Newsletter of Carlos Santana — Issue #39

I hope everyone got their KubeCon NA CFP submitted. The Kubernetes leads and chairs are currently reviewing all these great CFP ideas my heart ❤️ goes out to them for volunteering their time in this great community. Please be empathetic if you don’t get selected, as these great individuals are doing their best to choose a minimal set of talks they are allowed.

News

Scaling Container Technologies at Coinbase with Kubernetes — blog.coinbase.com
Tl;dr: Our recent evaluation of Kubernetes underscored its suitability for scaling Coinbase into the future. In the past, a migration to Kubernetes raised concerns due to the operational burden of…

Chainguard Secure Software Supply Chain Images Arrive — thenewstack.io

Chainguard Images, are container base images designed for a secure software supply chain.

How to manage Kubernetes secrets with GitOps? | Akuity — akuity.io
How to manage Kubernetes secrets with GitOps? Your guide on selecting a proper method.

Breaking Changes in Argo CD 2.4. — blog.argoproj.io

Argo CD 2.4 includes some awesome improvements and also gave the Argo CD team an opportunity to clean up some tech debt.

PyPI package ‘keep’ mistakenly included a password stealer — www.bleepingcomputer.com
PyPI packages ‘keep,’ ‘pyanxdns,’ ‘api-res-py’ were found to contain a password-stealer and a backdoor due to the presence of malicious ‘request’ dependency within some versions.

Introducing Envoy Gateway. Today we are thrilled to announce Envoy — blog.envoyproxy.io
Today we are thrilled to announce Envoy Gateway, a new member of the Envoy Proxy family aimed at significantly decreasing the barrier to entry when using Envoy for API Gateway (sometimes known as…

Oops, That Almost Happened — Jeli — www.jeli.io

At this point you’ve seen all the reasons why learning from incidents is good for you and your org.

GitHub brings supply chain security features to the Rust community | The GitHub Blog — github.blog
The Rust community can now discover, report, and prevent security vulnerabilities.

Introducing Gitsign. Keyless Git commit signing — blog.sigstore.dev

With Gitsign, we aim to bring the best of Sigstore to Git with “keyless” signing and transparency log support

The Surreal Case of a C.I.A. Hacker’s Revenge | The New Yorker — www.newyorker.com
A hot-headed coder is accused of exposing the agency’s hacking arsenal. Did he betray his country because he was pissed off at his colleagues?

Scalable self-hosted runner system for GitHub actions — hectormrejia.medium.com

Hello everyone! This article is intended for organizations that develop on private repositories and the minutes available from GitHub are not enough for their CI/CD needs.

Assets

GitHub — iovisor/bcc: — github.com

BCC — Tools for BPF-based Linux IO analysis, networking, monitoring, and more -

GitHub — kubeshop/testkube: ☸️ — github.com
☸️ Kubernetes-native framework for test definition and execution — GitHub — kubeshop/testkube: ☸️ Kubernetes-native framework for test definition and execution

GitHub — redhat-developer/vscode-didact — github.com

Framework and tools for providing interactive tutorials with active links that call VS Code commandson markdown

WireGuard Transparent Encryption — Cilium 1.11.5 documentation

docs.cilium.io
This guide explains how to configure Cilium with transparent encryption of traffic between Cilium-managed endpoints using WireGuard®.

Reproducible Builds — reproducible-builds.org
Reproducible builds are a set of software development practices that create an independently-verifiable path from source to binary code.

reprotest · PyPI — pypi.org
Build packages and check them for reproducibility.

Skills

How NAT traversal works · Tailscale — tailscale.com
In this post, we’ll talk about how to establish a peer-to-peer connection between two machines, in spite of all the obstacles in the way.

How to Troubleshoot Applications on Kubernetes — blog.alexellis.io
Learn how to troubleshoot applications on Kubernetes. Because if it’s not working, wouldn’t it be great if you could find out why and fix it yourself?

How Go Mitigates Supply Chain Attacks — The Go Programming Language — go.dev
Go tooling and design help mitigate supply chain attacks at various stages.

Kubernetes Workload Identity with AWS SDK for Go v2 | by Jimmy Ray | Jun, 2022 | Medium — blog.jimmyray.io
In the context of Cloud Service Providers (CSP), a Kubernetes workload identity is the concept of pods assuming authenticated principals, to perform operations using CSP services. When using Amazon…

Escaping the Nested Doll with Tailscale — raesene.github.io

I came across a scenario recently (for a workshop in Kubecon) where I needed to access a GUI application deployed in a KinD cluster running in an EC2 instance on AWS, from my laptop.