The Headlines

Editor’s pick of the highlights from the past week.

We built network isolation for 1,500 services
Jack Kleeman, Monzo
In the Security team at Monzo, one of our goals is to move towards a completely zero trust platform. This means that in theory, we’d be able to run malicious code inside our platform with no risk – the code wouldn’t be able to interact with anything dangerous without the security team granting special access.

The idea is that we don’t want to trust just anything simply because it’s inside our platform. Instead, we want individual services to be trusted based on a short and deliberate list of which other services they’re allowed to interact with. This makes an attack substantially more difficult.

In this blog, Jack outlines their thought process and includes examples of their test policy code.

CNCF Prometheus Project Journey Report

Prometheus is a widely-adopted open source metrics-based monitoring and alerting system. Initially developed at SoundCloud to solve end user needs, Prometheus is now hosted by the Cloud Native Computing Foundation (CNCF). This report attempts to objectively assess the state of the Prometheus project and how CNCF has impacted the progress and growth of Prometheus. This report is one of a series of project journey reports we will be publishing focused on graduated projects hosted by CNCF.

The Technical

Tutorials, tools, and more that take you on a deep dive into the code.

Inviting Security to the Party – Part I
Brenno Oliveira

Kubernetes Beyond
Andrea Tosatto

Provision a Kubernetes Cluster in Amazon EKS with Weaveworks eksctl and AWS CDK
Reaction Commerce

Migrating your app to Kubernetes: what to do with files?

KUDO, with Gerred Dillon
Adam Glick and Craig Box, Kubernetes Podcast from Google

Backyards 1.0
Marton Sereg, Banzai Cloud

Contour 1.0
Dave Cheney, Steve Sloka, Nick Young, and James Peach

From image security to workload security
Gareth Rushgrove, Snyk

The Editorial

Articles, announcements, and more that give you a high-level overview of challenges and features.

Vitess, the database clustering system powering YouTube, graduates CNCF incubation
Maria Deutscher

Longhorn storage engine accepted into the CNCF
Sheng Yang, Rancher Labs

CloudEvents hits 1.0; moves to incubation in CNCF

What service meshes are, and why Istio leads the pack
Christine Hall, Data Center Knowledge

Knative: better Kubernetes networking
Ahmet Alp Balkan

The Two Most Important Challenges with an API Gateway when Adopting Kubernetes

Hands-on guide: developing and deploying Node.js apps in Kubernetes
Daniele Polencic
Solving data-locality transparently using Vitess geo-sharding

Jiten Vaidya, CEO and Co-Founder @PlanetScale

Special MONDAY webinar!
Nov 11, 2019 10:00 AM PT (UTC-8)


Kubernetes Security Controls and Enforcement: Applying Lessons from the K8s Security Audit

Connor Gilbert, Senior Product Manager @StackRox

Nov 12, 2019 10:00 AM PT (UTC-8)


Kubernetes Cluster Performance, Resource Management, and Cost Impact

Elijah Oyekunle, Platform Engineer @Replex
Hasham Haider, Developer Marketing @Replex

Nov 14, 2019 9:00 AM PT (UTC-8)

CNCF Webinar Series – 云原生应用中的网络流量管理
This webinar will be delivered in Chinese

何归丽 @AWS

Nov 27, 2019 10:00 AM China Standard Time


CNCF Webinar Series – 增强合规信心:使用Harbor进行高级镜像扫描
This webinar will be delivered in Chinese

Steven Zou, Core Maintainer @Harbor

Dec 11, 2019 10:00 AM China Standard Time

A Vision for the 2025 Cloud Native Enterprise

John Morello, VP of Product for Prisma by Palo Alto Networks @Palo Alto Networks

Dec 12, 2019 9:00 AM PT (UTC-8)


CNCF Webinar Series – 使用KUDO (Kubernetes通用声明式Operator),简化Kubernetes有状态服务部署与管理
This webinar will be delivered in Chinese

葛昊元 (Harry Ge), D2iQ解决方案架构师 @D2iQ

Jan 8, 2020 10:00 AM China Standard Time

KubeWeekly is curated by Bob Killen, Chris Short, Craig Box, Kim McMahon, and Michael Hausenblas