Posts in tag

CNCF


Constellation is the first fully confidential Kubernetes, released as open source in September. It leverages confidential computing technology to shield entire clusters and all workloads from cloud infrastructure. From the inside, it’s a fully-featured, CNCF-certified K8s engine. From the outside, it’s 100% confidential. The term confidential Kubernetes refers to the concept of using confidential-computing technology to shield entire Kubernetes …

If you are looking for help on how to set Kubernetes resource limits and requests, you’ve come to the right place. Goldilocks is an open source tool that helps users optimize their resources by setting proper CPU/Memory. This helps engineers avoid a lot of trial/error guesswork. The changes could help you understand if you are …

Cosign integration was one of the most important features we shipped in the Flux v0.35 release. After that, we wrote a blog post which explains how to use the feature with OCIRepository resources which enables fetching OCI artifacts from container registries. If you haven’t read it yet, we highly encourage you to go and check it out first. Flux v0.36.0 …

Introduce definition​ Dragonfly has been selected and put into production use by many Internet companies since its open source in 2017, and entered CNCF in October 2018, becoming the third project in China to enter the CNCF Sandbox. In April 2020, CNCF TOC voted to accept Dragonfly as an CNCF Incubating project. Dragonfly has developed the …

Optimized container images together with technologies such as P2P networks can effectively speed up the process of container deployment and startup. In order to achieve this, we developed the Nydus image acceleration service (also a sub-project of CNCF Dragonfly). In addition to startup speed, core features such as image layering, lazy pulling etc. are also …

Containerized applications are becoming increasingly more common, and with their deployment comes an increased need to ensure adequate container security and resilience of the software supply chain. In this article, we will outline the main container-related security issues, together with the best practices to adopt to enhance them. Container security: the context The way organizations design …

Kubernetes has taken center stage in how we now manage our containerized applications. As a result, many conventions to define our Kubernetes apps exist, including structures such as YAML, JSON, INI, and more. This leaves us to consider what is the best strategy to follow for our applications. Additionally, we must then also ask how …

Meet Murre. Murre is an on-demand, scaleable source of container resource metrics for Kubernetes. Murre fetches CPU & memory resource metrics directly from the kubelet on each K8s Node and enriches the resources with the relevant K8s requests and limits from each PodSpec. Minimalism. Yeah, big word I know, but bear with me here. Basically, …

Kubernetes users usually share clusters to meet the demands of multiple teams and multiple customers, which is usually described using the term multi-tenancy. Multi-tenancy saves costs and simplifies administration. While Kubernetes does not have first-class concepts of end users or tenants, it provides several features to help manage different tenancy requirements. Based on these features, the …

Lightweight Kubernetes, known as K3s, is an installation of Kubernetes half the size in terms of memory footprint. Do you need to monitor your nodes running K3s to know the status of your cluster? Do you also need to know how your pods perform, the resources they consume, as well as network traffic? In this article, …