With KubeCon EU wrapped up, we wanted to turn our attention to some work happening in K8s, best practices, along with some of the newer Sandbox projects. Hope everyone who participated in Valencia has traveled safely back home, and has a lot of new ideas to work with! 💡
I'm excited about this feature, which is best described in KEP-1287. Pod resource requests and limits have historically been immutable, and changing them required deleting and recreating a pod. While most applications can handle this by having multiple replicas and rolling the update, it would be great to be able to just in-place update these resources. That's what this PR does, and it's going to make a lot of small updates quicker and simpler. ✅
Teller is a cross platform secrets management tool that was recently added to the Sandbox. As applications mature, it's common to start struggling to manage secrets and sensitive data across various cloud providers and environments. Teller is trying to help solve this, and looks like a clever solution. 🤐
Here's a Functions-as-a-service platform that's now in the Sandbox. We are excited about having another FaaS platform that's easy to use and get started with, wrapping the complexities of the platform up and delivering an easy-to-use developer experience built on top of K8s. Excited to try OpenFunction in the coming weeks!
Here's an interesting project that was recently added to the Sandbox. Confidential Containers might not be applicable to every application, but solves a hard problem that's relevant to a lot of us. The goal of this project is to create a trusted execution environment that enables you to run workloads that are safe in a cloud native, Kubernetes infrastructure. Containers aren't sandboxes, and if you want to run untrusted code, you need assurances that they can't escape the container. This project will be interesting to watch as it matures.
We are seeing more frequent use cases and examples of admission controllers. There is also a recent post on the Kubernetes blog. Admission controllers do create a lot of new capabilities to enhance the tooling and process of deploying workloads to Kubernetes. Keep in mind that security here is paramount, because admission controllers are often used to secure workloads and prevent untrusted pods from getting to the scheduler. 🎮
This list is comprehensive and looks great. If you are starting out, you really can't go wrong picking tools from this list to secure everything in your environment. Remember security is about constant vigilance! 🔒📚