News
Software releases, news articles and other new stuff
deprecate PSP in 1.21, but leave removal at 1.25 by deads2k · Pull Request #97171 · kubernetes/kubernetes #kubernetes, #psp, #security
After discussion in sig-auth, the future of restricting pod security settings does not lie in PSP because compatibility restrictions will prevent the kinds of changes that are required. To clearly signal this, we will deprecate PSP in 1.21 and leave the removal of the api as 1.25 in keeping with sig-arch required transitioning out of beta.
That's an interesting move. I'm used to them since my humble beginnings with Kubernetes in the form of OpenShift 3 where these things were called SCC (Security Context Constraint). It seems that this paves the way for having Open Policy Agent in the form of Gatekeeper as a de-facto default on most Kubernetes clusters.
- Meeting minutes here: https://docs.google.com/document/d/1woLGRoONE3EBVx-wTb4pvp4CI7tmLZ6lS26VTbosLKM/edit
- Discussion doc here: https://docs.google.com/document/d/1VKqjUlpU888OYtIrBwidL43FOLhbmOD5tesYwmjzO4E/edit#
- Shortcomings presentation here: https://docs.google.com/presentation/d/1Kv6BSBNyLCyglMbK7e6tVOaDYe89LV2aHL2Hlb-9HX8/edit
GitLab 13.7 released with merge request reviewers and automatic rollback upon failure #release, #gitlab
What a year 2020 has been! We're excited to share what's new in 13.7 with over 45 features and improvements shipping just in time for the holidays!
It's nearly impossible to read and understand the whole release notes, it's just too much. While I like working with GitLab it feels very overloaded, a thing which tries to be and do everything in the DevOps space. For simple Git hosting I'm very happy with Gitea, and with Drone it also has a greate CI/CD companion.
[German] swisstopo Kostenlose Geobasisdaten (OGD) #switzerland, #swisstopo, #geo, #opendata
swisstopo wird künftig seine amtlichen Daten und Produkte online kostenlos zur freien Nutzung zur Verfügung stellen.
Switzerland does a good job with Open Data. #ilike
Community Update - December 2020 - Community / Blog - Rocky Linux #rocky, #centos
Our teams are working to coordinate the many individuals and organizations that have offered to help advance The Rocky Linux Foundation, Inc. (Rocky Linux). The core team is working to lay the infrastructure that will support the legal entity and the engineering efforts required to deliver and support an initial release. Updates regarding project news, release dates, and more will be announced on our forums 17, website 242, and other social media platforms 24.
Forming of the successor to CentOS - Rocky Linux - is going strong. It has an incredible speed as it seems.
Articles
Interesting articles and blog posts
Designing Engineering Organizations - Jacob Kaplan-Moss #company, #structure, #organization
How should you structure a larger engineering organization, one with dozens (or hundreds) of engineers? There are many tradeoffs to consider, and no single right answer. But, there are some structures that work better than others.
Sounds exactly what VSHN is currently doing. See the Team page in our handbook.
Building a Dashboard with E-Ink Displays #eink, #dashboard
Building a E-Ink based dashboard which would keep track of my meetings among other things. Given the always-on nature of the E-Ink display, this would help me better manage by schedule during a typical work-day especially given I tend to miss Google Calendar notifications a lot.
YES, that's something I have to do as well. Just after all the other many side projects...
Open Data - SWITCH #switch, #opendata, #domain
Open data on .ch domain names provides an overview of the use of .ch domain name and the Swiss internet. The data offers an overview of historical development and also enables interested parties to conduct research and develop new insights and services related to the use of .ch domain names and the Swiss internet by combining this information with other data sources.
Another great Open Data initiative in Switzerland. You can get the full .ch zonefile. How cool is that?
A Vim Guide for Intermediate Users #vim, #learning
Welcome to the second part of this series aimed to make you a better Vim user! If you have no idea about Vim, you should begin with the first part. In this article, I’ll explain many more concepts, some of them making Vim truly special compared to other editors. Who wasn’t blown away discovering Vim’s macros?
:x!
