Suggested Reads

A boring release, mostly bug fixes. Boring is good. Highlights You can now sort tags by semver in GoReleaser Pro Docker pushes will now be retried when the registry yields a 503. It’ll retry 10 times. Winget: added support for package_dependencies and update schema version to 1.5.0. GoReleaser will now run against Gerrit, Soft-Serve, and other Git providers, as long as the SCM release is disabled. You can now ignore Git tags that match a regular expression.

Google has been downplaying the importance of links in its ranking algorithm for the past couple of years now. But last Thursday, at PubCon, Gary Illyes from the Google Search team said he wouldn't e

A terminal Flamegraph viewer. Contribute to laixintao/flameshow development by creating an account on GitHub.

Ranked No. 5 in the state, OLSM showed off its talents on Thursday night when it visited Royal Oak Shrine and earned a 25-14, 25-10, 25-17 victory to move to 6-0 in the CHSL.

Author: Fabrizio Pandini (VMware) What a journey so far! Starting from the initial blog post “How we made Kubernetes insanely easy to install” in September 2016, followed by an exciting growth that lead to general availability / “Production-Ready Kubernetes Cluster Creation with kubeadm” two years later. And later on a continuous, steady and reliable flow of small improvements that is still going on as of today. What is kubeadm? (quick refresher) kubeadm is focused on bootstrapping Kubernetes clusters on existing infrastructure and performing an essential set of maintenance tasks. The core of the kubeadm interface is quite simple: new control plane nodes are created by running kubeadm init and worker nodes are joined to the control plane by running kubeadm join . Also included are utilities for managing already bootstrapped clusters, such as control plane upgrades and token and certificate renewal. To keep kubeadm lean, focused, and vendor/infrastructure agnostic, the following tasks are out of its scope: Infrastructure provisioning Third-party networking Non-critical add-ons, e.g. for monitoring, logging, and visualization Specific cloud provider integrations Infrastructure provisioning, for example, is left to other SIG Cluster Lifecycle projects, such as the Cluster API . Instead, kubeadm covers only the common denominator in every Kubernetes cluster: the control plane . The user may install their preferred networking solution and other add-ons on top of Kubernetes after cluster creation. Behind the scenes, kubeadm does a lot. The tool makes sure you have all the key components: etcd, the API server, the scheduler, the controller manager. You can join more control plane nodes for improving resiliency or join worker nodes for running your workloads. You get cluster DNS and kube-proxy set up for you. TLS between components is enabled and used for encryption in transit. Let's celebrate! Past, present and future of kubeadm In all and for all kubeadm's story is tightly coupled with Kubernetes' story, and with this amazing community. Therefore celebrating kubeadm is first of all celebrating this community, a set of people, who joined forces in finding a common ground, a minimum viable tool, for bootstrapping Kubernetes clusters. This tool, was instrumental to the Kubernetes success back in time as well as it is today, and the silver line of kubeadm's value proposition can be summarized in two points An obsession in making things deadly simple for the majority of the users: kubeadm init & kubeadm join, that's all you need! A sharp focus on a well-defined problem scope: bootstrapping Kubernetes clusters on existing infrastructure. As our slogan says: keep it simple, keep it extensible! This silver line, this clear contract, is the foundation the entire kubeadm user base relies on, and this post is a celebration for kubeadm's users as well. We are deeply thankful for any feedback from our users, for the enthusiasm that they are continuously showing for this tool via Slack, GitHub, social media, blogs, in person at every KubeCon or at the various meet ups around the world. Keep going! What continues to amaze me after all those years is the great things people are building on top of kubeadm, and as of today there is a strong and very active list of projects doing so: minikube kind Cluster API Kubespray and many more; if you are using Kubernetes today, there is a good chance that you are using kubeadm even without knowing it 😜 This community, the kubeadm’s users, the projects building on top of kubeadm are the highlights of kubeadm’s 7th birthday celebration and the foundation for what will come next! Stay tuned, and feel free to reach out to us! Try kubeadm to install Kubernetes today Get involved with the Kubernetes project on GitHub Connect with the community on Slack Follow us on Twitter @Kubernetesio for latest updates

