Suggested Reads

Suggested Reads

54832 bookmarks
Newest
How Tailscale's infrastructure team stays small
How Tailscale's infrastructure team stays small
Tailscale’s secure, simplified networking solution helps DevOps teams eliminate infrastructure headaches. Learn how our infra team of just three engineers uses Tailscale to handle networking, secrets, and security with minimal effort.
·tailscale.com·
How Tailscale's infrastructure team stays small
Last Week in Kubernetes Development - Week Ending November 24 2024
Last Week in Kubernetes Development - Week Ending November 24 2024

Week Ending November 24, 2024

https://lwkd.info/2024/20241127

Developer News

If you attended the Kubernetes Contributor Summit in Salt Lake City, please complete the post-event survey.

SIG-Security shared CVE-2024-10220, which allowed attackers to use a gitRepo volume for unauthorized file access. This vulnerability was patched in versions 1.31.0, 1.30.3, 1.29.7, and 1.28.12; if you are running older versions, please upgrade.

Release Schedule

Next Deadline: Release Highlights completion, December 3rd

Docs freeze is in effect as of Tuesday 26th November. We are now in the final phases of the v1.32 release cycle with the scheduled release date just two weeks away.

Kubernetes v1.32.0-rc.0 is live!. v1.32.0-rc.1 is scheduled to be cut on Monday, December 3rd.

KEP of the Week

KEP-3157: Allow informers for getting a stream of data instead of chunking

This KEP addresses the kube-apiserver’s vulnerability to excessive memory consumption caused by LIST requests in large clusters, which can lead to server crashes, node pressure, and workload disruption. To solve this, it proposes reducing temporary memory usage from an exponential scale to a manageable constant, leveraging the watch cache to reduce etcd load, ensuring consistent and fresh LIST responses, and maintaining backward compatibility—all while protecting the server and its node from OOM scenarios

This KEP is tracked for beta release in the ongoing v1.32 cycle.

Other Merges

Validate DRA Node Selector Labels even on upgraded objects; while this is a backwards-incompatible change, it’s not expected to break anything

Version Updates

golang to 1.23.3 in 1.32, and to 1.22.9 in older releases

via Last Week in Kubernetes Development https://lwkd.info/

November 27, 2024 at 05:00PM

·lwkd.info·
Last Week in Kubernetes Development - Week Ending November 24 2024
Ask Me Anything about DevOps, Cloud, Kubernetses, or anything else
Ask Me Anything about DevOps, Cloud, Kubernetses, or anything else

Ask Me Anything about DevOps, Cloud, Kubernetses, or anything else

We are restarting AMA sessions. This time, there are not restrictions. You can ask anything about anything.

▬▬▬▬▬▬ 👋 Contact me 👋 ▬▬▬▬▬▬ ➡ BlueSky: https://vfarcic.bsky.social ➡ LinkedIn: https://www.linkedin.com/in/viktorfarcic/

▬▬▬▬▬▬ 🚀 Other Channels 🚀 ▬▬▬▬▬▬ 🎤 Podcast: https://www.devopsparadox.com/ 💬 Live streams: https://www.youtube.com/c/DevOpsParadox

via YouTube https://www.youtube.com/watch?v=KO7T-nex5u4

·youtube.com·
Ask Me Anything about DevOps, Cloud, Kubernetses, or anything else
This Website is Hosted on Bluesky
This Website is Hosted on Bluesky
Well, not this one. But this one is! How? Let’s take a closer look at Bluesky and the AT Protocol that underpins it. Note: I communicated with the Bluesky team prior to the publishing of this post. While the functionality described is not the intended use of the application, it is known behavior and does not constitue a vulnerability disclosure process. My main motivation for reaching out to them was because I like the folks and don’t want to make their lives harder.
·danielmangum.com·
This Website is Hosted on Bluesky
Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 and CVE-2024-9474 (Updated Nov. 22)
Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 and CVE-2024-9474 (Updated Nov. 22)
We detail the observed limited activity regarding authentication bypass vulnerability CVE-2024-0012 affecting specific versions of PAN-OS software, and include protections and mitigations. We detail the observed limited activity regarding authentication bypass vulnerability CVE-2024-0012 affecting specific versions of PAN-OS software, and include protections and mitigations.
·unit42.paloaltonetworks.com·
Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 and CVE-2024-9474 (Updated Nov. 22)
China’s Hacking Reached Deep Into U.S. Telecoms
China’s Hacking Reached Deep Into U.S. Telecoms
The chairman of the Senate Intelligence Committee said hackers listened to phone calls and read texts by exploiting aging equipment and seams in the networks that connect systems.
·nytimes.com·
China’s Hacking Reached Deep Into U.S. Telecoms
Argo CD GitOps Promotions with Kargo (by Akuity): A Brilliant Idea with Flawed Execution?
Argo CD GitOps Promotions with Kargo (by Akuity): A Brilliant Idea with Flawed Execution?

