KubeWeeklyは毎週Kubernetesに関する興味深いニュースを提供しています。(https://kubeweekly.io/ )この記事は 2020/01/10に発行された Kube Weekly #198を読んで、感じたことをメモ的にまとめたものです。
私の勘違いや説明不足による誤解もあるかと思いますので、この記事読んで「おっ」と思ったらURLを辿って本文を確認してください。
(過去のKubeWeekly読書メモはこちら)
※この記事は、Z Labの業務の一環として作成したものです。
The Headlines
kubectl tree: Visualize Kubernetes object ownership
| kubectl tree: Visualize Kubernetes object ownership | |
 |
|
kubectlのプラグインであるkubectl treeの紹介。
これはownerReferenceを辿りリソースの依存関係をいい感じに表示してくれるツールです。
KubeCon + CloudNativeCon North America 2019 Conference Transparency Report: The Biggest KubeCon + CloudNativeCon to Date - Cloud Native Computing Foundation
| KubeCon + CloudNativeCon North America 2019 Conference Transparency Report: The Biggest KubeCon + CloudNativeCon to Date - Cloud Native Computing Foundation | |
 |
KubeCon + CloudNativeCon North America 2019 was our largest event to date with record-breaking registrations, attendance, sponsorships, and co-located events. With nearly 12,000 attendees, this year’s event in San Diego... |
KubeCon + CloudNativeCon North America 2019の数字周りのレポートのサマリ。
11891人参加で、これは昨年比で49%増らしい。
The Technical
Consistent OIDC authentication across multiple EKS clusters using Kube-OIDC-Proxy | Amazon Web Services
| Consistent OIDC authentication across multiple EKS clusters using Kube-OIDC-Proxy | Amazon Web Services | |
 |
Amazon Elastic Kubernetes Service (Amazon EKS) authenticates users against IAM before they’re granted access to an EKS cluster. Access to each cluster is controlled by the aws-auth ConfigMap, a file that maps IAM users/roles to Kubernetes RBAC groups. In this guest post from Josh Van Leeuwen from Jetstack, we look at how we can use […] |
Kube-OIDC-Proxyを使い複数のEKSクラスタの認証をOIDCで行う方法を紹介。
How to Monitor Kubernetes API Server | Sysdig
| How to Monitor Kubernetes API Server | Sysdig | |
 |
Monitoring Kubernetes API server is of vital importance when running Kubernetes in production. Learn how to validate that the service performs as expected. |
KubernetesのAPIサーバをモニタリングする方法を紹介。
Golden Signalsの手法に基づいて、どのメトリクスを取るべきかを紹介している。
Containers more secured? Use Cri-o Kata with Oracle Linux on Oracle Cloud
| Containers more secured? Use Cri-o Kata with Oracle Linux on Oracle Cloud | |
 |
Thanks to Simon Coter, Product Director Oracle Linux |
Cri-oを使いKata ContainerをランタイムとしてPodを実行する方法を紹介。
Setting up a single master Kubernetes cluster on Azure using kubeadm
| Setting up a single master Kubernetes cluster on Azure using kubeadm | |
 |
|
AzureでVMを作りkubeadmを使ってKubernetesクラスタを作成する方法を紹介。
Navigating network services and policy with Helm - RX-M
| Navigating network services and policy with Helm - RX-M | |
 |
This blog is a tutorial that will take you from basic Helm concepts in an example deployment of a chart to modifying charts to fit your needs. |
Helmを使ったアプリケーションのパラメータ変更の例としてNetworkPolicyを設定する例などを紹介。
Helm Chartをダウンロードしてきて、自分好みに変更する方法を利用している。
The blog of wjwh - The poor state of Kubernetes horizontal pod autoscaling
| The blog of wjwh - The poor state of Kubernetes horizontal pod autoscaling |
KubernetesのHorizontal Pod Autoscalerの紹介とその欠点についての記事。
代替案も紹介されているが、なかなか筆者が思うようなものがないとのこと。
2019 My year in review: inlets inlets proxy and tunnel
| 2019 My year in review: inlets inlets proxy and tunnel | |
 |
inlets was a big part of my 2019 and I wanted to write up a bit of the story and how you can use it to expose and tunnel your own services. |
プライベートネットワークに構築したKubernetesクラスタにリクエストを引き込むためのサーバを作成するコントローラであるinletsの紹介
さらにL4にも対応したinlet-proというのもあるらしい。
OSS Unboxing: Revisiting Gatekeeper - Policy Controller for Kubernetes
| OSS Unboxing: Revisiting Gatekeeper - Policy Controller for Kubernetes | |
 |
We revisit the latest features in Gatekeeper - https://github.com/open-policy-agent/gatekeeper. Original unboxing video here - https://youtu.be/vEe8R4i9g28 |
OPA周りのコンポーネントであるgeetkeeperの新機能の紹介動画
pingcap/chaos-mesh
| pingcap/chaos-mesh | |
 |
A Chaos Engineering Platform for Kubernetes. Contribute to pingcap/chaos-mesh development by creating an account on GitHub. |
Kubernetesにおけるカオスエンジニアリングを実現するためのツール。Chaosを発生させるChaos Operatorと、Chaosを分析するためのダッシュボードから構成されている。
pod-kill, pod-failure, netem chaos, network-partition, IO chaosなど、様々なChaosが実行できる。