[German] Domainnamenblog.ch » Ein Nachruf auf die WHOIS-Domainnamen-Suche #domain, #tld, #dns, #switch
Wem gehört ein Domainname? Eine kurze Suche in der WHOIS-Datenbank verrät die Antwort. Aber nicht mehr lange. Der vermehrte Missbrauch der hinterlegten Informationen und der gestiegene Wunsch nach Datenschutz haben im Laufe der Jahre für eine immer weitergehende Einschränkung der verfügbaren Angaben gesorgt. Ab dem 1. Januar 2021 sind die Personendaten überhaupt nicht mehr öffentlich zugänglich. SWITCH erteilt nur noch in begründeten Fällen Auskunft.
Privacy thanks!
Linux Hardening Guide | Madaidan's Insecurities #linux, #security, #hardening
Linux is not a secure operating system. However, there are steps you can take to improve it. This guide aims to explain how to harden Linux as much as possible for security and privacy. This guide attempts to be distribution-agnostic and is not tied to any specific one. DISCLAIMER: Do not attempt to apply anything in this article if you do not know exactly what you are doing. This guide is focused purely on security and privacy, not performance, usability, or anything else.
Tariq Islam | Docker's Second Death #docker, #story, #opinion
Perhaps not quite forever, but the history with Docker feels really long in good and bad ways. I had joined Red Hat in the summer of 2015, the same summer that OpenShift 3.0 went GA. This was a remarkable event because it marked a redesign of the platform onto Kubernetes which itself had just gone to v1.0 (this is the same timeframe that GKE went GA, if you can believe it’s that old).
Extending Android Device Compatibility for Let's Encrypt Certificates #tls, #letsencrypt, #android
We’re happy to announce that we have developed a way for older Android devices to retain their ability to visit sites that use Let’s Encrypt certificates after our cross-signed intermediates expire. We are no longer planning any changes in January that may cause compatibility issues for Let’s Encrypt subscribers.
The challenges of operating a root name server | APNIC Blog #story, #dns, #root
Since 2000, Netnod has operated i.root-servers.net, one of the Internet’s 13 root name servers and the first to be located outside of the United States. The root name servers, identified by letters A through M, provide the entry points to the Domain Name System (DNS) and are a critical part of the Internet’s infrastructure. In this post, Netnod Senior Systems Specialist Lars-Johan Liman explains the challenges of operating one of these servers.
It's Just a Monitoring Change #monitoring, #postmortem, #outage, #story
Never again will I utter the words “it’s just a monitoring change”. Never again will I fill in the Impact field of a change request with these words, because I have learned that even though it might be just a monitoring change, it can still take down your primary database and render your products unusable.
Tools
Open Source tools newly discovered
Kubernetes Service APIs #kubernetes, #network, #api
Service APIs is an open source project managed by the SIG-NETWORK community. The project's goal is to evolve service networking APIs within the Kubernetes ecosystem. Service APIs provide interfaces to expose Kubernetes applications - Services, Ingress, and more.
andrewchambers/bupstash: Easy and efficient encrypted backups. #backup, #encrypted
Bupstash is a tool for encrypted backups - if you need secure backups, Bupstash is the tool for you.
devopsspiral/KubeLibrary: Kubernetes library for Robot Framework #kubernetes, #testing, #robot
RobotFramework library for testing Kubernetes cluster
balda/ruuvitag-discovery: Web interface to Discover RuuviTag Environmental Sensors and save measures to MQTT, InfluxDB, Graphite and Home Assistant #ruuvi, #dashboard, #discovery
Discover RuuviTag Environmental Sensors using a web interface (all measures in one page, in real time). Save measures to multiple targets: MQTT, InfluxDB, Graphite, Home Assistant (using MQTT discovery integration) Other Features: RuuviTag measurements displayed in real time, Select and configure measures sent to each target, Additional measures: absolute humidity, acceleration, air density, battery level, dew point, equilibrium vapor pressure, vapor pressure deficit, reception frequency and reception period, Sampling configuration (median measures), Broadcast live or sampled measures, Home Assistant add-on
mpostument/grafana-sync: Keep your Grafana dashboards in sync #grafana, #dashboard, #sync
Keep your grafana dashboards in sync.
kalmhq/kalm: Kalm | Kubernetes AppLication Manager #kubernetes, #webapp, #dashboard
Kalm provides a web interface that makes it easy to perform common Kubernetes workflows.
wonderix/shalm #kubernetes, #helm, #scripting
This project brings the starlark scripting language to helm charts.
gtsystem/lightkube: Modern lightweight kubernetes module for python #kubernetes, #client, #python
Simple interface shared across all kubernetes APIs.