Cloud native enthusiast weekly: kubesphere 3.3.0 alpha release

Time:2022-5-8

Open source project recommendation

Collection of Linux eBPF slides/documents

This project collects all kinds of information related to ebpf, which is very comprehensive.

magic-trace

Magic trace is a Linux performance analysis tool, which can be used to analyze the performance problems of applications and kernels. Unlike perf, magic trace does not sample the call stack over the entire time period, but usesIntel ® Processor trace (Intel processor trace)To snapshot the ring buffer of all control flows at a certain point in time.

tabloid

Tabloid is a formatted output tool for kubectl and docker, which is better than grep and awk. For example:

# show only pods whose name starts with `frontend` or `redis`
# and only display the columns `namespace` and `name`
$ kubectl get pods --all-namespaces | tabloid \
>   --expr '(name =~ "^frontend" || name =~ "^redis") && namespace == "team-a-apps"' \
>   --column namespace,name
NAMESPACE     NAME
team-a-apps   frontend-5c6c94684f-5kzbk
team-a-apps   frontend-5c6c94684f-k2d7d
team-a-apps   frontend-5c6c94684f-ppgkx
team-a-apps   redis-follower-dddfbdcc9-9xd8l
team-a-apps   redis-follower-dddfbdcc9-l9ngl
team-a-apps   redis-leader-fb76b4755-6t5bk

Recommended articles

Use kubeeye to escort your k8s cluster

Kubeeye is a kubernetes security and configuration problem detection tool. It uses OPA for configuration detection of business applications deployed in k8s cluster and node problem detector for nodes deployed in cluster. At the same time, in addition to the built-in predefined rules according to most common scenarios in the industry, the system also supports user-defined rules for cluster detection.

Monitoring etcd outside the cluster in kubesphere

There are etcd monitoring pages in kubesphere’s built-in cluster status monitoring, but in kubesphere 3 In version 2.1, after etcd monitoring is enabled in the default configuration, there is no data on the etcd monitoring page in the cluster status. This article will record the troubleshooting trip to solve this problem.

Develop and release a kubectl plug-in from scratch using go

In the ten-year wave of cloud computing, Devops, containers, micro services and other technologies have developed rapidly, and the original generation of cloud has become a trend. Enterprise cloudization has moved from “on cloud” to “in cloud”, becoming a “new cloud native enterprise”. The new capabilities and existing capabilities are independent and organically coordinated to achieve resource efficiency, agile application, business intelligence, security and credibility. The whole cloud native concept is very large, which may be some small problems we encounter in the real scene. This article will share with you the small needs and solutions we encounter in our daily work.

Cloud native dynamics

Kubesphere 3.3.0 alpha release, Argo CD support

It has been four months since kubesphere 3.2.1 GA, and now the alpha version of kubesphere 3.3.0 has finally been released, bringing many heavyweight functions, such as:

DevOps

  • It provides a continuous deployment scheme based on gitops, and the bottom layer supports Argo CD
  • Support continuous deployment of white list configuration;
  • Continuous deployment status statistics;
  • Support centralized management of code warehouse;
  • Add several built-in assembly line templates based on CRD;
  • Support adding custom roles that only allow pipeline execution.

storage

  • Add volume snapshot content management;
  • Support volume snapshot class management;
  • Add storageclass permission control;
  • New PVC automatic capacity expansion;
  • Increase the data display of single hard disk occupancy.

Other optimization

  • In the multi cluster scenario, member clusters support uploading and updating kubeconfig files;
  • Support cluster kubeconfig expiration prompt under multiple clusters;
  • Support the application of the entire configuration dictionary;
  • Support container lifecycle management;
  • Node terminals are supported, and cluster nodes can be logged in directly on the UI
  • Enable istio to support more detailed configurations such as CNI;
  • The cluster configuration configuration mechanism is optimized without restarting KS apiserver / Ks controller manager

The specific details of each function will be detailed in the release notes after the official version is released, and the GA date is in May。 Students who want to try something can deploy and test in the following two ways. Welcome to help test and submit GitHub issue.

Kubevirt upgraded to CNCF incubation project

The CNCF technical oversight committee (TOC) has voted to accept kubevirt as a CNCF incubation program.

Kubevirt enables users to run virtual machine workloads on kubernetes in a native manner. It allows the migration of traditional applications and supports the construction of new applications with virtualization requirements, ultimately strengthening kubernetes as the preferred tool for running computing workloads.

Kubevirt project was founded in red hat in January 2017. Since joining CNCF as a sandbox project in September 2019, the project has added contributors from Amadeus, apple, cloudflare, containership, giant swarm, gitpod, IBM, kubermatic, lacoda, NEC, NVIDIA, sap, solidfire, SUSE and independent developers. Kubevirt based solutions have been put into production in several companies, including arm, civo, coreweave, H3C and kubermatic. The project is now the leading open source tool for running virtual machines in kubernetes.

Harbor v2. 5. Introduce cosign

Recently, harbor v2 5 release, the new version has brought the following important new features to users:

  • The introduction of cosign signature enables the signature to be copied synchronously when the product (image, etc.) is copied.
  • It improves the performance of concurrent pull requests.
  • The fault tolerance of garbage collection function is improved. When an error occurs in deleting an artifact, you can continue to delete other artifacts.
  • Artifacts in proxy cache items can be skipped during replication.
  • Activate the district purging function to delete orphaned files in the upload directory.
  • Use golang v1 17.7 built.
  • Using distribution v2 8.0 and trivy v0 22.0。

Harbor v2. 5 integrates support for cosign, an OCI artifact signature and verification solution, which is part of the sigstore project.

Cosign signs the OCI artifact and pushes the generated signature to harbor. This signature is stored next to the signed artifact as an attachment to the artifact. Harbor manages the link between signed artifacts and countersignature, allows you to apply label retention rules and immutability rules to signed artifacts, and it will be extended to signed artifacts and signatures. In this way, you can use harbor’s built-in functions to manage signature artifacts and cosign signature attachments.

Istiocon 2022 opens tonight

Istiocon 2022 will officially start at 11 p.m. Beijing time today (25th). Welcome to the official website of the conferencehttps://events.istio.io/istiocon-2022Register to watch. This event has a Chinese speech adapted to Beijing time. The Chinese speech organizers are Xu Zhonghu, song Jingchao and Ding Shaojun. For detailed schedule, please refer to:https://events.istio.io/istiocon-2022/schedule/grid/。

The log4j patch of AWS detonates a vulnerability in its own security

Amazon Web Services updated its log4j security patch after discovering that the original fix made customer deployments vulnerable to container escapes and privilege upgrades.

The vulnerability introduced by Amazon’s log4j hot patch – cve-2021-3100, cve-2021-3101, cve-2022-0070, cve-2022-0071 – is a high severity error with 8.8 points (out of 10 points) on CVss. AWS customers using java software in their external environment should obtain and install the latest patch set from Amazon.

This article is composed of blog one article multi posting platformOpenWriterelease!

Recommended Today

Indexed access types of typescript

preface The official documents of typescript have long been updated, but the Chinese documents I can find are still in the older version. Therefore, some newly added and revised chapters are translated and sorted out. This article is compiled from “typescript Handbook”Indexed Access Types“Chapter. This article is not translated strictly according to the original text, […]