Stepan

Thinking about #Kubernetes 1.22 ? We have just released a new version of 𝗸𝘂𝗯𝗲𝗻𝘁 that covers all the resources removed in the upcoming 1.22 and future 1.25 K8S versions. github.com/doitintl/kube-…

Inspiring in mellow way... I was just thinking that pretty much all of this can be as well applied to architecture and how we build systems... bitfieldconsulting.com/golang/tao-of-…

10 years ago today @aaronsw took his own life after overly aggressive prosecution. He invented internet infrastructure. He defeated the greatest threat the Internet had ever seen. And you probably don't know who he is. You should. Here’s his story 🧵

80% of those voted in this poll are in for a surprise. (I was in the "nearly instant" camp only a few days ago.) Wrote a short explanation why it takes Kubernetes so long to update the mounted Secrets and ConfigMaps with a kubelet code walkthrough: ahmet.im/blog/kubernete…

👉 Kubent - finally a new release (0.6.0) is out - In-cluster auth - Checking additional annotations - Support for output files - Version flag - Increased coverage 🐳 And we now publish a Docker image -ghcr.io/doitintl/kube-no-trouble:0.6.0 🐳 github.com/doitintl/kube-…

⛵️ If you need to debug any issues with GKE/K8S API server, I recommend enabling Kubernetes control plane metrics [1] (needs 1.23.6 or later). Especially useful are `apiserver_admission*` to debug webhooks . Finally! 👏 [1]:cloud.google.com/blog/products/…

I tried to map open source, cloud native security scanners. Which ones did I miss? 👀 Note that I will not include tools that are dependent on other scanners under the hood or do not fit our definition of open source e.g. restrict # of scans that can be performed.

🔐 Google's COS - Container-Optimized OS (the OS you probably use if you run GKE 😉) - added nice support for CIS benchmark hardening and scanning: - Level 1 compliance by default - Level 2 as easy as `systemctl start cis-level2.service` #GoogleCloud cloud.google.com/container-opti…

And if you're wondering how is AlloyDB different to CloudSQL PostgreSQL, this article contains some more details about what's under the hood... cloud.google.com/blog/products/… #GoogleCloud

GCP - AlloyDB for PostgreSQL: Free yourself from expensive, legacy databases @googlecloud cloud.google.com/blog/products/…

BigQuery now supports the creation of 👉 search indexes 👈 and a SEARCH function. (in Preview) This enables you to use Google Standard SQL to efficiently find data elements in unstructured text and semi-structured data. @googlecloud cloud.google.com/bigquery/docs/…

Nice post on working with and visualizing geo-data in BQ: Using GeoJSON in BigQuery for geospatial analytics @googlecloud cloud.google.com/blog/topics/de…

Good read ☸️ - GKE Autopilot & how it works - OPA and why writing good policies is difficult - Why not rely on just one layer of 🔒 - Why build minimal containers - Why use tight RBAC policies - Why K8S webhooks while powerful, are also extremely dangerous unit42.paloaltonetworks.com/gke-autopilot-…

This is a big deal, we have been seeing a lot of interest in #Backstage from @SpotifyEng. Far more so than for most other @CloudNativeFdn projects entering the incubator phase, and far more enterprise interest. /cc @cloudzillion @TheMarkONeill #cloudnative

GCP: For all the Terraform aficionados gcloud beta resource-config bulk-export \ --resource-format=terraform is a pretty useful command to export your resources in TF format, e.g. to bootstrap your declarative config. @googlecloud #terraform cloud.google.com/blog/products/…

GKE Autopilot gets managed Istio (Anthos Service Mesh) @googlecloud cloud.google.com/blog/products/…

🔐 Yes please - protect SSH access to GCE VMs with hardware key (FIDO/U2F) Now natively supported via OS Login (this is btw. a nice feature of OpenSSH 8.2+ which can generate FIDO token protected keys, even when not on GCP). @googlecloud cloud.google.com/blog/products/…

kubectl: GKE auth specific code will move to external plugin in 1.25, get ready: Here's what to know about changes to kubectl authentication coming in GKE v1.25 @googlecloud cloud.google.com/blog/products/…

Oh no 😱 my newest app accidentally logged my secret! Thankfully I'm trying out this new detection feature from @GoogleCloud that alerts me when my Secret Manager secrets appear anywhere in logs. We're looking for customers to try out this dope feature - DM if you're interested!

Introducing Google Cloud Certificate Manager to simplify SaaS scale TLS and certificate management cloud.google.com/blog/products/…

👉 Compact placement 👈 policies are now available for GKE (in preview). Nodes are physically located close to each other, and this allows you to shave off some network latency. Typically used for HPC type of workloads. #GoogleCloud cloud.google.com/kubernetes-eng…