Cloud Native weekly highlights:

  • Lens 5.0.0 release
  • GitHub has launched GitHub Copilot, an AI programming tool
  • Kubernetes releases its annual Community report for 2020
  • Weaveworks launches integrated GitOps platform for Kubernetes
  • HashiCorp Boundary 0.4.0 released
  • Open Source Project Recommendation
  • The article recommended

IT practitioners have probably heard of the magic book “Understanding Computer Systems In Depth”, also known as CSAPP(Computer Systems: A Programmer’s Perspective), which integrates hardware, system and software into A unified framework to understand the operation mode of A computer system from the Programmer’s Perspective.

This book is also CMU(Carnegie Mellon University) introduction to Computer Systems, and CMU also has video lectures, so if you find it difficult to read the book, you can watch the video first and then go back to the book, or a combination of the two. Of course, if your English level is not ideal, you can choose to watch the video with Chinese subtitles, the video link is at B station.

Cloud native dynamics

Lens 5.0.0 release

Lens is a powerful Kubernetes IDE. You can view kubernetes cluster status in real time, such as Pod real-time log view, cluster Events real-time view, cluster troubleshooting, etc. Lens eliminates the need to type long Kubectl commands with just a few mouse clicks.

Lens provides complete situational awareness for everything running in Kubernetes. It lowers barriers to entry for novices and increases the productivity of experienced people.

Highlights of this new release are Catalog, Hotbars, and Spaces.

Hotbar is now the primary navigation, allowing users to pick the most important and frequently used features (such as open clustering) from the directory and assign them to Hotbar. Users can access multiple shortcut bars, quickly switch between them and customize them to suit their preferences.

With Spaces, you can choose to share access to the cluster. You can also accept invitations from others to visit their clusters. To do this, Lens created an entirely new technology: cluster connectivity. It allows Lens users to connect any of their clusters to Spaces without having to enable inbound ports on the firewall. It uses end-to-end encryption to secure connections between users and clusters, eliminating the need for a VPN. This means there is no need to expose the Kubernetes API over the Internet. Developers and operators can easily access and use their Kubernetes clusters from anywhere.

see

GitHub has launched GitHub Copilot, an AI programming tool

GitHub Copilot is more than just a code completion tool. Its underlying technology, Codex, a new AI system built by OpenAI, is now trained on billions of lines of open code and can understand more context than most code AIDS. Whether it’s documentation, comments, function names, or the code itself, GitHub Copilot synthesizes the matching code based on the context provided by the developer. GitHub Copilot allows developers to get suggestions for entire lines of code or functions in the editor.

GitHub Copilot works as shown below:

Making the Copilot’s official website

Kubernetes releases its annual Community report for 2020

Inspired by the Apache Software Foundation’s OPEN Guide to PMC Reporting and the ANNUAL report of the CNCF Project, the Kubernetes Project has announced the annual report of the Kubernetes community for Special Interest Groups (SIG) and Working Groups (WG). In its flagship edition, the 2020 Summary report focuses on improving the Kubernetes ecosystem by assessing and promoting the health of groups within upstream communities.

With this report, Kubernetes hopes to provide the end user community with information they can use to determine ways they can support the project and get a head start on the road map of upcoming features.

see

Weaveworks launches integrated GitOps platform for Kubernetes

Weaveworks chief Operating Officer Steve George said Weave GitOps brings together the open-source software development tools Weaveworks has been advancing to make them easier to deploy and use.

At the heart of the Weaveworks GitOps portfolio is Flux, an open source tool that automatically ensures that cluster status matches configuration stored in a Git repository. IT uses an operator called Flagger in the cluster to trigger the deployment of the application to Kubernetes without requiring the IT team to acquire and deploy a dedicated continuous delivery platform.

