Cloud Native weekly highlights:
- Docker updates and extends product subscriptions
- NGINX Ingress Controller 1.0.0
- Public beta release of the Tanzu application platform
- The IBM open source Tornjak
- Kubernetes Application Developer Certification (CKAD) Chinese version officially launched!
- Open Source Project Recommendation
- The article recommended
Recently, Docker company updated its product subscription strategy, the key point of the update is that Docker Desktop is no longer provided to medium and large enterprises for free. Now that Docker is closing in, others can no longer bear to watch, and have begun to attack Docker Desktop. The Lima project, for example, sounds like a great name… Even Rancher Desktop is starting to integrate Lima.
Another well-known project, Podman, has been running on Linux for a long time. MacOS and Windows can only manage containers by remotely connecting to Podman’s API through the CLI. To use Podman in macOS, you can only create a virtual machine and use it over a remote connection. Fortunately, a machine parameter has been built into the Podman CLI, which allows you to create a virtual machine and remotely connect to the Podman API in the virtual machine in one go, greatly optimizing the user experience.
As if that’s not enough, there’s a macOS Podman UI that can start and stop a Podman virtual machine and the container it runs on, essentially replacing Docker Desktop, as described in the open Source project recommendations section of this article.
Cloud native dynamics
Docker updates and extends product subscriptions
In order to enable Docker to expand sustainably and continue to provide the innovative, free Docker experience that developers love, Docker has updated and extended its product subscription. These updated product subscriptions provide the productivity and collaboration that developers rely on, and the scale, security, and trusted content that enterprises need.
- Launched a new product subscription, Docker Business, for enterprises that use Docker on a large scale for application development and require secure software supply chain management, single sign-on (SSO), container registry access control and more.
- The Docker Subscription Service Agreement includes modifications to the Docker Desktop terms.
- Docker Desktop remains free for small businesses (fewer than 250 employees, less than $10 million in annual revenue), personal use, education, and noncommercial open source projects.
- It requires a paid subscription (pro, team or business) starting at $5 per user per month for professional use by large enterprises.
- While the terms take effect on August 31, 2021, there is a grace period until January 31, 2022 for those who require a paid subscription to use Docker’s desktop.
- Docker Pro, Docker Team, and Docker Business subscriptions include commercial use of Docker Desktop.
- Existing Docker free subscriptions have been renamed Docker Personal.
- There are no changes to the Docker engine or any upstream open source Docker or Moby projects.
see
NGINX Ingress Controller 1.0.0
NGINX Ingress Controller 1.0.0 was released, supporting Kubernetes V1.22 and dropping support for V1beta1.
This version only supports Kubernetes version >= V1.19. IO /v1beta is removing support for Ingress Object in, and listings should now use networking.k8s. IO /v1.
Mirror:
K8s. GCR. IO/ingress - nginx/controller: v1.0.0 @ sha256:0851 b34f69f69352bf168e6ccf30e1e20714a264ab1ecd1933e4d8c0fc3215c6
Known issues:
The Ingress Controller only supports cluster-wide IngressClass and requires cluster-wide permissions on this object, otherwise it will not start. A fix is planned for V1.0.1.
see
Public beta release of the Tanzu application platform
A public beta version of the Tanzu application platform was released at VMware’s annual SpringOne Developer conference. Through the Tanzu application platform, application developers and operations teams can build and deliver a better multi-cloud developer experience on any Kubernetes distribution, Software products include Azure Kubernetes Service, Amazon Elastic Kubernetes Service, Google Kubernetes Engine, and Tanzu Kubernetes Grid.
In initial test versions, Tanzu application platforms establish the foundation for a unified experience on Kubernetes for development and operations teams, a pre-laid production path that includes:
- Application templates with built-in compliance and best practices
- Automated container image building
- Operational mechanisms for service and event handling capabilities
- API discovery and routing
- Insight into running applications for quick troubleshooting
see
The IBM open source Tornjak
The Tornjak open source project aims to provide a management plane and capability for the SPIFFE identity managed by SPIRE. The goal is to provide global visibility, auditability, configuration, and policy management for workload identities. Using the CNCF standard/implementation SPIFFE/SPIRE, Tornjak provides a management plane on top of the secure SPIRE framework, helping to provide a zero-trust security model. This management plane can be used by an administrator or CISO to manage an organization’s workload identity.
To keep Tornjak open and available to all, IBM is donating the project to make it part of CNCF under the SPIFFE community. The project will join a well-established community of developers, integrators, and users, including Bloomberg, ByteDance (developer of TikTok), and Github, focused on solving the workload identity challenges posed by a hybrid cloud environment. The community also includes Cisco, Google, HPE and others building new tools on top of SPIFFE/SPIRE.
see
Kubernetes Application Developer Certification (CKAD) Chinese version officially launched
On September 1, Beijing time, Linux Foundation and Cloud Native Computing Foundation (CNCF) announced that the Kubernetes Application Developer Certification Exam (CKAD) can now be administered in Chinese with an invigilator who can communicate in Chinese. CKAD test is now available in English and Japanese. This development marks an important milestone for CKAD as well as Kubernetes Certification Exam (CKA) in localization of Kubernetes certification exam in China. The CKA certification exam was available in Chinese two years ago.
The format of the CKAD-CN exam is the same as the English and Japanese versions. The exam takes two hours to complete. It is a completely practice-based exam that requires students to complete daily tasks in a mock exam environment. This exam measures your ability to build, configure, and expose cloud-native applications for Kubernetes. Qualified candidates will be able to define application resources and use core primitives to build, monitor, and troubleshoot scalable applications and tools in Kubernetes.
CKAD 2021 will launch at 8am Beijing time on September 28, 2021!
Registration for CKAD Chinese test is now open
Open Source Project Recommendation
Podman for macOS
“Podman for macOS” is a Podman front end for the macOS platform that can be used to start and stop the Podman virtual machine and the container in which it runs. If you haven’t already set up your virtual machine with your Podman Machine, the application will automatically set it up and start it for you.
kubectl-tmux-exec
Kubectl-tmux-exec is a kubectl plug-in that can enter multiple pods simultaneously and execute commands in parallel. For example, run kubectl tmux-exec-l app.kubernetes. IO /name=node-exporter sh -n kubesphere-monitoring-system and run hostname after entering the container.
karma
Karma is the alarm panel of Alertmanager. The core part is written using Go and the UI is developed based on React.
LinuxKit
LinuxKit is used to build a secure, portable, compact operating system for containers. It can run on any platform and supports x86_64, ARM64, and S390X architectures.
The article recommended
Container network – Multiple containers listen on the same port without reverse proxy
This article showed you how Docker exposes ports on hosts and how to make multiple containers listen on the same port using two schemes, SO_REUSEPORT and iptables.
MTLS guide for Kubernetes engineers
MTLS is a hot topic in the Kubernetes ecosystem, but few people have a comprehensive understanding of mTLS concepts and application scenarios. This article will introduce you to what mTLS is, how it relates to normal TLS, and how it relates to Kubernetes.
Advanced persistent threat techniques used in container attacks
Aqua’s Nautilus team detected an attack targeting cloud native environments using advanced Persistent Threat (APT) technology, where attackers use two types of RootKits to hide their presence. This article takes an in-depth look at these complex technologies, explaining how RootKits work and how adversaries use them to attack cloud native environments.
This article is published by OpenWrite!