With the containerization of Docker, Kubernetes, CNCF, and the development of open-source communities, related frameworks and technology is booming and iterating rapidly. Cloud Computing, been applied for many years, is pushing developers into the new technological era. Companies and developers who are not using or not planning to use Cloud-Native gradually feel tremendous pressure in keeping up with the technology trends.

The first step is to understand the concepts of IaaS, PaaS, FaaS, SaaS, Serverless, CaaS, etc., which appear in almost all cloud computing-related conferences, technologies, and documents. …

Kubernetes server-side apply(SSA) is a new Kubernetes weapon, which was released in 1.14, through 1.16 the beta version, and to the latest version 1.18 beta2. Have you tried it or intended to try it? Before that, ask yourself the following questions.

• What is Server-Side Apply(SSA)?
• What is the difference between SSA and client-side apply(CSA)?
• What are the pros and cons of SSA?

What is Server-Side Apply(SSA)?

Before understanding server-side apply, it is necessary to understand the way Kubernetes objects undergocreate/update.

Usually, we use CLI commands encapsulated by kubectl to execute apply/edit/patch and other commands to achieve objects’ declarative creating and updating. …

Just a few days ago, on 14th Dec., Google IAM experienced a 50-minute outage🔥 and resulted in the unavailability of all the user verification services that rely on it worldwide. Youtube alone lost 1.7 million💸 in advertising revenue, while the losses of other websites were utterly incalculable.

• What is Google IAM?
• Why does this matter so much?
• How much do you know about Authentication and Authorization on GCP?
• How do you align GCP IAM with Kubernetes RBAC?

If we want to build a system with user modules, Authentication and Authorization are something that we can never ignore, though they could be fuzzy to understand.

Authentication (from Greek: αὐθεντικός authentikos, “real, genuine”, from αὐθέντης authentes, “author”) is the act of proving an assertion, such as the identity of a computer system user — from wiki

Authorization is the function of specifying access rights/privileges to resources, which is related to general information security and computer security, and to access control in particular. — from wiki

You can simply conclude into two points.

• Who are you? Authentication enables the users to login into the system correctly. …

Recently，The hottest news in the Kubernetes circle that docker will be deprecated has been confirmed by the release of 1.20.

Docker support in the Kubelet is now deprecated and will be removed in a future release. The Kubelet uses a module called “dockershim” which implements CRI support for Docker and it has seen maintenance issues in the Kubernetes community. We encourage you to evaluate moving to a container runtime that is a full-fledged implementation of CRI (v1alpha1 or v1 compliant) as they become available. — from Kubernetes 1.20 changelog

The news caused a tremendous response, and almost everyone around was discussing it. But at the same time, the Kubernetes community immediately published several articles to ease the panic, stating that most users will not be affected once implemented. …

In the previous article ㉿ (Kubernetes Operator for Beginners — What, Why, How), I have described Kubernetes Operators’ concepts and how to implement one with a simple example of auto-generating ServiceAccount and ClusterRoleBinding through Kubebuilder.

But that example is rough and does not meet the production standards, just for illustration. 😞

• CRD Condition is not set. The Condition status is generally a monitoring field used by various kubectl tools to observe the resources’ status.
• Without a health check, we can not add a liveness probe and readiness probe.

Operators that run in production obviously need more.

This article lists multiple aspects of building a stable and functional Operator by improving the previous one. And we will discuss some pitfalls encountered during the development. …

In Infrastructure Development, we can never bypass Operators in modern Kubernetes solutions.

I have been writing different operators in the past one or two months, with the purpose to reduce companies’ pressure in managing various Kubernetes and GCP resources on the GCP and to inject more automated management methods.

From the company’s perspective, the higher the automation, the lower the maintenance pressure; the stronger the scalability, and the higher the stability.

From the developers’ point of view, application developers can be more assured to focus less on infrastructure and concentrate more on business innovation. Infrastructure developers reduce toil and spare more time to explore interesting things. …

Kubecon NA 2020 just ended last week. Although it was held online this year, the content was too rich that it made me feel a bit lost in the CNCF world.

After joining the new company and getting to know Kubernetes and GCP, I found the most challenging part was the lush ecosystem of CNCF, which made me, a former traditional VM application developer, kind of overwhelmed.

However, as I deepened my understanding of Kubernetes, CNCF, and the tools in the ECOsystem, I began to grasp the core. But what still puzzles me is the direction of the next growth and the way to find what I need and improve quickly. …