The blog post is a hands-on guide to building a basic Docker-like environment using Linux namespaces, cgroups, and chroot12. It shows how to create an isolated container with its own file system, network, and resource limits. It also explains the concepts and commands behind each step of the process.
https://qovery.com/blog/the-cost-of-upgrading-hundreds-of-kubernetes-clusters

Programmatically generated handy kubectl aliases

https://github.com/ahmetb/kubectl-aliases

Postgres zero-downtime migrations made easy

https://github.com/xataio/pgroll

The article describes how DoorDash built an eBPF-powered agent called BPFAgent to monitor network traffic within their Kubernetes clusters. The article explains the benefits, challenges, and use cases of using eBPF probes to capture and enrich network events at the kernel level.


https://doordash.engineering/2023/08/15/bpfagent-ebpf-for-monitoring-at-doordash/

High-Performance Serverless event and data processing platform

https://github.com/nuclio/nuclio

A batteries-included Python client library for Kubernetes that feels familiar for folks who already know how to use kubectl

https://github.com/kr8s-org/kr8s

OpenYurt - Extending your native Kubernetes to edge(project under CNCF)
https://github.com/openyurtio/openyurt

The article is about how Adevinta, a company that provides an internal developer platform based on Kubernetes, enabled mixed-architecture deployments with ARM and x86 nodes. The article describes the challenges, solutions, and benefits of using a mutating webhook called Noe to automatically adjust node affinities based on the container images' supported architectures. The article also announces that Noe is open-sourced and invites the community to collaborate and improve it.

https://medium.com/adevinta-tech-blog/transparently-providing-arm-nodes-to-4-000-engineers-c09c92314f2f

🐧 The immutable Linux meta-distribution for edge Kubernetes.
https://github.com/kairos-io/kairos

A Golang Tool to discover unused Kubernetes Resources
https://github.com/yonahd/kor

The article is about how to use Istio, a service mesh for Kubernetes, to implement authentication and authorization policies for microservices. The article demonstrates how to enable mutual TLS encryption, JWT authentication, and RBAC policies to secure service-to-service communication. The article also provides code examples and commands to configure and test the policies.

https://www.infracloud.io/blogs/istio-authentication-authorization-policies/

Marvin is a CLI tool that scans a k8s cluster by performing CEL expressions to report potential issues, misconfigurations and vulnerabilities.
https://github.com/undistro/marvin

A developer who shares his experience of learning eBPF, a technology that allows the creation of programs that interact with the Linux kernel.
https://www.kungfudev.com/blog/2023/10/14/the-beginning-of-my-ebpf-journey-kprobe-bcc

Helm Chart security scanner

https://github.com/banzaicloud/chartsec

A network load-balancer implementation for Kubernetes using standard routing protocols
https://github.com/metallb/metallb

The challenges and solutions of gRPC load balancing in Kubernetes, a platform for deploying microservice applications.
The authors describe how they implemented a custom DNS resolver class that uses a push-based mechanism to update the IP list of available backend servers, instead of relying on the default pull-based DNS resolution that is inefficient and unsynchronized.

https://citymall.engineering/redefining-grpc-load-balancing-the-power-of-custom-dns-in-kubernetes-126ecc3cfb6c

A Kubernetes web UI that is fully-featured, user-friendly and extensible

https://github.com/headlamp-k8s/headlamp

underlay network and rdma solution of cloud native, for bare metal, VM and public cloud environment

https://github.com/spidernet-io/spiderpool

The article delves into how chaos engineering helps in proactively identifying potential system failures in modern cloud applications, thereby averting costly outages. It further elaborates on the application of chaos engineering in security testing, dubbed Security Chaos Engineering (SCE), to ensure systems respond appropriately to common threats by conducting controlled experiments that inject failures into various components like servers and database
https://www.datadoghq.com/blog/chaos-engineering-for-security/

KrakenD Community Edition: High-performance, stateless, declarative, API Gateway written in Go.

https://github.com/krakend/krakend-ce

A security layer for Git repositories
https://github.com/gittuf/gittuf