On March 19th, just two days ago, Asahi Linux official Twitter announced: The first Linux beta version that natively supports M1 series chips is now available for everyone to use!
Asahi Linux started as a crowdfunding project to port a Linux system for Apple Silicon Mac devices, and was later named Asahi Linux to accelerate development. Although it's still rough and many features don't work properly (such as GPU acceleration, video codec acceleration, webcam, etc.), its ultimate goal is to be deployed on M1 chip Macs as a daily operating system, come on, this is One small step for Asahi Linux, one giant leap for Linux.
Open source project recommendation
KubePlus
KubePlus is a Kubernetes Operator that turns any containerized application into SaaS, delivering it as a service by automating multi-tenant management and day2 operations such as monitoring, troubleshooting, and application upgrades.
Drift
Drift is an open source alternative to GitHub Gist that can be deployed on your own and get rid of the speed of Gist. Here is a demo: https://drift.maxleiter.com/post/57512966-e9b9-44a4-808d-bb00841bed46
SQLite Viewer Web App
An in-browser SQLite database browsing tool that uses the browser's native filesystem API to open .sqlite files, and can also be installed as a PWA.
Fig
Fig can add IDE-style smart prompts to the terminal. Currently, it is only available under Mac OS and integrates common CLIs such as Docker and Kubernetes.
Skill Icons
This project provides icons for various programming languages and tools that you can use to showcase your skills graph on GitHub.
Article recommendation
How to Secure Cloud Native Apps with Kasten 10
In the stage of large-scale implementation of cloud native, more enterprise-level applications need a more solid cloud native base to achieve better data security and workload protection . This article will take the open source container platform KubeSphere as the base, and combine Kasten K10 by Veeam to build a cloud-native application protection solution, and finally realize the characteristics of fast backup and recovery of cloud-native applications, long-term data retention, etc., and show you the relevant deployment and configuration in this article. The whole process.
KubeSphere DevOps system function combat
KubeSphere DevOps system is specially designed for CI/CD workflow in Kubernetes, it provides a one-stop solution to help development and operation and maintenance teams build, test and release applications to Kubernetes in a very simple way. It also features plugin management, Binary-to-Image (B2I), Source-to-Image (S2I), code dependency caching, code quality analysis, pipeline logging, and more.
Large-scale Kubernetes clusters require GitOps
This article describes the issues and challenges that enterprises face when deploying Kubernetes clusters at scale. Describes how GitOps processes and tools allow enterprises to properly control these highly distributed environments, in addition to improving security and compliance best practices.
Cloud Native Dynamics
OpenFunction 0.6.0 released
Today, OpenFunction released the latest version v0.6.0. In this release, the core v1alpha1 API has been deprecated and removed.
The main changes are as follows:
- Refactored Async (formerly: OpenFuncAsync) runtime definition and upgraded core API to v1beta1.
- Add HTTP triggers for asynchronous functions by letting the Knative runtime use Dapr.
- Add a unified scaleOptions to control the scaling of the Knative and Async runtimes.
- Added function plugin support (supports using global configuration and per-function configuration).
- Added SkyWalking tracing support for synchronous and asynchronous functions.
Developer Portal Project Backstage Becomes CNCF Incubation Project
The CNCF Technical Oversight Committee (TOC) has voted to accept Backstage as a CNCF Incubation Project.
Backstage is an open platform for building developer portals maintained by a global community. It unifies an organization's tools, services, applications, data, and documents into a single, consistent UI that enables developers to easily create, manage, and explore software.
Backstage started at Spotify in 2016, when the company was growing rapidly and onboarding new engineers became a challenge. The project became Spotify's mission-critical tool for controlling software clutter and allowing engineers to work faster and more efficiently. Spotify open-sourced Backstage in March 2020 to share its experience with the wider community.
NSA & CISA Release New Version of Kubernetes Hardening Guide – Version 1.1
In March 2022, the NSA & CISA released a new version of the Kubernetes Hardening Guide – Version 1.1. It updates the previous version released in August 2021. Kubernetes is growing rapidly, and Kubernetes adoption is growing even faster. Kubernetes has become a very popular target, so protections need to be constantly strengthened.
The new version of the document shows that its authors have a strong focus on Kubernetes and cloud security and are trying to help the industry prepare for the next wave of threats driven by the evolution of attack methods and the new capabilities provided by Kubernetes and cloud platforms.
The most important points mentioned in the new version of Kubernetes hardening guide:
- Kubernetes infrastructure hardening
- User Authentication
- Deprecated PSP
- admission controller
- POD Service Account Token Protection
- Application Container Hardening
- Auditing and Logging
Flagger releases version 1.19.0 with Gateway API support
A few days ago, Flagger released version 1.19.0, in which support for the Kubernetes Gateway API was added.
Flagger is a progressive delivery tool that automates the release process for applications running on Kubernetes. It reduces the risk of introducing new software versions in production by gradually shifting traffic to new versions while measuring metrics and running compliance tests.
Flagger[2] is designed to let developers use delivery techniques such as:
- Canary release (progressive traffic transfer)
- A/B testing (HTTP headers and cookies traffic routing)
- Blue/Green (traffic switching and mirroring)
cr8escape: New vulnerability in CRI-O container engine discovered by CrowdStrike (CVE-2022-0811)
CrowdStrike's cloud threat research team discovered a new vulnerability (CVE-2022-0811) in CRI-O, the Kubernetes-enabled container runtime engine. Dubbed "cr8escape", the attacker, when invoked, can escape a Kubernetes container and gain root access to the host, with the ability to move anywhere in the cluster. Invoking CVE-2022-0811 could allow an attacker to perform a variety of actions against the target, including executing malware, exposing data, and moving laterally across pods.
CrowdStrike disclosed the vulnerability to Kubernetes, which worked with CRI-O to release a patch.
This article is published by OpenWrite , a multi-post blog platform !