Cloud native week news:

  • Lens 5.0.0 release
  • GitHub launches AI programming tool GitHub Copilot
  • Kubernetes releases its annual community report for 2020
  • Weaveworks has launched an integrated GITOPS platform for Kubernetes
  • Hashicorp Boundary 0.4.0 was released
  • Open Source Project Recommendations
  • The article recommended

People in IT have all heard of the amazing book “Understanding Computer Systems in depth”, known as CSApp (Computer Systems: A Programmer’s Perspective), which combines hardware, system and software to form A unified framework to understand the operation mode of computer systems from the Programmer’s Perspective.

The book is also an introductory computer systems textbook for Carnegie Mellon University, and it also has video lectures, so if you find it difficult to read, you can watch the video first and then come back to the textbook, or a combination of the two. Of course, if your English level is not so ideal, you can choose to watch the video with Chinese subtitles. The video link is at B station.

Cloud native dynamics

Lens 5.0.0 release

Lens is a powerful Kubernetes IDE. You can view Kubernetes cluster status in real time, such as POD real-time log view, cluster Events real-time view, cluster failure troubleshooting, etc. With Lens, instead of typing long kubectl commands, it’s a handy few mouse clicks.

Lens provides complete situational awareness for everything running in Kubernetes. It lowers the barrier to entry for beginners and improves the productivity of experienced people.

The highlights of this new edition are Catalog, Hotbars, and Spaces.

Hotbar is now the primary navigation, allowing the user to pick the most important and frequently used features from the directory (such as open clustering) and assign them to Hotbar. Users can access multiple shortcuts, quickly switch between them and customize them according to their preferences for easy invocation.

With Spaces, you can choose to share access to the cluster. You can also accept invitations from others to visit their cluster. To do this, LENS has created an entirely new technology: cluster connectivity. It allows LENS users to connect any of their clusters to Spaces without having to enable an inbound port on the firewall. It leverages end-to-end encryption to protect the connection between the user and the cluster, eliminating the need for a VPN. This means that there is no need to expose the Kubernetes API over the Internet. Developers and operators can easily access and use their Kubernetes clusters from anywhere.

see

GitHub launches AI programming tool GitHub Copilot

GitHub Copilot is more than just a code completion tool. Its underlying technology is based on a new AI system built by OpenAI, Codex, which is now trained with billions of lines of open code and can understand more context than most code-assist tools. Whether it’s documentation, comments, function names, or the code itself, GitHub Copilot composes matching code based on the context provided by the developer. Developers can use GitHub Copilot to get suggestions for entire lines of code or complete functions in the editor.

The operation process of GitHub Copilot is shown in the following figure:

Making the Copilot’s official website

Kubernetes releases its annual community report for 2020

Inspired by the Apache Software Foundation’s Open Guide to PMC Reporting and the CNCF Project Annual Report, the Kubernetes Project announced the Kubernetes Community’s Annual Report for Special Interest Groups (SIG) and Working Groups (WG). In its flagship edition, the 2020 summary report focuses on improving the Kubernetes ecosystem by assessing and promoting the health of groups within upstream communities.

With this report, Kubernetes hopes to provide the end user community with information that they can use to determine ways they can support the project and get an early look at the roadmap for upcoming features.

see

Weaveworks has launched an integrated GITOPS platform for Kubernetes

Weave Gitops bring together open source software development tools that Weaveworks has been promoting, making them easier to deploy and use, said Steve George, chief operating officer of Weaveworks.

At the heart of the Weaveworks Gitops portfolio is Flux, an open source tool that automatically ensures that the state of the cluster matches the configuration stored in the Git repository. It uses an operator called Flagger in the cluster to trigger the deployment of applications to Kubernetes without the IT team having to acquire and deploy a dedicated continuous delivery platform.

