CNW #6: Future of Kubernetes and NSA Kubernetes Hardening Guide

What is beyond Kubernetes in 2022.

Mar 17, 2022

Dear Readers,

I hope you are doing well. In this letter, you will see some of the interesting articles and resources that I find useful. We have reached 82 subscribers today on this newsletter and I hope the growth will continue. I plan to keep my content free of cost for my readers. The only help I need from you is to share this newsletter with your social network.

Share Cloud Native Weekly

This covers the evolution in Kubernetes resources, NSA Kubernetes hardening guide and Daniele’s thread on SQL Injection and XSS attack - example and prevention using Kubernetes Ingress Controller.

Recommended Reading

🚀 The future of Kubernetes - beyond Kubernetes in 2022

As a cloud-native developer, where should you focus after Kubernetes in 2022? Michael has shared his views on various paradigms and projects such as KEDA, knative, CloudEvents, Tekton, and many more. Thought provoking article, you should read to understand what next you should focus on if you are building on Kubernetes platform.

Anjul Sahu @anjuls

“Kubernetes is now a de facto standard for running containers. There is a lot of content on the Internet to learn Kubernetes. Focus on configuration best practices, application design, security, and scheduling. Setting up a cluster is getting…” — @anjuls

faun.pubDevOps Roadmap 2022In the last few weeks, I met some folks in my mentoring sessions, who are new to DevOps or in the mid of their career, who were interested…

NSA/CISA Kubernetes Hardening Guide

NSA and CISA have updated their jointly written Kubernetes Hardening Guide [PDF]. I would suggest going through this guide thoroughly and then utilize tools such as steampipe or Kubescape to automate the benchmarking. I have covered steampipe in my previous post.

steampipe check benchmark.nsa_cisa_v1_network_hardening_cpu_limit

Docker Desktop 4.6 for Mac - Speed boost using virtiofs and Linux dirty pipe fix

Docker has released 4.6 version of Docker Desktop which is introducing an important experimental feature that improves IO by up to 98%. It is going to improve developer productivity by faster operations. This is particularly useful if you are doing frequent docker operations such as builds on your Mac. It also fixes linux dirty pipe critical vulnerability. By default, virtiofs is not enabled so need do additional few steps to enable it after the upgrade.

Events

📆 KCD Chennai 2022 [3-4 June 2022, Virtual] - Kubernetes Community Days organized by Chennai chapter with prominent speakers such as Liz Rice (Isovalent) and Uma M (ChaosNative). If you are interested in submitting a CFP, the last date is 20th March.

Tweet of the Week

Daniele shared an interesting view on how to protect from SQL injection and XSS attacks in Kubernetes using ingress controllers and gateways.

Daniele Polencic @danielepolencic

A typical web application responds to requests from bots, health checks, and various attempts to circumvent security and gain unauthorized access. So, how can you filter out those malicious attempts in Kubernetes?

Resources

CloudYuga Hands-On Labs

CloudYuga has taken a different approach as compared to Katacoda to create labs that stitch content with the code similar to Jupyter notebooks. There is a lot of learning material on their platform which you can use (free at the moment). Suggest you try their eBPF lab.

Book I am Reading

I enjoy Will Larson’s content - books and his blog where he shares valuable insight and first-hand learning on engineering leadership.