Argo CD GitOps Promotions with Kargo (by Akuity): A Brilliant Idea with Flawed Execution?

In this deep dive, we explore how Kargo standardizes promotions, offering visibility and guardrails for your CI/CD pipelines. Learn how to integrate Kargo with Argo CD, manage multi-stage deployments, and tackle the challenges of modern DevOps workflows. Watch now to see Kargo in action and find out if it's the right tool for your DevOps toolkit.

Kargo #Akuity #ArgoCD

Consider joining the channel: https://www.youtube.com/c/devopstoolkit/join

▬▬▬▬▬▬ 🔗 Additional Info 🔗 ▬▬▬▬▬▬ ➡ Transcript and commands: https://devopstoolkit.live/ci-cd/argo-cd-gitops-promotions-with-kargo-by-akuity-a-brilliant-idea-with-flawed-execution? 🔗 Kargo: https://kargo.io 🎬 GitOps playlist: https://youtube.com/playlist?list=PLyicRj904Z99dJk8bOygbov5up5YYvoZV 🎬 SemVer: https://github.com/masterminds/semver

▬▬▬▬▬▬ 💰 Sponsorships 💰 ▬▬▬▬▬▬ If you are interested in sponsoring this channel, please visit https://devopstoolkit.live/sponsor for more information. Alternatively, feel free to contact me over Twitter or LinkedIn (see below).

▬▬▬▬▬▬ 👋 Contact me 👋 ▬▬▬▬▬▬ ➡ BlueSky: https://vfarcic.bsky.social ➡ LinkedIn: https://www.linkedin.com/in/viktorfarcic/

▬▬▬▬▬▬ 🚀 Other Channels 🚀 ▬▬▬▬▬▬ 🎤 Podcast: https://www.devopsparadox.com/ 💬 Live streams: https://www.youtube.com/c/DevOpsParadox

▬▬▬▬▬▬ ⏱ Timecodes ⏱ ▬▬▬▬▬▬ 00:00 Argo CD Promotions with Argo CD and Kargo 05:37 Argo CD ApplicationSet 08:00 Kargo (by Akuity) Promotion Definitions 15:16 Kargo Promotions in Action 23:38 Kargo Critique 28:15 Kargo Pros and Cons

via YouTube https://www.youtube.com/watch?v=RoY7Qu51zwU

·youtube.com·
Argo CD GitOps Promotions with Kargo (by Akuity): A Brilliant Idea with Flawed Execution?
Amazon ElastiCache version 8.0 for Valkey brings faster scaling and improved memory efficiency | Amazon Web Services
Amazon ElastiCache version 8.0 for Valkey brings faster scaling and improved memory efficiency | Amazon Web Services

Amazon ElastiCache version 8.0 for Valkey brings faster scaling and improved memory efficiency | Amazon Web Services

Today, we are adding support for Valkey 8.0 on Amazon ElastiCache. ElastiCache version 8.0 for Valkey brings faster scaling for ElastiCache Serverless and…

November 22, 2024 at 09:29AM

via Instapaper

·aws.amazon.com·
Amazon ElastiCache version 8.0 for Valkey brings faster scaling and improved memory efficiency | Amazon Web Services
Last Week in Kubernetes Development - Week Ending November 17 2024
Last Week in Kubernetes Development - Week Ending November 17 2024

Week Ending November 17, 2024

https://lwkd.info/2024/20241120

Developer News

KubeCon NA Salt Lake City was last week! The Kubernetes Contributor Summit was held on Monday, November 11th. Find the photos and meeting notes from the unconference discussions here.

When one Kubecon ends, another one starts: the CfP is open for the Maintainer Summit at Kubecon London. The Summit includes the Kubernetes Contributor Summit plus collaboration with other projects. CfPs for Kubecon Main Track and Colo Events are open as well. And if you’re going to be in Kubecon India, don’t skip the Maintainer Summit there.

There have been some updates to SIG leadership. Richa Banker is nominated as the new chair for SIG Instrumentation and Marko Mudrinić is nominated as a Tech Lead for SIG K8S Infra. Congratulations and thank you for all your work!

Release Schedule

Next Deadline: Docs Freeze, November 26th

Code freeze is in effect from the past week. So far we have 44 enhancements tracked for v1.32 after code freeze. Out of these 18 are in alpha stage, 12 graduating to beta, 13 graduating to GA and one KEP is a deprecation.

The Docs Freeze deadline is coming up. If your KEP is tracked for v1.32, please make sure to get your docs PRs reviewed and merged before the Docs Freeze.

Patch releases 1.29.11, 1.30.7, 1.31.3 are now available.

Other Merges

The DRA kubelet API has its own protobuf package

Adjust resize policy validation to be backwards-compatible

Promotions

InPlacePodVerticalScaling to Beta

via Last Week in Kubernetes Development https://lwkd.info/

November 20, 2024 at 05:00PM

·lwkd.info·
Last Week in Kubernetes Development - Week Ending November 17 2024