Let's go WASM(WebAssembly) and Cloud native

Cloud native updates with WASM touch

If you are a regular reader of my newsletter, you know that I have been saying for quite some time that WASM is going to be the next disruptive thing in the cloud native space. It's not just for the sake of hype; with recent developments and advancements in this domain, we have seen companies innovating and providing different solutions for creating, running, and implementing WASM modules.

The Docker and WASM announcement triggered even more interest from the cloud native community, and things are moving really fast. For example, containerd has adopted runwasi in their project, so now you can have a node with the runwasi shim and that node would be able to run WASM workloads in a Kubernetes cluster.

How cool is that?

Next week, I will be heading to the Docker Meetup and WASM I/O conference in Barcelona, where I will be discussing the intersection of WASM and containers, as well as exploring the endless possibilities that can be created by combining these technologies. Additionally, I will be meeting and talking with friends.

I also have some exciting news: I might be able to make it to KubeCon for my talk, but the timeline is very tight, so it will be a matter of luck due to the visa process being unpredictable.

What I have been working on?

I did create a few videos worth watching ;) → DO WATCH THEM ALL :D

Devops and platform engineering are both hot topics, and many people are trying to push their own motives. However, the real deal is that platform engineering is the next in line for DevOps, and a lot of the work will overlap between the two fields. So, if you have been doing DevOps work, there is a strong chance that in your next role, you might be called a platform engineer.

The simple concept is that platforms also need to be built and maintained, and this work will be done by existing DevOps professionals (SREs, Ops, and other titles) and developers who can be referred to as platform engineers. Overall, the goal is to move towards standardization, reduce the need to rewrite things, and increase developer productivity across many teams within the organization.

Kubernetes CKS certification exam - I have updated my book to match the k8s 1.26 version and have tested all the scenarios. It works fine, so please watch the complete video if you are preparing for the Kubernetes CKS.

Headlamp is a Kubernetes dashboard that can be customized through plugins and comes with a desktop app. I think the desktop app can be really powerful, but the in-cluster deployment is also cool. The video has all the demos.

External Secrets operator is a recently released video that explains how to use external key management systems to store secrets, which can then be pulled by the operator and used as Kubernetes secrets for your pods. The video includes all the necessary demos, so make sure to watch it in full.

Kubesimplify Updates

Kubesimplify is proud to be a community sponsor for Cloud Native Rejekts, an awesome conference taking place just before KubeCon in Amsterdam. Don't forget to register and get some Kubesimplify stickers!

Cloud Native Rejekts @rejektsio

We welcome @kubesimplify as a Community sponsor of #Rejekts2023 in Amsterdam! 🌷🚴 Kubesimplify is on a mission to teach ☁️ native! They explain complex concepts in simple ways to make ☁️ native accessible to all. Learn about ways you can sponsor #Rejekts👉cloud-native.rejekts.io/Rejekts_Sponso…

8:24 AM ∙ Mar 15, 2023

---

We did publish some cool blogs worth reading, btw we crossed 100+ blogs wil close to 200k+ reds :) some of them are featured on hashnode too!

• How to Install a Kubernetes Cluster with Kubeadm, Containerd, and Cilium: A Hands-On Guide by Santoshdts

• Operating Systems 101: Essential Knowledge for DevOps/SRE Engineers by Krishnamohan Yerrabilli

• Getting Started with KinD: Creating a Multi-node Local Kubernetes Cluster by Chirag Varshney

Follow Kubesimplify on Hashnode, Twitter and Linkedin. Join our Discord server to learn with us.

Videos

Great video content created by the community with awesome learnings

Sponsored content

• Instruqt - How to Run a Selenium UI Test Against a Chrome Browser With Instruqt by Bob Reselman

• Komodor -  Kubectl wasn’t intended for Devs. Why should you force them to use it? by Guy Menachem

• Sysdig - Why Companies Still Struggle with Least Privilege in the Cloud by MIGUEL HERNÁNDEZ

• SlimAI - Securing your Wordpress Build by Steven Cicchino

Awesome Reads

• Introducing Service Weaver: A Framework for Writing Distributed Applications - Service Weaver is an open-source framework for building and deploying distributed applications. It offers the development velocity of a monolith and the scalability, security, and fault-tolerance of microservices. By using language-native data structures and method calls, it decouples writing the application from runtime considerations and allows for easy changes. The framework has a modular monolith model, consisting of programming libraries and deployer.

