ali
enhancements
| ali | enhancements | |
|---|---|---|
| 3 | 69 | |
| 3,837 | 3,680 | |
| 0.0% | 1.0% | |
| 3.1 | 9.9 | |
| over 1 year ago | 5 days ago | |
| Go | Go | |
| MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ali
- Ali v0.7.0 – HTTP load testing tool that comes with a time-series DB
-
A load testing tool with a real-time analyzer, written in Go
found it: https://github.com/nakabonne/ali
-
Gopher Gold #14 - Wed Oct 07 2020
nakabonne/ali (Go): Generate HTTP load and plot the results in real-time
enhancements
-
What Would a Kubernetes 2.0 Look Like
Various pieces support pieces for pod to pod mTLS are slowly being brought into the main Kubernetes project.
Take a look at https://github.com/kubernetes/enhancements/tree/master/keps/..., which is hopefully landing as alpha in Kubernetes 1.34. It lets you run a controller that issues certificates, and the certificates get automatically plumbed down into pod filesystems, and refresh is handled automatically.
Together with ClusterTrustBundles (KEP 3257), these are all the pieces that are needed for someone to put together a controller that distributes certificates and trust anchors to every pod in the cluster.
-
Kubernetes 1.33 "Octarine": Key Features and Security Enhancements
More information can be found in the Kubernetes Enhancement Proposal (KEP) for in-place resizing.
-
Securing Kubernetes API Server Health Checks Without Anonymous Access
Digging into the Kubernetes source code led me to KEP-4633: Make anonymous authentication configuration endpoints configurable. This KEP addresses the exact concern of wanting to disable anonymous access globally while still allowing essential health checks (which don't necessarily need full TCP checks to be useful).
-
kuberc: an exciting new feature for kubectl
Kubernetes 1.33, scheduled for late April, introduces kuberc, a new feature that allows you to customize kubectl. This feature, described in KEP-3104, enables you to create aliases and enforce options for kubectl subcommands.
-
Zero-Downtime Kubernetes Deployments on AWS with EKS
Might be noteworthy that in recent enough k8s the lifecycle.preStop.sleep.seconds is implemented https://github.com/kubernetes/enhancements/blob/master/keps/...
-
The Kubernetes Cloud Controller Manager
In September of 2016 the enhancement #88 (KEP) issue is created to support out-of-tree cloud providers (pluggable).
-
A skeptic's first contact with Kubernetes
The motivation is more the latter, but it's not at all clear the proposed removal of the embedded kustomize will proceed, given the compatibility implications. See discussion at https://github.com/kubernetes/enhancements/issues/4706#issue... and following.
-
Debugging Distroless Images with kubectl and cdebug
(I do see there are some proposed enhancements related to profiles that might help here)
-
Design Docs at Google
Thanks for these links!
I picked out one at random just to check if my skeptical reaction is fair: https://github.com/kubernetes/enhancements/tree/master/keps/...
- OK, this is actually a really good and useful doc!
- However, it's not an up-front design doc, it has clearly been written after the bulk of the work has been done, to explain and justify rolling out a big change. (See the "implementation history" timeline: https://github.com/kubernetes/enhancements/tree/master/keps/...)
- It looks like the template wasn't very useful; most of the required sections are marked "N/A", and there are comments like The best test for work like this is, more or less, "did it work?"
-
IBM to buy HashiCorp in $6.4B deal
> was always told early on that although they supported vault on kubernetes via a helm chart, they did not recommend using it on anything but EC2 instances (because of "security" which never really made sense their reasoning).
The reasoning is basically that there are some security and isolation guarantees you don't get in Kubernetes that you do get on bare metal or (to a somewhat lesser extent) in VMs.
In particular for Kubernetes, Vault wants to run as a non-root user and set the IPC_LOCK capability when it starts to prevent its memory from being swapped to disk. While in Docker you can directly enable this by adding capabilities when you launch the container, Kubernetes has an issue because of the way it handles non-root container users specified in a pod manifest, detailed in a (long-dormant) KEP: https://github.com/kubernetes/enhancements/blob/master/keps/... (tl;dr: Kubernetes runs the container process as root, with the specified capabilities added, but then switches it to the non-root UID, which causes the explicitly-added capabilities to be dropped).
You can work around this by rebuilding the container and setting the capability directly on the binary, but the upstream build of the binary and the one in the container image don't come with that set (because the user should set it at runtime if running the container image directly, and the systemd unit sets it via systemd if running as a systemd service, so there's no need to do that except for working around Kubernetes' ambient-capability issue).
> It always surprised me how these conversations went. "Well we don't really recommend kubernetes so we won't support (feature)."
What are some alternatives?
go-diagrams - Create beautiful system diagrams with Go
klipper-lb - Embedded service load balancer in Klipper
fission - Fast and Simple Serverless Functions for Kubernetes
connaisseur - An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster
plow - A high-performance HTTP benchmarking tool that includes a real-time web UI and terminal display
pixie - Instant Kubernetes-Native Application Observability