churn.

KEP of the Week

KEP 3998: Job success/completion policy

This (KEP) aims to enhance Indexed Jobs by allowing custom success criteria, so a job can be marked as succeeded based on specific pod indexes, such as leader pods, rather than requiring all pods to succeed. It supports distributed computing frameworks like MPI and PyTorch, where only certain pods determine job success. The proposal does not alter the default behavior for jobs without a SuccessPolicy or extend this feature to NonIndexed Jobs in its first iteration.

This KEP is tracked for beta release in v1.31.

Other Merges

kubeadm now sorts the result of MergeKubeadmEnvVars, and allows mixing of flags `–print-manifest and –config

Printer unit tests added for DRA resources

transformation_operations_total metric gets additional resource label

pkg/kubelet/cm/dra migrated to contextual logging

Fix for estimated cost for Kubernetes defined CEL types for equals

Common apiserver for all testcases in CEL tests

kube-scheduler removes non-csi volumelimit plugins

Scheduling throughput thresholds set in scheduler_perf tests

Fix to DRA with structured params to make unschedulable pods schedulable again after ResourceSlice cluster events

kube-proxy now uses field-selector clusterIP!=None on Services to avoid watching for Headless Services

NominatedPodsForNode moved to scheduling queue to make the invocations more direct

Events cached in the scheduling queue are cleared as soon as possible when SchedulerQueueingHints is enabled so that scheduler consumes less memory.

New e2e tests for Node endpoints

Deprecated

Graduated feature gates being removed: ValiatingAdmissionPolicy, StableLoadBalancerNodeSet, CloudDualStackNodeIPs, LegacyServiceAccountTokenCleanUp

kubeadm removes the deprecated flag ‘–experimental-output’

kubeadm removes the deprecated sub-phase of ‘init kubelet-finilize’ called experimental-cert-rotation

Version Updates

corefile-migration to v1.0.24

Subprojects and Dependency Updates

prometheus v2.54.1 allow multiple samples on same series, with explicit timestamps

containerd v1.7.21 regenerate introspection UUID if state is empty

grpc v1.66.1 enable EDS dualstack support by default; also v1.66.0

via Last Week in Kubernetes Development https://lwkd.info/

August 28, 2024 at 07:00PM

Software Licensing Changes and Their Impact on Financial Outcomes

Another day, another rug pull. At least that’s what the cynical might say, as we as an industry once again are discussing the fallout of another company…

August 27, 2024 at 11:04AM

via Instapaper

Abusing Distroless containers: shell commands on shell-less containers, with Harsha Koushik

https://kube.fm/abusing-distroless-harsha

In this KubeFM episode, Harsha explores the intricacies of Kubernetes security, focusing on the benefits and misconceptions of Distroless container images and the broader aspects of container security.

You will learn:

The advantages and limitations of Distroless container images: understand why these images are smaller, have a reduced attack surface and are not inherently secure.

Best practices for container security: gain insights into selecting base images, managing dependencies, and fortifying your infrastructure at every layer.

Supply chain security: explore how the supply chain can be an attack vector and the importance of signing artifacts and validating sources.

Emerging Kubernetes tools and future projects: discover the latest tools Harsha is monitoring and get a sneak peek into his upcoming projects, including a new podcast and a tool for simulating multistage attacks in cloud-native environments.

Sponsor

This episode is sponsored by Learnk8s — estimate the perfect cluster node with the Kubernetes Instance Calculator

More info

Find all the links and info for this episode here: https://kube.fm/abusing-distroless-harsha

Interested in sponsoring an episode? Learn more.

via KubeFM https://kube.fm

August 27, 2024 at 08:00AM

Automate Everything: How One Manifest Powers Your Entire DevOps Pipeline

Dive into the essentials of setting up developer platform and enabling developers to start new projects effortlessly. In this video, we explore how to create a seamless interface for developers using Crossplane, GitHub, and Argo CD. Learn how to automate repository creation, CI pipelines, GitOps integration, and database provisioning with a single manifest. Follow along as we demonstrate the entire process from setup to deployment, ensuring everything is secure, automated, and stored in Git. Perfect for developers looking to streamline their workflow and focus on coding. Watch now to simplify your development journey!

DeveloperTools #GitOps #Crossplane #ArogCD #GitHub

▬▬▬▬▬▬ 🔗 Additional Info 🔗 ▬▬▬▬▬▬ ➡ Transcript and commands: https://devopstoolkit.live/internal-developer-platforms/automate-everything-how-one-manifest-powers-your-entire-devops-pipeline 🔗 Crossplane: https://crossplane.io 🔗 Argo CD: https://argoproj.github.io/cd 🎬 Crossplane Compositions | Tutorial (Part 3): https://youtu.be/X7E6YfXWgvE 🎬 Crossplane Tutorial: https://youtube.com/playlist?list=PLyicRj904Z99i8U5JaNW5X3AyBvfQz-16 🎬 Exploring KCL: Configuration and Data Structure Language; CUE and Pkl Replacement?: https://youtu.be/Gn6btuH3ULw 🎬 Crossplane Composition Functions | Tutorial (Part 5): https://youtu.be/XSzKs97Ls4g

▬▬▬▬▬▬ 💰 Sponsorships 💰 ▬▬▬▬▬▬ If you are interested in sponsoring this channel, please use https://calendar.app.google/Q9eaDUHN8ibWBaA7A to book a timeslot that suits you, and we'll go over the details. Or feel free to contact me over Twitter or LinkedIn (see below).

▬▬▬▬▬▬ 👋 Contact me 👋 ▬▬▬▬▬▬ ➡ Twitter: https://twitter.com/vfarcic ➡ LinkedIn: https://www.linkedin.com/in/viktorfarcic/

▬▬▬▬▬▬ 🚀 Other Channels 🚀 ▬▬▬▬▬▬ 🎤 Podcast: https://www.devopsparadox.com/ 💬 Live streams: https://www.youtube.com/c/DevOpsParadox

▬▬▬▬▬▬ ⏱ Timecodes ⏱ ▬▬▬▬▬▬ 00:00 Introduction 02:08 One Manifest For Everything 11:36 What Happened and How Did It Happen?

via YouTube https://www.youtube.com/watch?v=IEgXJEkjBZ0