• Introducing KWOK - KWOK is a toolkit that allows users to create a Kubernetes cluster without kubelet for simulating the lifecycle of fake nodes, pods, and other Kubernetes API resources.. KWOK has several advantages, including speed, compatibility, portability, flexibility, and performance. It can be used for learning, development, and testing purposes.

• OpenKruise becomes a CNCF incubating project - OpenKruise is an extended component suite for Kubernetes that automates application deployment, upgrade, ops, and availability protection. The project provides advanced workloads, sidecar container management, multiple domain management, enhanced operations, and application availability protection.

• VEX: Standardization for a Vulnerability Exploit Data Exchange Format - The VEX WG has published the "Minimum Elements for VEX" document, which defines the fields, flags and structure necessary to express valid VEX statements. VEX is a proactive approach to dealing with CVEs that involves third parties relaying data to stakeholders about how and whether a piece of software is affected by a certain CVE. VEX documents, which contain machine-readable statements about a vulnerability’s known impact on a piece of software, are considered a companion document to software bills of materials (SBOMs).

• Exploiting CORS – How to Pentest Cross-Origin Resource Sharing Vulnerabilities - Get to know about Cross-Origin Resource Sharing (CORS) vulnerabilities, which is a security feature that selectively relaxes the Same-Origin Policy (SOP) restrictions and enables controlled access to resources from different domains. It covers basics of CORS, identifies common vulnerabilities that can occur due to incorrect implementation, and demonstrates how to test and exploit CORS misconfigurations during a pentest assessment.

• Introducing ngrok-go: Ingress to Your Go Apps as a net.Listener - Ngrok has introduced ngrok-go, a Go package for secure ingress embedding in Go applications. The package lets developers use the internet for Go apps in a single line of code without setting up IP addresses, certificates, load balancers and ports. Ngrok-go is open source and integrates easily into any application using Go's net or net/http packages.

• How to Make High-Quality SBOMs - Interesting read on quality of SBOM’s and some of the tooling including SBOM scorecard, NTIA Conformance Checker. It also discuss new dataset bom-shelter and research findings.

Learning resources/repositories

• sqltranslate by Kate - Human to SQL Translator

• RUST concepts to learn early on

• Learn RUST by building game

• cloudlens - k9s like CLI for AWS

Learn from Twitter

Sid Palas @sidpalas

This is a valid Dockerfile for a NodeJS application. It is also a pile of 💩! We can improve: - 🔒 Security - 🏎️ Build speed - 👁️ Clarity Follow along as we go from 💩 to 🥇! (code in alt text)

2:06 PM ∙ Mar 10, 2023

---

Daniele Polencic — @danielepolencic@hachyderm.io @danielepolencic

In Kubernetes, what should I use as CPU requests and limits? Popular answers include: - Always use limits! - NEVER use limits, only requests! - I don't use either; is it OK? Let's dive into it

12:18 PM ∙ Mar 6, 2023

---

carlos @caarlos0

This is your gently reminder that, in YAML, 1.20 == 1.2, so if you want to use go 1.20, you'll need to put it between quotes. #golang #yaml #github

12:41 PM ∙ Mar 3, 2023

---

Sponsors info

This issue is brought to you by, Komodor, Instruqt, Sysdig and SlimAI ->

Instruqt solves the critical onboarding challenge every enterprise faces. It’s the fastest way to ramp up developers to your unique tech stacks at scale. With Instruqt, you can create hands-on learning customized to your software environments and workflow.

Komodor is a Kubernetes reliability platform with automatic troubleshooting playbooks for every K8s resource and static-prevention monitors that enrich live & historical data with contextual insights to help enforce best practices and stop incidents in their tracks.

Sysdig is driving the standard for cloud and container security. The company pioneered cloud-native runtime threat detection and response by creating Falco and Sysdig as open source standards and key building blocks of the Sysdig platform

SlimAI - giving developers the power to build better cloud-native applications with less friction, complexity, and waste.