ChubaoFS: The Cloud Native Computing Foundation's Speedy New Distributed File System - The New Stack
| ChubaoFS: The Cloud Native Computing Foundation's Speedy New Distributed File System - The New Stack |
ChubaoFS がCNCFのSandboxに入りました。これは中国のECサービスであるJD.comがコントリビュートしている分散ファイルシステムです。
Testing of CSI drivers
| Testing of CSI drivers | |
| Author: Patrick Ohly (Intel) When developing a Container Storage Interface (CSI) driver, it is useful to leverage as much prior work as possible. This includes source code (like the sample CSI hostpath driver) but also existing tests. Besides saving time, using tests written by someone else has the advantage that it can point out aspects of the specification that might have been overlooked otherwise. An earlier blog post about end-to-end testing already showed how to use the Kubernetes storage tests for testing of a third-party CSI driver. | |
CSI driverのテストの方法を紹介。
CSI driver開発者のためのsanity testと、E2Eテストの方法を紹介。
The Editorial
Short Talks: A Conversation with Kelsey Hightower - OpenShift Commons Briefing
| Short Talks: A Conversation with Kelsey Hightower - OpenShift Commons Briefing | |
 |
Chris Short, Principal Product Marketing Manager, OpenShift at Red Hat and CNCF Ambassador sits down with Staff Developer Advocate at Google, Kelsey Hightowe... |
Kelsey Hightowerとのインタビュー動画
Helm 3 Is Almost Boring and That’s a Great Sign of Maturity - The New Stack
| Helm 3 Is Almost Boring and That’s a Great Sign of Maturity - The New Stack |
Helm3について、Helm2との違いを中心に紹介。
2020年の早いうちにgraduatedするのでは?といったことが書かれている。
OpenShift and Kubernetes, with Clayton Coleman
| OpenShift and Kubernetes, with Clayton Coleman | |
 |
|
KubernetesPodcast
OpenShiftとKubernetesについて。ゲストはOpenShiftのアーキテクトであるClayton Coleman。
We are the Reddit Infrastructure team. AMA about Kubernetes and/or infrastructure at Reddit!
| We are the Reddit Infrastructure team. AMA about Kubernetes and/or infrastructure at Reddit! | |
 |
Hello, r/kubernetes! We are the Reddit Infrastructure team. Starting at 10am PDT we'll begin answering your most burning questions about our... |
RedditのインフラチームによるReddit場でのAMA(Ask Me Anything)投稿。
Farewell
| Farewell | |
 |
This is a sad day for team Kontena. We tried to build something amazing but our plans of creating business around open source software has failed. We couldn't build a sustainable business. Despite all the effort, highs and lows, as of today, Kontena has ceased operations. The team is no |
Kontena社の倒産エントリ。
(もともとはDockerを使ってクラスタを構築するためのツールの会社だったらしく、Kubernetesと完全に被ってしまった点で辛そう、と感じました。)
Katie Gamanji on Condé Nast’s Kubernetes Platform, Self-Service, and the Federation and Cluster APIs
| Katie Gamanji on Condé Nast’s Kubernetes Platform, Self-Service, and the Federation and Cluster APIs | |
 |
In this podcast, Daniel Bryant sat down with Katie Gamanji, Cloud Platform Engineer at Condé Nast International. Topics covered included: exploring the architecture of the Condé Nast Kubernetes-based platform; the importance of enabling self-service deployment for developers; and how the Kubernetes’ Federation API and Cluster API may enable more opportunities for platform automation. |
Condé Nast社のKatie GamanjiによるPodcast
Federation APIやCluster APIなどの話をしているようだ(聞いていない)
TOC Votes to Move Falco into CNCF Incubator - Cloud Native Computing Foundation
| TOC Votes to Move Falco into CNCF Incubator - Cloud Native Computing Foundation | |
|
Today, the Cloud Native Computing Foundation (CNCF) Technical Oversight Committee (TOC) voted to accept Falco as an incubation-level hosted project. Falco, which entered the CNCF Sandbox in October 2018, is... |
CNCFはKubernetesにおけるランタイム異常検知ソフトウェアであるFalcoをSandboxからIncubationレベルプロジェクトへと昇格しました。
Certified Kubernetes Application Developer (CKAD) Certification is Now Valid for 3 Years - Cloud Native Computing Foundation
| Certified Kubernetes Application Developer (CKAD) Certification is Now Valid for 3 Years - Cloud Native Computing Foundation | |
|
Announced in May 2018, the Certified Kubernetes Application Developer (CKAD) program was designed as an extension of CNCF’s Kubernetes training offerings which already includes certification for Kubernetes administrators. By adding... |
CKADの認定の有効期間が3年間となりました。(もともと2年間でした)