Flux monitors all mirror repositories, detects new images, triggers deployment and updates the configuration accordingly. On top of this core platform, WeaveWorks has added Team Workspaces, a workflow application for tracking changes to Git-based deployments that can be used by multiple DevOps teams. Each workspace can also span multiple Kubernetes clusters to simplify application deployment across Kubernetes cluster queues.

see

Hashicorp Boundary 0.4.0 was released

Hashicorp Boundary is an infrastructure grid that enables developers, DevOps, and SREs to use fine-grained authorization to securely access infrastructure services (SSH servers, Kubernetes clusters) without having to access the network directly, while disallowing the use of VPNs or fortress hosts.

Session Certificate Broker: Hashicorp Boundary 0.4.0 adds a Vault integration for the secret proxying of Vault to Boundary clients (command line and desktop clients) for use in Boundary sessions.

Vault Confidential’s agent is the basis of Boundary’s larger credential management story for seamless single sign-on to infrastructure goals. This feature introduces new Boundary resources – credential stores, credential libraries, and credentials – to support binding credentials to user sessions and displaying these credentials during session initialization on the command line and Boundary Desktop.

Boundary Connect credential agent integration: In addition, we have started integration into the Boundary Connect Assistant, starting with the Postgres Assistant in this release; If the credential contains a user name/password and the boundary connection Postgres is the helper in use, the command automatically passes the credential to the pSQL process.

Session security improvements: Border workers will now close any existing broker connections they are working on when they are unable to make a status request to a worker. The timeout for this behavior is currently 15 seconds.

see

Open Source Project Recommendations

eBPFSnitch

EBPFsnitch is a Linux firewall program based on EBPF. EBPF is known to all, so I won’t describe it here. Replacing iptables with EBPF as a firewall is a big challenge. Every rule you add requires coding, which is extremely inconvenient. It is better to add and modify rules through commands. There are several projects that have tried this direction, but they haven’t been updated for so long that they won’t be covered here. Ebpfsnitch – This project provides a GUI to add and modify firewall rules. Unfortunately, there is no command-line version yet.

missing-container-metrics

By default, Kubernetes uses CAdvisor to collect metrics for the container, which is good enough for most people, but it still has some shortcomings, such as the lack of collection for the following metrics:

  • OOM kill
  • Number of times the container was restarted

  • The exit code for the container

    The Missing-Container-Metrics project fills a gap in CAdvisor by adding several metrics that the cluster administrator can use to quickly locate certain failures. For example, if a container has multiple child processes, one of which was OOM kill, but the container is still running, it would be difficult for an administrator to locate a fault without OOM kill monitoring.

podman-static

Podman is Red Hat’s open source Container Runtime project. It has almost the same functionality as Docker, and even has many new features. The biggest difference between Podman and other Container Runtimes is that it doesn’t need to run daemons.

By default, Podman does not provide static binaries, you need to have a full dependency installed to work properly, and only certain distributions are supported. The rest of the distributions need to be compiled from scratch. The Podman-static project is designed to solve this problem. It provides Podman and its dependent static binaries. You just need to copy these binaries to make Podman work properly. Think about OpenWrt, and this project could be your savior.

FirefoxPWA

PWA, short for Progressive Web Apps, was launched by Google in 2015 to bring native app-like user experience to cross-platform HTML Web pages. Currently only some Chromium kernel based browsers support PWA, Firefox does not support it by default. The FirefoxPWA project is designed to enable Firefox to support PWA. Unfortunately, it does not currently support MacOS, so if you are interested, please wait.

The article recommended

Why did Kubernetes choose ETCD?

This paper analyzes the advantages of Kubernetes choosing ETCD from the perspective of source code, including the following aspects:

  • How ETCDServer works
  • How bbolt works
  • How is the data persisted into the ETCD
  • The principle of MVCC

How do I add EBPF to an observability product

This is the latest blog post from renowned performance guru Brendan Gregg, which explores how to quickly add EBPF to commercial observability products.

Optimize applications in Kubernetes through machine learning

As Internet application architectures continue to change, optimizing applications on Kubernetes by hand is extremely complex, requires extensive testing and monitoring efforts, and takes up endless engineering time. This paper attempts to solve this problem through machine learning.

This article by the blog multiple platform
OpenWriteRelease!