Newsletter #42
7 min read Newsletter #42

Number 42, the perfect number. This issue answers everything. And besides that, it features Crossplane all along and contains a huge amount of articles. The Kubernetes blog has been very active lately, I linked some articles I liked the most.


Software releases, news articles and other new stuff

Crossplane v1.2.0
#crossplane, #release

Crossplane v1.2.0 is now live and includes a number of minor improvements across composition, package management, and documentation. The community has also continued to grow over the past few months, leading to the implementation of well-defined standards and processes for on-boarding new GitHub organization members and contributors.

It's a fairly boring release and that's good! It continues to stabilize on features and adds a few new ones. The new guide to multi-tenancy describes the concepts behind Crossplane compositions very well.

Release v1.21.0+k3s1 · k3s-io/k3s
#k3s, #release

This release is K3s's first in the v1.21 line. It updates Kubernetes to v1.21.0.

And the k3s-upgrade script for the System Upgrade Controller now also supports Alpine Linux (you might know the author of this change).

Harness Commits New Dev Experience to Drone Community
#drone, #release, #cicd

Today, I’m pleased to announce several new capabilities to the Drone project so we can further simplify the developer self-service experience for Continuous Integration.

It looks very good, although there is no release yet which contains these new features.

Grafana, Loki, and Tempo will be relicensed to AGPLv3 | Grafana Labs
#grafana, #license

Going forward, we will be relicensing our core open source projects (Grafana, Grafana Loki, and Grafana Tempo) from the Apache License 2.0 to the Affero General Public License (AGPL) v3. Plugins, agents, and certain libraries will remain Apache-licensed.

Another round of relicensing which shows that Open Source software itself is a hard business model. Although at first sight it looks like that this relicensing sounds much better than others which a relicensing to SSPL (looking at you Elasticsearch), the AGPL also has many drawbacks. Julius Volz shared a good Tweet about it.


Interesting articles and blog posts

Crossplane – The Control-Plane of the future
#crossplane, #talk

VSHN has been a fan of Crossplane since its very early days in 2019. Since then the project has matured a lot and is now used in production by VSHN and many others. In mid 2020 Crossplane became a CNCF Sandbox project and lately applied to be promoted to be a CNCF Incubation project. It’s time for an introduction to Crossplane, why it matters to VSHN and talk about our production usage.

This is an article which I've written lately. The article is also available as a video talk (with corresponding slides).

Tricking the tricksters with a next level fork bomb – Vidar's Blog
#fork, #fun, #shell

Do not copy-paste anything from this article into your shell. You have been warned.

Have you tried it out yet?

[DE] Ladefuchs - Die teuerste Free-App, die wir je gebaut haben

Es war so gewesen: Eigentlich wollten drei Freunde mit dem Ladefuchs nur die Elektromobilität ein Stückchen besser machen und der Community etwas zurückgeben. Dass die App mindestens für uns nicht kostenlos sein würde, war uns von Anfang an klar. Hunderte Stunden Arbeit, Logo-, Server- und AppStore-Kosten hatten wir einkalkuliert. Dass wir Dank der Arbeit am Ladefuchs im Rahmen einer frischen EU-weiten Abmahn-Masche den Gegenwert eines ordentlichen Gebrauchtwagens an einen Abmahnanwalt nach Österreich überweisen würden, hätten wir hingegen nie gedacht.

What a mess!!

Introducing Indexed Jobs | Kubernetes
#kubernetes, #job, #feature

Once you have containerized a non-parallel Job, it is quite easy to get it up and running on Kubernetes without modifications to the binary. In most cases, when running parallel distributed Jobs, you had to set a separate system to partition the work among the workers. For example, you could set up a task queue to assign one work item to each Pod or multiple items to each Pod until the queue is emptied.

That's an interesting feature. I wasn't aware of the mentioned use-cases for Kubernetes jobs. Cool, that Jobs get improved!

Changes at Basecamp
#business, #opinion

At Basecamp, we treat our company as a product. It's not a rigid thing that exists, it's a flexible, malleable idea that evolves. We aren't stuck with what we have, we can create what we want. Just as we improve products through iteration, we iterate on our company too.

Wow, what a change. But it's their company, and they can do what they want. I feel it's a brave decision, and I'm looking forward to reading about their experience in a few years.

The Architecture Behind A One-Person Tech Startup
#startup, #infrastructure, #story

This is a long-form post breaking down the setup I use to run a SaaS. From load balancing to cron job monitoring to payments and subscriptions. There's a lot of ground to cover, so buckle up!

Interesting insight. A very boring infrastructure which is good.

Why you need a platform team for Kubernetes — Polar Squad
#kubernetes, #devop, #team

Setting up a Kubernetes cluster can be deceptively simple, as there are plenty of installers to create a basic cluster in minutes. However, that’s only the start of the actual work. Kubernetes moves fast; when it’s a critical part of your infrastructure, there’s a host of things you need to look out for to maintain a healthy cluster. More often than not, it’s wise to have a dedicated team to run Kubernetes.

Thanks for explaining why you need to buy APPUiO Managed by VSHN.

Annotating Kubernetes Services for Humans | Kubernetes
#kubernetes, #annotations, #information

Have you ever been asked to troubleshoot a failing Kubernetes service and struggled to find basic information about the service such as the source repository and owner?

Good idea!

Evolving Kubernetes networking with the Gateway API | Kubernetes
#kubernetes, #ingress, #network

The Ingress resource is one of the many Kubernetes success stories. It created a diverse ecosystem of Ingress controllers which were used across hundreds of thousands of clusters in a standardized and consistent way. This standardization helped users adopt Kubernetes. However, five years after the creation of Ingress, there are signs of fragmentation into different but strikingly similar CRDs and overloaded annotations. The same portability that made Ingress pervasive also limited its future.