Flux monitors all image repositories, detects new images, triggers deployments and updates configurations accordingly. On top of this core platform, Weaveworks has added Team Workspaces, a workflow application for tracking changes to Git-based deployments that can be used by multiple DevOps teams. Each workspace can also span multiple Kubernetes clusters to simplify application deployment across Kubernetes cluster queues.

see

HashiCorp Boundary 0.4.0 released

HashiCorp Boundary is an infrastructure grid that enables developers, DevOps and SRE to securely access infrastructure services (SSH servers, Kubernetes clusters) with fine-grained authorization without having to directly access the network, while prohibiting VPN or fortress hosts.

Session Certificate Agent: HashiCorp Boundary 0.4.0 adds a Vault integration for secret agent of Vault to the Boundary client (command line and desktop client) for use in Boundary sessions.

Vault confidential’s proxy is the basis of Boundary’s larger credential management story for seamless single sign-on to infrastructure targets. This feature introduces new Boundary resources – credential stores, credential libraries, and credential – to support binding credentials to user sessions and displaying these credentials on the command line and during session initialization in the Boundary Desktop.

Boundary Connect Credential Broker integration: In addition, we have started to integrate into the Boundary Connect Assistant, starting with the Postgres Assistant in this release; If the credential contains a username/password and the boundary connection Postgres is the helper in use, this command will automatically pass the credential to the PSQL process.

Session security improvements: Border workers will now close any existing broker connections they are working on when they are unable to issue status requests to workers. The timeout for this behavior is currently 15 seconds.

see

Open Source Project Recommendation

eBPFSnitch

EBPFSnitch is a Linux firewall application based on eBPF. Using eBPF instead of Iptables as a firewall can be a challenge. Each rule added requires coding, which is extremely inconvenient. It is best to add and modify rules by command. There have been several attempts in this direction, but they haven’t been updated for a long time, so I won’t cover them here. EBPFSnitch is a project that provides a GUI for adding and modifying firewall rules, but unfortunately there is no command-line version yet.

missing-container-metrics

By default, Kubernetes uses Cadvisor to collect container metrics. This is sufficient for most people, but it is still lacking. For example, it does not collect the following metrics:

  • OOM kill
  • Number of container restarts
  • The container’s exit code

The missing-container-metrics project addresses the shortcomings of Cadvisor by adding these metrics that cluster administrators can use to quickly locate certain failures. For example, if a container has multiple child processes and one child process is killed by OOM kill, the container is still running. If OOM kill is not monitored, it is difficult for administrators to locate faults.

podman-static

Podman is an open source container runtime project from Red Hat. It has almost the same functionality as Docker and many new features. The biggest difference is that it does not need to run daemons.

Podman does not provide static binaries by default, you need to install the full dependencies to use them properly, and only support a few distributions. Others need to be compiled from scratch. Podman-static is a project designed to solve this problem by providing Static binaries for Podman and its dependencies. You only need to copy these binaries to make Podman work. Think of your Openwrt project as your savior.

FirefoxPWA

PWA, which stands for Progressive Web Apps, was launched by Google in 2015 to bring a native app-like user experience to cross-platform HTML Web pages. Only some chromium-based browsers currently support PWA, and FireFox doesn’t by default. The FireFox PWA project is designed to make FireFox PWA available, but it’s not currently available for macOS, so if you’re interested, you can wait.

The article recommended

Why did Kubernetes choose ETCD?

This article analyzes the advantages of Kubernetes to choose ETCD from the perspective of source code, including the following aspects:

  • How EtcdServer works
  • How BBOLt works
  • How is data persisted to ETCD
  • The principle of MVCC

How do I add eBPF to an observable product

This is the latest post from renowned performance guru Brendan Gregg, who explores how to quickly add eBPF to commercial observability products.

Machine learning to optimize applications in Kubernetes

With the changing architecture of Internet applications, optimizing applications on Kubernetes by manual means is extremely complex, requiring extensive testing and monitoring, and consuming endless engineering time. This paper attempts to solve this problem through machine learning.

This article is published by OpenWrite!