Kaptain Kubernetes Weekly Newsletter is part of FAUN Developer Community. We help developers learn and grow by keeping them up with what matters.

⭐ Patrons

We help you win the race to Developers’ heart!

Acquire, engage, and retain Developers for your company.

MarketToDev is a Developer Marketing & Relation Agency by FAUN. A singular blend of marketing, software engineering, and passion.

Our services include providing actionable insights to help grow your developer community and increase adoption. Plus, we offer a free consultation to discuss your needs and how we can help.

Don’t let your competition get ahead, get in touch with MarketToDev !

Teleport Kubernetes Access

Consolidate identity-based access to Kubernetes clusters across all environments, meet compliance requirements, and have complete visibility into access and behavior:

👉 Easily secure your Kubernetes clusters using security best practices
👉 Meet compliance requirements (SOC 2, FedRAMP, HIPAA, ISO 27001, PCI and more)
👉 Complete visibility into access and behavior
👉 Secure access that doesn’t get in the way
👉 Give an identity to all your microservices, CI/CD automation, and service accounts
👉 Works with everything you have (X.509 certificates, HTTPS, SAML, OpenID connect and others)
👉 Easy to get started

Get started for free.

👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.

⭐ Sponsors

AIOps with Site24x7: Maximizing Efficiency at an Affordable Cost

AIOps help IT operations and DevOps teams improve efficiency and incident response time, enhance data analysis, optimize resource utilization, and increase visibility and transparency.

Learn how Site24x7, an all-in-one monitoring solution that incorporates AIOps capabilities, helps teams stay ahead of application and infrastructure issues.

Don’t let downtime slow you down. Discover the power of AIOps with Site24x7 !

👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.

🔗 From the web

Istio-based service mesh add-on for Azure Kubernetes Service

Microsoft has launched the public preview of its Istio add-on for Azure Kubernetes Service (AKS).

• The Istio add-on builds on top of the open-source Istio project and provides additional features such as verified external and internal ingress set-up, verified compatibility with supported versions of AKS, and Azure support for the add-on.
• The service mesh add-on will also handle scaling and configuration of Istio control plane, as well as the scaling of AKS components when Istio is enabled.
• The next steps on the roadmap include lifecycle management of Istio, mesh CA, multi-cluster mesh, and observability enhancements.

Data Profiler: Data Drift Model Monitoring Tool

The article discusses the importance of monitoring machine learning models to detect data drift and maintain efficiency. It presents a framework for detecting data drift that involves four stages:

• data retrieval,
• data modeling,
• test statistics calculation,
• hypothesis testing.

The Kubeflow Data Profiler component, a Python library that automates data analysis, monitoring, and sensitive data detection, is used to detect feature drift.

• A pipeline is created using this component to retrieve batches of training and test samples, profile the data, merge the profile model objects, and compute dissimilarity metrics.
• The pipeline returns a difference report containing key-value pairs for several data drift measures.
• The article emphasizes the importance of evaluating data drift and provides actionable steps for detecting and monitoring it using the Kubeflow Data Profiler component.

Ingress in Google Kubernetes Products ✅

The article provides a breakdown of network ingress options for Kubernetes clusters running in Google Cloud (GKE) or on-premise (Anthos on Bare Metal, Anthos on VMware), including Service, Ingress, Gateway, Istio Gateway, and NEG Controllers.

It highlights the ambiguity of component names and overloaded terms in technical discussions and recommends structuring and listing all possible options to reduce confusion.

Actionable takeaways include exploring the options available for each type of cluster and considering the limitations and advantages of each option before making a decision on network ingress configuration. It is also recommended to use Kubernetes Gateway instead of Kubernetes Ingress due to its drawbacks and limitations.

Effortlessly Deploy to Azure Kubernetes with Open Source Tools Draft and Acorn ✅

The article walks readers through deploying a web application to Azure Kubernetes Service (AKS) without having to write Docker or Kubernetes manifest files.

• Using open-source command-line tools Draft and Acorn, developers can containerize and deploy to AKS in a few steps.
• The articledetails how to create an AKS cluster, install Acorn, package the Acorn app, and deploy it to AKS.
• Draft and Acorn are powerful tools for developers to quickly get started on Kubernetes
• AKS Web Application Routing add-on makes ingress controller installation and management easy.

Set up Cloud NAT with Google Kubernetes Engine (GKE)

The article provides step-by-step instructions for configuring a private Google Kubernetes Engine (GKE) cluster with a NAT Gateway on Google Cloud Platform (GCP). The steps include creating a VPC network and subnet, creating a private cluster, reserving a static IP address, creating a NAT configuration using Cloud Router, and testing the connectivity by running an Nginx image.

⭐ Supporters

Switch to NordPass Business, Get 1 Year for FREE

NordPass offers an easy-to-use password manager for businesses, allowing for encrypted storage of credentials in vaults that can be shared among teams.

