Newsletter of Carlos Santana — Issue #23
Welcome to my newsletter. Every week, I’ll update you on Cloud Native topics in 3 categories News, Assets, and Skills.
Follow me on Twitter
I restarted the Kubernetes Book Club for 2022
“We may have all come on different ships, but we’re in the same boat now.”
A quote from Dr. Martin Luther King Jr.
Readout of White House Meeting on Software Security | The White House —
Today, the White House convened government and private sector stakeholders to discuss initiatives to improve the security of open source software and ways
55 of Dr. Martin Luther King Jr.’s Most Inspiring Motivational Quotes —
Be inspired by 55 of Martin Luther King Jr.’s quotes, ranging from his famous MLK sayings about equality, faith and love, to MLK quotes about peaceful protests.
What an SBOM Can Do for You —
By now, it is common knowledge that a Software Bill of Materials is becoming an increasingly expected requirement from software releases, yet here still seems that some confusion persists about what an SBOM can/could do for your project.
How to learn PromQL with Prometheus Playground —
How to setup Prometheus playground. How to learn PromQL running example queries? How to prefill Prometheus with metric data?
Top 10 Linux security tutorials for sysadmins from 2021 | Enable Sysadmin —
Even as the world changes around us, the importance of IT security is one of the things that stands firm.
10 real-world stories of how we’ve compromised CI/CD pipelines — NCC Group Research —
Mainstream appreciation for cyberattacks targeting continuous integration and continuous delivery/continuous deployment (CI/CD) pipelines has been gaining momentum. Attackers and defenders increasingly understand that build pipelines are highly-privileged targets with a substantial attack surface. But what are the potential weak points in a CI/CD pipeline? What does this type of attack look like in practice? NCC…
Google Online Security Blog: Introducing SLSA, an End-to-End Framework for Supply Chain Integrity —
Posted Kim Lewandowski, Google Open Source Security Team & Mark Lodato, Binary Authorization for Borg Team Supply chain integrity attacks — u…
Running MongoDB in Kubernetes: An overview of existing solutions — Flant blog —
Here are the challenges of using MongoDB in Kubernetes and the options we have to overcome them including ready-to-use Helm charts and Kubernetes operators.
Give me /events, not webhooks — Sequin
Webhooks come with some challenges. We prefer polling an /events endpoint instead when possible.
What I’d like to see in Go 2.0 | Seth Vargo —
Audit logs are very useful for retroactive analysis following a security incident, but what if they could also be used to proactively alert before a security incident occurs?
How To Call Kubernetes API using Simple HTTP Client —
There are plenty of reasons to call the Kubernetes API using a CLI or GUI HTTP client. This article will show you how to get the API server address, authenticate requests using certificates and Service Account tokens, and call the API using kubectl in the raw mode.
Using Event-Driven Architecture With Microservices — —
To optimize business applications, DevOps teams must understand the full potential of microservices and event-driven architecture.
Unveil the Secret Ingredients of Continuous Delivery at Enterprise Scale with Argo CD — Yuan’s Blog
This is a recap from our KubeCon China 2021 talk. If you are interested in learning more about Argo or Akuity’s products and services, you can find all our past and upcoming conference talks on our website.
Tracing the path of network traffic in Kubernetes —
Learn how packets flow inside and outside a Kubernetes cluster. Starting from the initial web request and down to the container hosting the application
CoSign with Kubernetes: Ensure integrity of images before deployment —
Notary vs CoSign? Is CoSign a good alternative? Can we automate keys & signature rotation?
Looking Ahead to Kubernetes 1.24 | Jetstack Blog —
Kubernetes 1.24 is scheduled for release on Tuesday 19th April 2022, but some of us are already deep in the planning and work for it.
How to Pass your KCNA Exam. The CNCF has just launched the new… | by Brad McCoy | Nov, 2021 | Medium —
The CNCF has just launched the new Kubernetes and Cloud Native Associate Exam also known as the KCNA. I was one of the first 400 people to go through the Beta exam which contained the full suite of…
AWS open source news and updates, #95 — DEV Community
Jan 10th, 2022 — Instalment #95 Newsletter #95. Feliz Ano and a very happy new year to… Tagged with opensource, aws.
Run a Google Kubernetes Engine Cluster for Under $25/Month — The New Stack —
This article will demonstrate a solution (available on GitHub) for running a full-blown GKE cluster on Google Cloud with a goal to keep the costs under $1 per day.
Making Open Source software safer and more secure —
We welcomed the opportunity to participate in the White House Open Source Software Security Summit today.