Looking forward to seeing this becoming part of core Kubernetes!

Signal >> Blog >> Exploiting vulnerabilities in Cellebrite UFED and Physical Analyzer from an app's perspective

Cellebrite makes software to automate physically extracting and indexing data from mobile devices. They exist within the grey – where enterprise branding joins together with the larcenous to be called "digital intelligence."

Never trust commercial "security" software!

Jan-Piet Mens :: Time to solve: 10800 seconds
#dns, #debugging, #story

I was asked to assist in debugging a strange issue involving a BIND resolver: seemingly correlating with an upgrade to Debian 10 a while ago, the chaps were reporting that their 9.11.5 BIND resolvers where responding with impossible TTLs on NOERROR/NODATA responses. My answer: nope – can’t happen.

Articles from JP are always fun to read, this one is absolutely worth a read.

Hunting down the stuck BGP routes
#bgp, #story

BGP is the glue between all of the thousands of border routers that make up the internet (you can find this post (battleships) and this post (EvE) as a crash course on how BGP works).

The protocol which is the backbone of the Internet since many years still needs improvement.

TSDgeos' blog: KDE Gear 21.04 is coming this week! But what is KDE Gear?
#kde, #explanation

In the "good old days" (TM) there was KDE, life was simple, everything we did was KDE and everything we released was KDE [*]

Some history of my favorite Linux desktop environment.

Why Linkerd doesn’t use Envoy | Cloud Native Computing Foundation
#cncf, #linkerd, #envoy, #opinion

This is a bit of a weird article to write. After all, there are a million projects that Linkerd doesn’t use, and none of those decisions deserve a blog post. But the fact that Linkerd doesn’t use Envoy specifically has become a common enough topic of discussion that it probably deserves a good explanation.

Looks like I'll have to look into Linkerd a bit more - sounds interesting what they're writing.

[DE / Paywall] Ärger mit Apps, Updates etc. – Hallo Digitalisierung, ist das wirklich dein Ernst? | Tages-Anzeiger
#opinion, #tagi

Mit jedem Problem, das sie löst, schafft sie zwei neue. Alltagsbericht eines geplagten Durchschnitts-Users.

I cannot agree more!

Opting your Website out of Google's FLoC Network
#google, #ad

Google recently announced the rollout of their Federated Learning of Cohorts (FLoC), a new advertising-surveillance initiative that seeks to replace third-party cookies with a new user profiling technique that garners data generated by the browser itself.

Oh man...


Open Source tools newly discovered

topolvm/topolvm: Capacity-aware CSI plugin for Kubernetes
#kubernetes, #storage, #csi, #lvm

TopoLVM is a CSI plugin using LVM for Kubernetes. It can be considered as a specific implementation of local persistent volumes using CSI and LVM.

DbGate | Your database management tool
#database, #client, #gui, #linux, #mariadb, #postgresql, #mongodb

The smartest (no)SQL database client. Cross database: Supports MySQL, PostgreSQL, SQL Server, MongoDB.

OT-CONTAINER-KIT/logging-operator: A golang based CRD operator to setup and manage logging stack
#kubernetes, #operator, #logging, #elasticsearch, #kibana

A golang based CRD operator to setup and manage logging stack (Elasticsearch, Fluentd, and Kibana) in the Kubernetes cluster. It helps to setup each component of the EFK stack separately.

#openstreetmap, #map, #opensource

FacilMap is a privacy-friendly, open-source versatile online map that combines different services based on OpenStreetMap.

borchero/meerkat: Kubernetes Operator for a Cloud-Native OpenVPN Deployment.
#openvpn, #kubernetes, #operator

Meerkat is a Kubernetes Operator that facilitates the deployment of OpenVPN in a Kubernetes cluster. By leveraging Hashicorp Vault, Meerkat securely manages the underlying PKI.

popeye | 👀 A Kubernetes cluster resource sanitizer
#kubernetes, #cleanup

Popeye is a utility that scans live Kubernetes cluster and reports potential issues with deployed resources and configurations. It sanitizes your cluster based on what’s deployed and not what’s sitting on disk.

chriskiehl/Gooey: Turn (almost) any Python command line program into a full GUI application with one line
#python, #gui

app-sre/qontract-server: An automation framework that can be used to create resilient pipelines relying on GitOps and type-safety

qontract (Queryable cONTRACT) is a collection of tools used to SREs to expose available managed services to application developer teams.

kdash-rs/kdash: A simple and fast dashboard for Kubernetes
#kubernetes, #dashboard, #shell, #tui, #rust

A simple terminal dashboard for Kubernetes built with Rust

#prometheus, #exporter, #hub

A Curated List of Prometheus Exporters


Hardware which caught my attention

The ESPGateway - Part 1: Design • ThingPulse
#esp32, #lorawan

Did you ever get to the point where one ESP module just wasn’t enough? In this article, we are going to present the ThingPulse ESPGateway and why we designed it this way.

And there already is a part 2.

#button, #lorawan, #wlan

In the last few years we have developed various smart buttons for different companies in the context of innovation projects. These buttons use different protocols to switch something on or off, to reorder something, to change settings, to reserve rooms, to contact someone, to trigger alarms and much more.

Project POCKIT
#raspberry, #iot

PocKit is a computer made for the real, physical world. On top of its powerful, versatile Core, you can attach BLOCKS - any number of any kind - to suit your application.

Enjoying these posts? Subscribe for more