“K8S Ecology Weekly” mainly contains some recommended weekly information related to K8S ecology that I have come into contact with. Welcome to subscribe zhihu column “K8S Ecology”.
Node Exporter V1.0.0 is released
Prometheus is the first open source monitoring and alarm solution from SoundCloud. And has grown into the second CNCF graduate program after Kubernetes. Prometheus also made significant strides in monitoring with the adoption of cloud native concepts and the development of technologies such as Kubernetes.
Major components include Prometheus, Alertmanager, Node Exporter, Blackbox Exporter, and Pushgateway.
Promethues operates in Pull mode. Metrics collected by Promethues should be exposed by their Exporter. Our most common component for collecting system metrics is Node Exporter.
This week, Node Exporter finally got a v1.0.0 release, making it more stable and versatile.
This week I wrote an article about the feature I’m most interested in in this release: by adding authentication to Prometheus Node, we can make monitoring more secure.
Of course, there are many changes and bugfixes included in this release, so I’ll skip them for now and refer to ReleaseNote for more information
Docker v19.03.10 release
Docker released version V19.03.10 this week, only two weeks after the last version v19.03.9. If you are using Version V19.03.x, I personally recommend you to update to this version.
One of the major fixes in this release is network related, specifically related to embedded DNS. In certain scenarios, if you create a custom network, resolving external domain names may fail.
The root cause of this problem was first encountered when I participated in the development of Docker in March this year. When the domain name resolution of the built-in DNS server fails, panic may be triggered and Docker Daemon will exit abnormally. Sam Whited quickly fixed it in Moby/libNetwork.
- if err ! = nil && ! resp.Truncated {
+ if err ! = nil && (resp ! = nil && ! resp.Truncated) {
Copy the codeThe changes look simple, adding resP for exception handling! = nil, which really fixes the situation that I was in.
This fix ignores cases where an error is returned but there is no response, such as a DNS server exception. However, the subsequent logical processing in Docker depends on the error handling here, so it will mistakenly think that the DNS server has been successfully connected, but there is no response. And that raises questions.
So this correction, again, is in this position:
- if err ! = nil && (resp ! = nil && ! resp.Truncated) {
+ if err ! = nil && (resp == nil || ! resp.Truncated) {
Copy the codeTwo cases were dealt with:
- If an error is returned and the response is null;
- If an error is returned and has nothing to do with the truncated response;
With this revision, that pretty much covers everything we can think of so far. I hope you can upgrade the version soon.
Trivy released v0.8
The TriVY tool, which was introduced earlier in K8S Ecology Weekly, is a convenient image security scan tool. This week it released v0.8, bringing with it several notable changes.
- Added new subcommands
trivy image $IMAGE_NAMEAnd scrapped the previous onetrivy $IMAGE_NAMEThe format of the; - increase
--format=jsonIt is used to output results in JSON form, which is easier to integrate with other systems. - By setting the
TRIVY_REGISTRY_TOKENEnvironment variable, registry token can be set to facilitate directly pulling the image for scanning;
Access the Release page to download and use the new version.
Progress in the upstream
- # 90960Fixed a
kubectl create secret docker-registry --from-fileUnavailability problems; - # 91182The kubelet
--seccomp-profile-rootOptions are moved to the configuration file; - #91171 changed the etCD mirror to distrole-based mirror, having already changed some other mirrors. The main concerns are probably security and volume related issues.
Please feel free to subscribe to my official account [MoeLove]