Author: Paco Xu (DaoCloud) The kubeadm tool now supports etcd learner mode, which allows you to enhance the resilience and stability of your Kubernetes clusters by leveraging the learner mode feature introduced in etcd version 3.4. This guide will walk you through using etcd learner mode with kubeadm. By default, kubeadm runs a local etcd instance on each control plane node. In v1.27, kubeadm introduced a new feature gate EtcdLearnerMode . With this feature gate enabled, when joining a new control plane node, a new etcd member will be created as a learner and promoted to a voting member only after the etcd data are fully aligned. What are the advantages of using etcd learner mode? etcd learner mode offers several compelling reasons to consider its adoption in Kubernetes clusters: Enhanced Resilience : etcd learner nodes are non-voting members that catch up with the leader's logs before becoming fully operational. This prevents new cluster members from disrupting the quorum or causing leader elections, making the cluster more resilient during membership changes. Reduced Cluster Unavailability : Traditional approaches to adding new members often result in cluster unavailability periods, especially in slow infrastructure or misconfigurations. etcd learner mode minimizes such disruptions. Simplified Maintenance : Learner nodes provide a safer and reversible way to add or replace cluster members. This reduces the risk of accidental cluster outages due to misconfigurations or missteps during member additions. Improved Network Tolerance : In scenarios involving network partitions, learner mode allows for more graceful handling. Depending on the partition a new member lands, it can seamlessly integrate with the existing cluster without causing disruptions. In summary, the etcd learner mode improves the reliability and manageability of Kubernetes clusters during member additions and changes, making it a valuable feature for cluster operators. How nodes join a cluster that's using the new mode Create a Kubernetes cluster backed by etcd in learner mode For a general explanation about creating highly available clusters with kubeadm, you can refer to Creating Highly Available Clusters with kubeadm . To create a Kubernetes cluster, backed by etcd in learner mode, using kubeadm, follow these steps: # kubeadm init --feature-gates=EtcdLearnerMode=true ... kubeadm init --config= kubeadm-config.yaml The kubeadm configuration file is like below: apiVersion : kubeadm.k8s.io/v1beta3 kind : ClusterConfiguration featureGates : EtcdLearnerMode : true The kubeadm tool deploys a single-node Kubernetes cluster with etcd set to use learner mode. Join nodes to the Kubernetes cluster Before joining a control-plane node to the new Kubernetes cluster, ensure that the existing control plane nodes and all etcd members are healthy. Check the cluster health with etcdctl . If etcdctl isn't available, you can run this tool inside a container image. You would do that directly with your container runtime using a tool such as crictl run and not through Kubernetes Here is an example on a client command that uses secure communication to check the cluster health of the etcd cluster: ETCDCTL_API = 3 etcdctl --endpoints 127.0.0.1:2379 \ --cert= /etc/kubernetes/pki/etcd/server.crt \ --key= /etc/kubernetes/pki/etcd/server.key \ --cacert= /etc/kubernetes/pki/etcd/ca.crt \ member list ... dc543c4d307fadb9, started, node1, https://10.6.177.40:2380, https://10.6.177.40:2379, false To check if the Kubernetes control plane is healthy, run kubectl get node -l node-role.kubernetes.io/control-plane= and check if the nodes are ready. Note: It is recommended to have an odd number of members in a etcd cluster. Before joining a worker node to the new Kubernetes cluster, ensure that the control plane nodes are healthy. What's next The feature gate EtcdLearnerMode is alpha in v1.27 and we expect it to graduate to beta in the next minor release of Kubernetes (v1.29). etcd has an open issue that may make the process more automatic: Support auto-promoting a learner member to a voting member . Learn more about the kubeadm configuration format here. Feedback Was this guide helpful? If you have any feedback or encounter any issues, please let us know. Your feedback is always welcome! Join the bi-weekly SIG Cluster Lifecycle meeting or weekly kubeadm office hours . Or reach us via Slack (channel #kubeadm ), or the SIG's mailing list .

Several studies now show an elevated risk of heart problems during and after an infection with SARS-CoV-2.

local-first semantic code search engine. Contribute to kantord/SeaGOAT development by creating an account on GitHub.

Apache Kafka is an open-source distributed event streaming platform that is used for data streaming pipelines, integration, and ingestion…

Enter the internal developer portal (“portal”): a foundational technology that holds the promise to improve developer efficiency and autonomy

An investigative report reveals that new spyware can slip in unseen through online ads—and there is currently no defense against it

About a year ago, the U.S. security firm Palo Alto Networks began to hear from a flurry of companies that had been hacked in ways that weren't the norm for cybercriminals.

Brazilian engineer Luiz André Barroso, who ripped up the rulebook at Google, has died. His radical ideas for data centers laid the foundations for cloud computing.

ngrok is the fastest way to host and secure your applications and services on the internet. Learn how by following our getting started guide, or dive straigh...

The "Common Vulnerabilities and Exposures" (CVE) system was launched late in the previous century (September 1999) to track vulnerabilities in software. Over the years since, it has had a somewhat checkered reputation, along with some some attempts to replace it, but CVE numbers are still the only effective way to track vulnerabilities. While that can certainly be useful, the CVE-assignment (and severity scoring) process is not without its problems. The prominence of CVE numbers, and the consequent increase in "reputation" for a reporter, have combined to create a system that can be—and is—actively gamed. Meanwhile, the organizations that oversee the system are ultimately not doing a particularly stellar job.

🚨 Attention users! Apple issues patches for 3 new critical zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari.

This shouldn't come as any surprise to any longtime Phoronix readers and dedicated open-source/Linux enthusiasts, but Valve with their work on the Steam Deck and SteamOS have been lifting the open-source ecosystem as a whole

OpenSource.net launched as a new home for Open Source writers and editors formerly contributing to opensource.com.

Investors are unenthusiastic about the IPOs from Arm, Instacart and Klaviyo, even after a 21-month drought in tech offerings

Allow me to be more helpful to @SlackHQ customers than their entire support apparatus:If you’re using the native Mac app, here’s how you disable their dogshit user-hostile redesign: pic.twitter.com/oRdpBXgiiW— Corey Quinn (@QuinnyPig) September 20, 2023

1. Open #Slack2. Cmd/Ctrl + Shift + R3. Cmd/Ctrl + Shift + S4. ????5. PROFIT!Thanks @mikefiedler for saving multi-workspace users!— Seth Michael Larson (@sethmlarson) September 20, 2023

New report from industry researchers finds that 95 percent of the once-hyped crypto assets have hit rock-bottom valuation

The United Auto Workers union said workers would walk out of more plants on Friday if it didn’t make progress in talks with General Motors, Ford and Stellantis.

Update prepares for the inevitable fall of today's cryptographic protocols.

Gabriel Weinberg of the search engine DuckDuckGo was the first competitor to testify in the Justice Department’s antitrust trial against Google.

Passkeys are the future of online security. Learn how 1Password is introducing passkey support on the web and iOS so you can sign in faster and more securely.

How to get started with networking.

FineWoven isn’t so fine after all.