Cloud Native Weekly: Docker launches Docker Debug | 2023.10.9

Others 2023-10-13 14:49:24 views: null

Open source project recommendations

SchemaHero

SchemaHero is a Kubernetes Operator for declarative architecture management of various databases. SchemaHero has the following goals:

  • Database table schemas can be represented as Kubernetes resources that can be deployed to the cluster.
  • Database schemas can be edited and deployed to the cluster. SchemaHero will calculate the required changes ( ALTER TABLEstatements) and apply it.
  • SchemaHero can manage databases (RDS, Google CloudSQL, etc.) deployed to or outside the cluster.

copacetic

Copacetic is a CLI tool based on buildkit and written in Go that can be used to directly patch container images based on vulnerability scan results from popular tools such as Trivy.

Shake

Kueue is a set of APIs and controllers for job queues. It is a job-level manager that decides when to allow a job to start (such as creating a pod) and when to stop a job (such as deleting an active pod).

Spyglass

Spyglass is an open source tool that allows users to monitor Kubernetes cluster metrics and track cluster deployment costs in a centralized location.

Article recommendation

2400 Hours of Multitenancy Survival: What I Know Now

This article is about the author's sharing of experiences and lessons learned in dealing with multi-tenant environments. The authors describe the challenges they faced: Due to the surge in project requests, the existing infrastructure was unable to meet storage needs. To solve this problem, they started looking for a robust multi-tenant solution.

The authors detail their multi-tenant approach and experience using vcluster. They adopted a Virtual-Kubernetes-as-a-Service (VKaaS) model to provide a seamless startup experience for new projects by running vclusters in a shared cluster. They assigned each team a separate Argo CD instance to maintain the standard of single cluster usage. They strive to provide as much autonomy as possible to teams while maintaining the integrity of the multi-tenant architecture.

The article also describes their workflow and implementation strategies. They leverage node pools to differentiate between shared workloads and project-related non-critical applications, and explain in detail how they work in a shared cluster. They also highlight the importance of a disaster recovery approach to a multi-tenant approach and provide some examples of implementation strategies.

Kubernetes Tutorial: Preemption Mechanism in Kubernetes

This article is an introduction and example of the Preemption mechanism in Kubernetes. Preemption is a mechanism that allows high-priority Pods to preempt low-priority Pods. It is used when resources are insufficient to schedule high-priority Pods. The article first introduces PriorityClass, which is a non-namespace object that defines the mapping relationship between priority class names and priority integer values. The higher the value, the higher the priority.

The article also introduces two built-in priority classes: system-cluster-critical and system-node-critical, which have values ​​​​2000001000 and 2000000000 respectively, ensuring that these Pods are always scheduled first and will never be preempted. The article explains how Preemption works in Kubernetes through an example. The article also provides an example of how to set the Preemption policy in a Pod.

Cloud native dynamics

LitmusChaos 3.0 released

LitmusChaos 3.0 has been officially released. The main changes in this version are as follows:

  • Improved user experience
  • The environment for chaotic infrastructure organizations
  • Chaos Studio for simplified experiment tuning
  • Resilient probes now support plug-and-play
  • Support MongoDB high availability

Release notes: https://github.com/litmuschaos/litmus/releases/tag/3.0.0.

Service Mesh Interface (SMI) project enters archive stage

The CNCF TOC (Technical Oversight Committee) has voted to approve the archiving of the SMI (Service Mesh Interface) project.

SMI was created to provide a standard interface for service meshes on Kubernetes and a basic feature set for the most common service mesh use cases. It was accepted as a CNCF sandbox project in March 2020.

SMI is the fifth project archived by the CNCF. Open source projects have a life cycle, and projects may no longer be active for various reasons. There are also situations where a project may no longer wish to receive support from the CNCF, maintainers, or TOC.

The Linux Foundation, BastionZero and Docker announce the launch of the OpenPubkey project

The Linux Foundation, BastionZero, and Docker announce the launch of OpenPubkey as an open source project of the Linux Foundation. Coinciding with the launch of OpenPubkey, BastionZero announced the integration of OpenPubkey into Docker container signing to protect the open source software ecosystem with zero trust passwordless authentication.

The OpenPubkey protocol was developed as part of BastionZero's secure infrastructure access product. OpenPubkey enables users to securely and accurately bind encryption keys to users and workloads by converting an OpenID Connect Identity Provider (IdP) into a Certificate Authority (CA). With the launch of this integration, Docker users can enhance software supply chain security.

Docker launches container debugging tool and cloud-powered build service

At the 2023 DockerCon event, Docker launched a container debugging tool called Docker Debug, launched the next generation cloud-assisted Docker Build function, and the Docker Scout vulnerability scanning tool was also officially released.

Docker Debug solves the problem of making it difficult to track down issues when something goes wrong while running an application in a container. It is a container that includes the debugging tools developers need. It mounts the file system of the failed container and provides a better user experience to help developers understand the problem.

Docker Scout is a vulnerability scanning tool that finds reported vulnerabilities in libraries used by applications. It integrates with the third-party tool Sysdig to display the actual code used at runtime and help developers prioritize vulnerabilities related to their applications.

The next generation of Docker Build is a tool that moves the build process from local to the cloud. With a single command, developers can offload the build process to the cloud, speeding up builds. This is due to the cloud's use of more powerful computing resources and the support of caching mechanisms.

This article is published by OpenWrite, a blog that publishes multiple articles !

The author of the open source framework NanUI switched to selling steel, and the project was suspended. The first free list in the Apple App Store is the pornographic software TypeScript. It has just become popular, why do the big guys start to abandon it? TIOBE October list: Java has the biggest decline, C# is approaching Java Rust 1.73.0 Released A man was encouraged by his AI girlfriend to assassinate the Queen of England and was sentenced to nine years in prison Qt 6.6 officially released Reuters: RISC-V technology becomes the key to the Sino-US technology war New battlefield RISC-V: Not controlled by any single company or country, Lenovo plans to launch Android PC
{{o.name}}
{{m.name}}

Guess you like

Origin my.oschina.net/u/4197945/blog/10116369
Recommended
NetBSD bans submission of code generated by AI
Ranking
Talk dubbo of LRUCache
Chapter 1 Learning Summary
Introduction to Virtualization
pytorch 调用lstm
Six modules
[8086] The natural number of 1 to 36 into a 6x6 two-dimensional array of line-sequentially, and then print out the lower left half of the triangular array
mybatis mapper mapping file $ # {} {} understanding and
C language input and output buffer
c language floating-point input and output
andorid P version compatible, refer to Huawei
Daily
More
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)

Code World

© 2018 codetd.com