The Headlines

Editor’s pick of the highlights from the past week. 

We built network isolation for 1,500 services
Jack Kleeman, Monzo
In the Security team at Monzo, one of our goals is to move towards a completely zero trust platform. This means that in theory, we’d be able to run malicious code inside our platform with no risk – the code wouldn’t be able to interact with anything dangerous without the security team granting special access.

The idea is that we don’t want to trust just anything simply because it’s inside our platform. Instead, we want individual services to be trusted based on a short and deliberate list of which other services they’re allowed to interact with. This makes an attack substantially more difficult.

In this blog, Jack outlines their thought process and includes examples of their test policy code.

CNCF Prometheus Project Journey Report
CNCF

Prometheus is a widely-adopted open source metrics-based monitoring and alerting system. Initially developed at SoundCloud to solve end user needs, Prometheus is now hosted by the Cloud Native Computing Foundation (CNCF). This report attempts to objectively assess the state of the Prometheus project and how CNCF has impacted the progress and growth of Prometheus. This report is one of a series of project journey reports we will be publishing focused on graduated projects hosted by CNCF.

The Technical

Tutorials, tools, and more that take you on a deep dive into the code. 

Inviting Security to the Party – Part I
Brenno Oliveira

Kubernetes Beyond
Andrea Tosatto

Provision a Kubernetes Cluster in Amazon EKS with Weaveworks eksctl and AWS CDK
Reaction Commerce

Migrating your app to Kubernetes: what to do with files?
Flant

KUDO, with Gerred Dillon
Adam Glick and Craig Box, Kubernetes Podcast from Google

Backyards 1.0
Marton Sereg, Banzai Cloud

Contour 1.0
Dave Cheney, Steve Sloka, Nick Young, and James Peach

From image security to workload security
Gareth Rushgrove, Snyk

The Editorial

Articles, announcements, and morethatgive you a high-level overview of challenges and features. 

Vitess, the database clustering system powering YouTube, graduates CNCF incubation
Maria Deutscher

Longhorn storage engine accepted into the CNCF
Sheng Yang, Rancher Labs

CloudEvents hits 1.0; moves to incubation in CNCF
CNCF

What service meshes are, and why Istio leads the pack
Christine Hall, Data Center Knowledge

Knative: better Kubernetes networking
Ahmet Alp Balkan

The Two Most Important Challenges with an API Gateway when Adopting Kubernetes
Datawire

Hands-on guide: developing and deploying Node.js apps in Kubernetes
Daniele Polencic

KubeWeekly is curated by Bob Killen, Chris Short, Craig Box, Kim McMahon, and Michael Hausenblas

Please send submissions to kubeweekly@cncf.io 

Copyright © 2019 Cloud Native Computing Foundation, All rights reserved.