✔️Organize your account credentials.
✔️Store payment and shipping information.
✔️Save your private notes.
✔️Add members with one click.
✔️Share access to accounts between teams.
✔️Unlock the Activity Log.
✔️Autofill: Enter your account credentials automatically.
✔️Breach Monitoring.
✔️Company-wide settings.
✔️Password Health.

👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.

ℹ️ News

Announcing the general availability of Azure CNI Overlay in Azure Kubernetes Service

Microsoft has announced the general availability of Azure CNI Overlay, a new networking solution that assigns IP addresses from the user-defined overlay address space rather than using IP addresses from the VNET.

• Azure CNI Overlay uses the routing of these private address spaces as a native virtual network feature, which means that cluster nodes do not need to perform any extra encapsulation to make the overlay container network work.
• This allows the Pod overlay network to achieve the same performance as native VNET traffic and paves the way to support millions of pods across thousands of nodes.

SUSE Unveils Rancher 2.7.2, Enhanced Kubernetes Management ✅

SUSE has launched Rancher 2.7.2, the latest version of its software stack for managing multiple Kubernetes clusters across any infrastructure, to boost ecosystem adoption.

• Rancher Manager’s user functionality has been decoupled to allow users to extend and enhance the Rancher UI.
• The update includes Rancher Desktop 1.8, Kubewarden 1.6.0, Opni 0.9, S3GW 14.0, and Epinio 1.7, among other ecosystem features.
• SUSE also announced the re-launch of Rancher Academy, which offers free educational resources on Kubernetes and container management.
• Rancher Prime subscribers have access to SUSE’s customer engagement platform, SUSE Collective.

Thousands of misconfigured container and artifact registries expose sensitive credentials

Aqua Security researchers discovered over 10,000 container registries and 7,000 artifact repositories owned by businesses that are exposed to the internet and could give attackers access to sensitive information, including access tokens, encryption keys, database passwords, internal IP addresses, and filesystem paths.

• Some registries also allowed anonymous users to connect to the entire registry, which could allow attackers to plan and execute attacks against production and development systems or inject malicious code.
• Shadow IT and careless configuration are common reasons for registry exposure, and organizations should immediately check if their registries are unintentionally exposed to the internet and limit access to them.

The Aqua researchers make the following recommendations:

• Secure repositories with network controls such as a VPN or firewall.
• Implement strong authentication and authorization measures, including using strong passwords, two-factor authentication, SSO, and replacing default passwords.
• Regularly rotate keys, credentials, and secrets to prevent unauthorized access.
• Implement least privilege access controls and scoping, assigning the appropriate level of access to different roles, especially for anonymous access, and restricting access to specific repositories and artifacts as needed.
• Regularly scan for sensitive data and vulnerabilities and promptly address and mitigate any issues.

📚 Book picks

⭐ Software Architecture: The Hard Parts: Modern Trade-Off Analyses for Distributed Architectures

By focusing on commonly asked questions, this book provides techniques to help you discover and weigh the trade-offs as you confront the issues you face as an architect.

• Analyze trade-offs and effectively document your decisions
• Make better decisions regarding service granularity
• Understand the complexities of breaking apart monolithic applications
• Manage and decouple contracts between services
• Handle data in a highly distributed architecture
• Learn patterns to manage workflow and transactions when breaking apart applications

⚙️ Tools

siketyan/nakoud

Access your Docker containers easily without port forwarding

iwanhae/kubegraph

Realtime Web Based Kubernetes Visualizer with WebAssembly and Controller Runtime

ParadigmAI/paradigm

Hassle-free ML Pipelines on Kubernetes

patrickfav/pihole-unbound-docker

A docker-compose setup that maintaines a Pi-hole DNS with an with an upstream Unbound recursive DNS all hosted locally.

ksoclabs/kbom

KBOM — Kubernetes Bill of Materials

👉 Spread the word and help developers find and follow your Open Source project by promoting it on FAUN. Get in touch for more information.

🛍️ Swag Store

⭐ Show off your love for all things TECH

If you’re seeking a cozy tee-shirt to wear during your extended coding sessions or a mug to exhibit your passion for programming, you can find it all here.

🤩 Enjoy a 20% DISCOUNT on all products right now! Just use the code “THANKSFAUN” at checkout and get FREE SHIPPING too.

❤️ 20% exclusive discount for FAUNers on all products (+free shipping included) when you use the code “THANKSFAUN”.

❤️ Thanks for reading

👉 Never miss an issue
Join FAUN Developer Community and subscribe to our newsletter here.

👋 Keep in touch and follow us on social media:
- 💼LinkedIn
- 🐦Twitter
- 👥Facebook
- 📰Reddit

👌 Was this newsletter helpful?
We’d really appreciate it if you could share it with your friends! You can also donate to help us keep this newsletter going.

ℹ️ Have a question or feedback?
Feel free to reach out to us at [email protected]. We’d love to hear from you!

🤩 Want to sponsor our newsletter?
Reach out to us at [email protected] and we’ll get back to you as soon as possible.

🦈 Kubernetes Weekly #371: Risks of Misconfigured Container Registries was originally published in FAUN Publication on Medium, where people are continuing the conversation by highlighting and responding to this story.