Welcome to a very special almost entirely new release announcements issue of kubelist! This week, we've got a handful of updates and new projects. For those of you that don't enjoy NEW PRODUCT BULLETINS we've also included a guide for installing kubernetes on bare metal and CentOS, and a way to use Helm without actually using Helm. Enjoy!
The kubelist editors would be hard-pressed to tell you what distribution of Linux is running in their cluster, let alone what version it is. The cloud handles all that for us, right? If getting your hands dirty from the silicon up sounds good, give this guide a read.
On the Google Cloud blog, Jianing Sandra Guo introduces Binary Authorization for GKE. It's always great to see new features on top of Kubernetes that use Open Source, and Binary Authorization builds on Grafeas. Grafeas looks powerful. Beyond simply signing your container image, it provides signed attestation that some action has been done with the container image. With this, you can ensure that no container image is deployed to production unless it's provably run through every phase of your deployment pipeline.
Disclaimer: the kubelist editors are employees of Manifold.
As with last week's post on our credentials integration (⚠️yes, we're shilling again), we wanted to share another tool we've built and use at Manifold. Heighliner is a collection of Custom Resource Definitions and Controllers that reduce the YAML you need to write, codify some best practices for container security, and create preview deployments for pull request reviews. We use Heighliner for most of our deployments.
Heighliner is still early, but we do hope you give it a look, and can find some value in it 🙂.
Jessie Frazelle's favorite software defined networking stack released version 1.2 this week. There's a load of new features in this release; most of them we don't understand! DNS based security policies sound pretty good though.
On the OpenShift blog, Rob Szumski introduces the Helm Operator kit, part of the larger Operator framework. The Helm Operator kit seems like it could provide a reasonable incremental migration away from the Helm CLI and Tiller, should you wish to do so. Nobody will judge you if you do stop using the Helm CLI; it's your cluster!
For as much as we focus on the tech (are you tired of Custom Resource Definitions yet?), Kubernetes' true strength lies in its welcoming and inclusive community. We hope it only gets better.