Open source "won" at the recent State of Open conference, but it will still lose if governments and businesses don't step up to ensure the ecosystem's resilience and sustainability into the future.
OpenUK chief executive Amanda Brock said at the opening that the advances in digitization and open source over the past five to 10 years have elevated engineers "to a level where they can make decisions and be influencers."
But the success of open source, and concerns about its security, has also attracted more attention from policymakers and new laws and government strategies.
Eric Brewer, vice president of infrastructure at Google, said: If governance is one part of the puzzle to make open source sustainable, the other part is government action, especially in terms of enhancing security and resilience. The European Union is currently advancing its Cyber Resilience Act, while the UK has just launched a consultation on open source resilience and security, and the White House is advancing a cyber strategy aimed at securing software supply chains, including open source.
Open source project recommendation
Kubediff
Kubediff is a tool for Kubernetes that can show you the differences between a running configuration and a versioned configuration.
Keel
Keel is a tool for automating updates to Kubernetes deployments. Keel is stateless, robust and lightweight.
Updatecli
Updatecli is a tool for applying file update policies. Intended to be used from anywhere, each application "runs" to detect if a value needs to be updated with a custom policy, and then applies the change according to the policy.
Logging operator
The Logging operator solves your logging-related problems in a Kubernetes environment by automatically deploying and configuring a Kubernetes logging pipeline.
Article recommendation
Ingress Controller vs. Load Balancer: Which Is Right for Your Kubernetes Environment?
This article compares the load balancing methods used in the Kubernetes environment: Ingress Controller and Load Balancer. Ingress Controller is an HTTP and HTTPS based reverse proxy that allows us to forward traffic to different services within the cluster. Load Balancer directly distributes traffic to the nodes of the Kubernetes cluster. The author respectively expounds the principles, usage scenarios, advantages, disadvantages and applicability of these two methods, as well as the differences between them.
The author suggests that before deciding on a load balancing solution, you need to decide which method to use according to your actual needs and budget, and you need to consider factors such as traffic forwarding, health checks, and costs.
Can WebAssembly solve the problem of Serverless?
This post explores the potential of WebAssembly to solve the problems of serverless applications. The authors point out that the main advantages of WebAssembly are its efficient performance and cross-platform portability. Although serverless platforms have enabled developers to easily deploy and run applications, existing server architectures still suffer from many difficulties, such as cold starts, performance delays, and high storage costs.
The author finally pointed out that WebAssembly is still in the process of development. Although it has achieved success in some limited application areas, its future development potential is very broad, and it is expected to realize true cross-platform application development.
Cloud Native Dynamics
Kubernetes SIG introduces KWOK: Kubernetes WithOut Kubelet
The Kubernetes SIG introduced KWOK (Kubernetes without Kubelet) to make it easier to test Kubernetes controllers. KWOK simulates nodes, pods, and other Kubernetes resources without actually configuring them, which means that large deployments can be tested on a local PC without delays or costs of actual infrastructure.
So far it provides two tools:
- kwok: The cornerstone of this project, responsible for simulating the lifecycle of fake nodes, pods, and other Kubernetes API resources.
- kwokctl: A CLI tool designed to simplify the creation and management of clusters, with nodes emulated by kwok.
Envoy Gateway v0.3 released
One of the great features of Envoy Gateway v0.3 is that it configures the new Gateway API instead of the old and very limited Ingress API, or any proprietary API that has proliferated due to the lack of Ingress. While Envoy Gateway 0.2 implements the core part of the Gateway API (full support for "basic" HTTP routing), Envoy Gateway 0.3 goes further with its Gateway API support, which is probably the best way to learn about its new features:
- Supports more HTTP features, such as URL rewriting, response header manipulation, and traffic mirroring. These come from the extension fields in the API specification.
- Routing gRPC, UDP, and raw TCP is supported. These are from the experimental new section of the API.
- Support for request rate limiting. The Gateway API doesn't model this yet, so we define our own extension for it.
- Support for end-user authentication using JWT. Again, the Gateway API doesn't cover this yet, so we've extended it in this area as well.
containerd completes fuzz audit
The containerd project completed a comprehensive fuzzing audit, which added 28 fuzzers covering a wide range of container runtime capabilities. During this review, a vulnerability was discovered in the OCI image importer. The audit is part of a larger CNCF initiative to improve the security posture of cloud-native environments through fuzzing. The audit will be conducted by Ada Logics during 2021 and 2022. The Ada Logics team appreciated the opportunity to help improve containerd's security posture, and was impressed with the low number of issues found despite creating a large number of fuzzers. This proves that the containerd project's codebase is well written and maintained.
This article is published by OpenWrite, a multi-post platform for blogging !