The Headlines
Editor’s pick of the highlights from the past week.
We built network isolation for 1,500 services
Jack Kleeman, Monzo
In the Security team at Monzo, one of our goals is to move towards a completely zero trust platform. This means that in theory, we’d be able to run malicious code inside our platform with no risk – the code wouldn’t be able to interact with anything dangerous without the security team granting special access.
The idea is that we don’t want to trust just anything simply because it’s inside our platform. Instead, we want individual services to be trusted based on a short and deliberate list of which other services they’re allowed to interact with. This makes an attack substantially more difficult.
In this blog, Jack outlines their thought process and includes examples of their test policy code.
CNCF Prometheus Project Journey Report
CNCF
Prometheus is a widely-adopted open source metrics-based monitoring and alerting system. Initially developed at SoundCloud to solve end user needs, Prometheus is now hosted by the Cloud Native Computing Foundation (CNCF). This report attempts to objectively assess the state of the Prometheus project and how CNCF has impacted the progress and growth of Prometheus. This report is one of a series of project journey reports we will be publishing focused on graduated projects hosted by CNCF.
The Technical
Tutorials, tools, and more that take you on a deep dive into the code.
Inviting Security to the Party – Part I
Brenno Oliveira
Kubernetes Beyond
Andrea Tosatto
Provision a Kubernetes Cluster in Amazon EKS with Weaveworks eksctl and AWS CDK
Reaction Commerce
Migrating your app to Kubernetes: what to do with files?
Flant
KUDO, with Gerred Dillon
Adam Glick and Craig Box, Kubernetes Podcast from Google
Backyards 1.0
Marton Sereg, Banzai Cloud
Contour 1.0
Dave Cheney, Steve Sloka, Nick Young, and James Peach
From image security to workload security
Gareth Rushgrove, Snyk
The Editorial
Articles, announcements, and more that give you a high-level overview of challenges and features.
Vitess, the database clustering system powering YouTube, graduates CNCF incubation
Maria Deutscher
Longhorn storage engine accepted into the CNCF
Sheng Yang, Rancher Labs
CloudEvents hits 1.0; moves to incubation in CNCF
CNCF
What service meshes are, and why Istio leads the pack
Christine Hall, Data Center Knowledge
Knative: better Kubernetes networking
Ahmet Alp Balkan
The Two Most Important Challenges with an API Gateway when Adopting Kubernetes
Datawire
Hands-on guide: developing and deploying Node.js apps in Kubernetes
Daniele Polencic
Solving data-locality transparently using Vitess geo-sharding
Jiten Vaidya, CEO and Co-Founder @PlanetScale
Special MONDAY webinar!
Nov 11, 2019 10:00 AM PT (UTC-8)
Kubernetes Security Controls and Enforcement: Applying Lessons from the K8s Security Audit
Connor Gilbert, Senior Product Manager @StackRox
Nov 12, 2019 10:00 AM PT (UTC-8)
Kubernetes Cluster Performance, Resource Management, and Cost Impact
Elijah Oyekunle, Platform Engineer @Replex
Hasham Haider, Developer Marketing @Replex
Nov 14, 2019 9:00 AM PT (UTC-8)
REGISTER NOW »
CNCF Webinar Series – 云原生应用中的网络流量管理
This webinar will be delivered in Chinese
何归丽 @AWS
Nov 27, 2019 10:00 AM China Standard Time
CNCF Webinar Series – 增强合规信心:使用Harbor进行高级镜像扫描
This webinar will be delivered in Chinese
Steven Zou, Core Maintainer @Harbor
Dec 11, 2019 10:00 AM China Standard Time
REGISTER NOW »
A Vision for the 2025 Cloud Native Enterprise
John Morello, VP of Product for Prisma by Palo Alto Networks @Palo Alto Networks
Dec 12, 2019 9:00 AM PT (UTC-8)
CNCF Webinar Series – 使用KUDO (Kubernetes通用声明式Operator),简化Kubernetes有状态服务部署与管理
This webinar will be delivered in Chinese
葛昊元 (Harry Ge), D2iQ解决方案架构师 @D2iQ
Jan 8, 2020 10:00 AM China Standard Time
REGISTER NOW »
===========================================================
KubeWeekly is curated by Bob Killen, Chris Short, Craig Box, Kim McMahon, and Michael Hausenblas