On March 19th, two days ago, the official Asahi Linux Twitter announced that the first beta version of Linux with native support for the M1 family of chips is now available for everyone!

Asahi Linux began as a crowdfunding project to port Linux to Apple Silicon Mac devices, but was renamed Asahi Linux to accelerate development. While it’s still rough and many features don’t work properly (such as GPU acceleration, video codec acceleration, webcam, etc.), the ultimate goal is to deploy it on the M1 chip Mac for everyday use as an operating system. Come on, this is a small step for Asahi Linux, It’s a big step forward for Linux.

Open Source Project Recommendation

KubePlus

KubePlus is a Kubernetes Operator that can convert any containerized application to SaaS, delivered as a service by automating multi-tenant management and DAY2 operations such as monitoring, troubleshooting, and application upgrades.

Drift

Drift is an open source, self-deployable alternative to GitHub Gist. Here’s a Demo:drift.maxleiter.com/post/575129…

SQLite Viewer Web App

SQLite is a browser-ready SQLite database browsing tool that uses the browser’s native file system API to open.sqlite files and can also be installed as PWA.

Fig

Fig can add IDE style intelligent hints in the terminal, currently only available in Mac OS, integrated with Docker, Kubernetes and other common CLI.

Skill Icons

The project provides ICONS for various programming languages and tools that you can use to display your skill map on GitHub.

The article recommended

How can Kasten 10 protect cloud native applications

In the large-scale implementation phase of cloud native, more enterprise applications need a more solid cloud native base to achieve better data security and workload protection. Based on the open-source container platform KubeSphere, this paper combines Kasten K10 by Veeam to build a cloud native application protection scheme, and finally realizes the features of cloud native applications such as quick backup and recovery, long-term data retention, and shows you the whole process of deployment and configuration.

KubeSphere DevOps system functions

Designed specifically for CI/CD workflows in Kubernetes, the KubeSphere DevOps system provides a one-stop solution to help development and operations teams build, test and release applications to Kubernetes in a very simple way. It also has plug-in management, binary-to-image (B2I), source-to-image (S2I), code dependency cache, code quality analysis, pipeline logging and other functions.

Large Kubernetes clusters require GitOps

This article describes the problems and challenges that enterprises face when deploying Kubernetes clusters on a large scale. You saw how GitOps processes and tools can give enterprises the right control over these highly distributed environments, in addition to improving security and compliance best practices.

Cloud native dynamics

OpenFunction 0.6.0 release

Today, OpenFunction has released its latest version, V0.6.0. In this release, the core V1Alpha1 API has been deprecated and removed.

The main changes are as follows:

  • Refactor Async (formerly: OpenFuncAsync) runtime definition and upgrade the core API to V1beta1.
  • Add HTTP triggers for asynchronous functions by having the Knative runtime use Dapr.
  • Add a unified scaleOptions to control scaling of Knative and Async runtimes.
  • Added function plug-in support (support for global configuration and per-function configuration).
  • Add SkyWalking tracing support for synchronous and asynchronous functions.

Developer portal Project Backstage becomes the CNCF incubator project

The CNCF Technology Oversight Committee (TOC) has voted to accept Backstage as the CNCF incubator project.

Backstage is an open platform for building developer portals maintained by a global community. It unifies an organization’s tools, services, applications, data, and documentation into a single, consistent UI, making it easy for developers to create, manage, and explore software.

Backstage was founded at Spotify in 2016, at a time when the company was growing rapidly and bringing on new engineers was a challenge. The project became Spotify’s mission-critical tool for controlling software clutter and enabling engineers to work faster and more efficiently. Spotify opened source Backstage in March 2020 to share its experience with the wider community.

NSA & CISA has released a new version of Kubernetes Enhanced Guide – version 1.1

In March 2022, NSA & CISA released a new version of Kubernetes Enhanced Guidance — version 1.1. It updates a previous version released in August 2021. Kubernetes is developing rapidly, and the adoption rate of Kubernetes is growing even faster. Kubernetes has become such a popular target that protection measures need to be continuously enhanced.

The new version of the document shows that its authors are very concerned about Kubernetes and cloud security and are trying to help the industry prepare for the next wave of threats driven by the evolution of attack methods and the new capabilities offered by Kubernetes and the cloud platform.

Some of the most important points mentioned in the new Kubernetes enhanced Guide are:

  • Kubernetes Infrastructure hardening
  • User authentication
  • Deprecated PSP
  • Access controller
  • POD service account token protection
  • Applying Container Hardening
  • Auditing and logging

Flagger releases version 1.19.0 with Gateway API support

Flagger now releases version 1.19.0, which adds support for the Kubernetes Gateway API.

Flagger is a progressive delivery tool that automates the release process for applications running on Kubernetes. It reduces the risk of introducing a new software version into production by gradually shifting traffic to the new version while measuring metrics and running conformance tests.

Flagger[2] is designed to enable developers to use delivery techniques such as:

  • Canary Publishing (Incremental traffic diversion)
  • A/B testing (HTTP headers and cookies traffic routing)
  • Blue/Green (Traffic switching and mirroring)

Cr8escape: A new Vulnerability in the Cri-O container Engine discovered by CrowdStrike (CVE-2022-0811)

CrowdStrike’s cloud threat research team discovered a new vulnerability (CVE-2022-0811) in Cri-O, a container runtime engine that supports Kubernetes. An attacker called “cr8escape” can escape the Kubernetes container when called and gain root access to the host and be able to move anywhere in the cluster. Calling CVE-2022-0811 allows an attacker to perform a variety of operations on the target, including performing malware, data leaks, and lateral movement across pods.

CrowdStrike disclosed the vulnerability to Kubernetes, which partnered with Cri-O to release a patch.

This article is published by OpenWrite!