Netties. Cooper Netties.

New Zealand's fourth most popular Kubernetes newsletter returns from summer hiatus with episode 007

Jan 18, 2023

I’m not proud to admit it, but YouTube knows what I like to watch. Don’t have time to do puzzles any more? Here, have daily recommendations of Cracking the Cryptic. Worried you’ve forgotten how to speak properly now you don’t record a weekly podcast? Watch Geoff Lindsey. A recent recommendation on deaccenting provided inspiration for issue #007, as did a recent Twitter DM from fellow Kubernetes old-timer David Aronchick that was obviously dictated, not typed.

An AI generated picture of James Bond using a computer — Netties. Cooper Netties. (Credit, I guess, to every artist whose work has ever been ~~ripped off~~ remixed by Stable Diffusion?)

Are you still playing Wordle? I hope so. I lost my streak this week. The joy of the puzzle is you rarely get one wrong1, but the pain of the puzzle is if you miss a day, it’s all over. Perhaps I forgot because I no longer have the grids-of-emojis come through on Twitter? In fact, I don’t have anything coming through on Twitter at present. You, my friend, may have fled the sinking ship months ago, but this is the week that finally broke the back of my poor camel. People say they upended the timeline algorithm2, issued blue ticks by the dozen, and they now only have ad inventory for MyPillow. None of that bothered me, because I never saw it. I blissfully continued to experience Twitter the way I have for 14 years3: a reverse-chronological flow of tweets, experienced through a delightful third-party app4.

Used in this fashion Twitter remained magical: it was too good to be true. This week, of course, they pulled the plug. At the time of writing “official confirmation” consists of one gaslighting tweet.

I am not yet sure of the utility of Mastodon, although I suspect my account there is older than yours. To me, Twitter’s successes and failures are both down to the fact that there’s one of them, and you can search the whole thing. What I really want is the old Twitter back, so one can ship-toast like this:

Craig Box @craigbox

Turns out @ibuildthecloud really did

A screenshot of the Google knowledge box for Kubernetes, suggesting the "developer" and "original author" was "Google, Rancher Labs, Cloud Native Computing Foundation"

and enjoy insight like this:

Jessie Goetzinger @southernsgothic

i don't listen to podcasts to learn something beneficial, in fact i am actively against bettering myself. i listen to podcasts to hear two complete freaks who are overfamiliar with each other spout nonsense for 50 minutes, and then, in time, to adopt their speech patterns myself

all in the guise of “research”.

Day job

There hasn’t been a huge amount of news yet this year, so I made some for you!

Kubescape, the open source Kubernetes security platform launched in August 2021, has been accepted as a CNCF project. I tried to contact Craig Box for an interview, but he didn’t respond to my tweets.

ARMO launched Kubescape in August 2021, targeting Kubernetes security from both ends of the proverbial spectrum. For the developer, Kubescape offers tools that can run in their standard context: CI actions, command-line scanning, IDE validation. For executive oversight, ARMO’s “Kubescape Cloud” SaaS gives you longitudinal visibility into the security state of your clusters, source repositories and code registries; all powered by the former.

Last year ARMO surveyed Kubernetes users. They were largely either using open source tools for security, but having to cobble together a solution out of many of them; or using a commercial solution, but not being happy about it. Kubescape is a good middle ground: a full solution, targeted entirely at Kubernetes, giving you a single place to look. We look forward to integrating supply chain security into Kubescape this year, but thankfully you’re still more likely to accidentally shoot yourself in the foot and end up mining cryptocurrency than to have a nation-state burn a zero-day on you.

The developer-facing components of Kubescape, being the most relevant for the largest audience, are all now part of the CNCF5. The contribution required renaming ARMO’s SaaS from “Kubescape Cloud” to “ARMO Platform”, a project I have been overseeing. Another project I will be overseeing over the next few months is the open-sourcing of that service, such that you can run your own Kubescape Cloud. That’s not required by the CNCF, but it’s the right thing to do.

A screenshot of the ARMO Platform dashboard.

If you are working on a Kubernetes distribution or open source project and want to talk about how to integrate Kubescape, hit me up… on Mastodon?6

As we start the year and begin the march towards CloudNativeSecurityCon7, some people I respect have posted their thoughts on what to expect in 2023. The team at Chainguard are shifting security ever further left, with their tanks and their SBOMs8; founder Dan Lorenc also wrote up his thoughts on how the industry progressed in 2022. Meanwhile, Andrew Martin from security consultancy ControlPlane walks through all the concerns of the next 12 months from a technical, social and legal perspective.