Kubernetes Threat Modeling. Every security team has to deal with… | by Rahul Jadhav | Medium —
Answering this is non-trivial, and involves understanding the threat vectors faced by the services. To understand threat vectors one needs an understanding of how the services works, what…
Open Startup | —
The term “Open Startup” is not new, but still fairly niche. There are Open Startups with millions in revenue, yet only a tiny percentage of Startups today fall into the category.
kube-rs · GitHub —
rust kubernetes client and controller runtime. kube-rs has 6 repositories available. Follow their code on GitHub.
Distrobox | Use any linux distribution inside your terminal
Use any linux distribution inside your terminal
GitHub — developer-guy/buildkit-machine: A proof-of-concept project that makes accessible buildkitd daemon from macOS —
A proof-of-concept project that makes accessible buildkitd daemon from macOS — GitHub — developer-guy/buildkit-machine: A proof-of-concept project that makes accessible buildkitd daemon from macOS
Coder · GitHub —
Developer workspaces on your infrastructure. Coder has 51 repositories available. Follow their code on GitHub.
Taking the bite out of x509 certificates with the step CLI
Parsing, generating and troubleshooting certificates is critical skill in developing web services. Certificates establish trust on the web (e.g that indeed the company Google is serving you content when you go to and to encrypt traffic once trust is established using TLS.
GitHub — ory/hydra: OpenID Certified™ OpenID Connect and OAuth Provider written in Go —
OpenID Certified™ OpenID Connect and OAuth Provider written in Go — cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Works with Hardware Security Modules. Compatible with MITREid. — GitHub — ory/hydra: OpenID Certified™ OpenID Connect and OAuth Provider written in Go — cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Works with Hardware Security Modules. Compatible with MITREid.
GitHub — vladimirvivien/ktop: A top-like tool for your Kubernetes clusters —
A top-like tool for your Kubernetes clusters. Contribute to vladimirvivien/ktop development by creating an account on GitHub.
Kubernetes instance calculator —
Explore the best instance types for your Kubernetes cluster interactively.
3 Musketeers —
Test, build, and deploy your apps from anywhere, the same way!
GitHub — nsmith5/rekor-sidekick: 🔍 Rekor transparency log monitoring and alerting —
🔍 Rekor transparency log monitoring and alerting. Contribute to nsmith5/rekor-sidekick development by creating an account on GitHub.
GitHub — kubeshop/kusk: Kusk makes your OpenAPI definition the source of truth for API resources in your cluster —
Kusk makes your OpenAPI definition the source of truth for API resources in your cluster — GitHub — kubeshop/kusk: Kusk makes your OpenAPI definition the source of truth for API resources in your cluster
GitHub — jucardi/go-streams: Stream Collections for Go. Inspired in Java 8 Streams and .NET Linq —
Stream Collections for Go. Inspired in Java 8 Streams and .NET Linq — GitHub — jucardi/go-streams: Stream Collections for Go. Inspired in Java 8 Streams and .NET Linq
snappify —
Snappify helps you to create beautiful code snippets with ease.
GitHub — developer-guy/setup-krew: 📦🚀 A GitHub Action to install 👇 —
📦🚀 A GitHub Action to install 👇 — GitHub — developer-guy/setup-krew: 📦🚀 A GitHub Action to install 👇
Cosign Image Signing In AWS CodePipeline
In this post we are going to show you how to integrate sigstore’s Cosign with AWS CodePipeline.
AWS SSM: Do you really need SSH? How to connect to EC2 using Session Manager —
Do you really need SSH? Maybe not!
GitHub — ossu/computer-science: Path to a free self-taught education in Computer Science! —
:mortar_board: Path to a free self-taught education in Computer Science! — GitHub — ossu/computer-science: Path to a free self-taught education in Computer Science!
Everything Useful I Know About kubectl
I am a blogv
I Took 20 LinkedIn Skill Assessments So You Don’t Have To —
I was updating my LinkedIn profile and saw a notification to take a skills assessment for Python. Sure, I know python, or so I thought.
API Tokens: A Tedious Survey · Fly —
News, tips, and tricks from the team at Fly
Configure Liveness, Readiness and Startup Probes | Kubernetes —
This page shows how to configure liveness, readiness and startup probes for containers. The kubelet uses liveness probes to know when to restart a container. For example, liveness probes could catch a deadlock, where an application is running, but unable to make progress. Restarting a container in such a state can help to make the application more available despite bugs. The kubelet uses readiness probes to know when a container is ready to start accepting traffic.