That news bit you were promised

The Mirantis Lens IDE continues to become less freemium; you now can’t use plugins in the open source version. This is, of course, hugely unpopular with its users.
Aptakube, a paid Kubernetes desktop app, has hit 1.0. It’s better than Lens on many axes that might matter to you (including that it’s written in Rust, so it must be cooler), but as the developer is finding out, it’s hard for “$100” to compete with free.
Troubleshooting tool Komodor has gone freemium. I would have listened to this to remind myself what Komodor does.
Every now and then Tim Hockin explains something in a set of succinct diagrams: today, it’s Kubernetes pod probes.
GKE updates their private cluster implementation, which no longer requires VPC peering to remove the use of public IP addresses. It now also supports Windows Server 2022, which is legitimately how I learned there was such a thing as Windows Server 2022. My early-2000s self would be ashamed.
kptop is a new CLI tool for Kubernetes terminal-based monitoring using Prometheus metrics. Check it out if you like ASCII skyline graphs!
The CNCF has published their 2022 velocity report, with new projects Istio coming in the top 10 and Kubescape rockin’ into the top 40. All pale in comparison to OpenTelemetry, which for some reason continues to nip at Kubernetes’ heels as the #2 project. Perhaps standards are exciting after all?
Doing DIY? Read a practical guide on upgrading Kubernetes, by Mat Duggan, and a retrospective of working with bare metal Kubernetes by the platform team at Quadcode.
Dumb thing of the week: an admission controller that doesn’t let you deploy on Friday. Slightly smarter thing, it lets you define which day of the week Friday is, in case you’re in Israel9.
A group representing Indigenous Americans is asking the Apache Software Foundation to rebrand.
Observe the money raining down on Chronosphere: the maintainers of M3 have extended their last Series C round by another 60%, raising their valuation a similar amount to $1.6 beeeeelion dollars.

Earlog

If you want to hear me talk about Kubernetes, complexity and security, check out my recent interview on the Cyber Theory podcast. If you want to hear me talk about how the new King is treating his swans, stay tuned for a more fun podcast appearance next week.

Typing this much hurts my wrist. Please convince me to talk again. Did you know, if you are a subscriber to this newsletter, you have 10 free subscriptions you can give away to your friends?10 We are spitting distance from our first subscriber goal, which, rest assured, does not involve anyone being spat on, but does involve an audio adaptation of this publication.

Share Let's Get To The News

Epilogue

I saw my old friend Raymond over the holidays. He, shall we say, “let himself go”, over the lockdown period, by which I mean he really needs a haircut. With good reason, though; this March, for the second time, he’ll be cutting back to support the Australian Leukaemia Foundation’s “Shave for a Cure” campaign. Last time he did this his hair was long enough to donate: it’s about twice that length now, so aside from cash raised for cancer research, it could also help a kid feel a little more confident with a wig made of real hair.

A man with mid-length hair having it cut off for charity.

If you enjoy my writing, and you’re the kind of person who would otherwise sign up to my proverbial Patreon, wanna throw him a few bucks? Tell him I sent you.

See you next week!

Unless you’re playing in Hard Mode, but where’s the fun in that?

Speaking of Cracking the Cryptic, I recommend watching Mark solve Wordle In A Minute in a YouTube short every day. The real puzzle is figuring out why he’s using the words he chooses to start with every day.

To highlight Twitter Spaces that Elon gatecrashed?

Nerd sniping alert: I wanted to prove this, but of course Twitter no longer shows what client a message was sent with. I had to go into the JSON of the Twitter archive we all generated in a hurry last year thinking the sky would fall slightly sooner than it did.

The category of apps that invented, among other things, the blue bird, the word “tweet”, and Pull to Refresh. Do you remember that Twitterrific on the iPhone launched 2 months after the iPhone itself, predating the App Store by almost a year?

Check out the GitHub Actions integration.

Or, like, reply to this e-mail

Always have to check if I have TheSpacesInTheRightPlace with that one.

And their SBOMs and their guns

Genius thing: it’s not really a dumb thing, but a teaching tool.

Go forth and toot about this show with ten of your favourite hashtags.