The OpentTF foundation that has been founded in a response to the Terraform license change has announced a fork of HashiCorp's IaC (Infrastructure as Code) tool. The first release of the OpenTF tool will be 1.6.0-alpha, forked from the most recent commit of Terraform that was still MPL-licensed. A...

On August 10th, 2023 HashiCorp, the company behind open source and open core projects such as Terraform, Vault, Nomad and Consul switched the license for Terraform and other software from the MPL to the Business Source License (v1.1), that is usually considered a non-open source license. That lice...

Following Canonicals decision to take back stewardship of LXD from linuxcontainers.org container specialist Aleksa Sarai (Suse) has created a fork of the project under the name Incus. After some discussion with Aleksa and encouragement from the community, linuxcontainers.org have made the decision...

Canonical, the creator and main contributor of the LXD project has decided that after 8 years as part of the Linux Containers community, the project would now be better served directly under Canonical’s own set of projects. linuxcontainers.org is the umbrella project behind LXC, LXCFS, distrobuild...

Pulumi have released version 3.0 of their open source infrastructure-as-code software. It enables users to describe cloud resources in code like the Terraform does but instead of a declarative description it supports programming languages such as Typescript, Python or C# (and others).

Pulumi 3.0...

Amazon has announced the the OpenSearch project, a community-driven, open source fork of Elasticsearch and Kibana. The project includes OpenSearch (derived from Elasticsearch 7.10.2) and OpenSearch Dashboards (derived from Kibana 7.10.2).

The fork is presumably a reaction to Elastic's announcme...

The Apache Project Management Committee has decided to put the Mesos project in the attic, a place where projects are archived that are no longer actively developed. Mesos is a collection of software that puts an abstraction layer on a cluster of machines for running distributed applications. In m...

The US Supreme Court has finally ruled in favor of Google in a decade-long series of lawsuits against Oracle. The court’s decision was 6 vs 2 votes. Justice Amy Coney Barrett, who was not yet confirmed by the Senate when the case was argued in October, did not participate in the ruling.

The case...

Starting with Version 4.5 CrateDB will be licensed under Apache 2.0. Up until now CrateDB was distributed with an open-core model that restricted to the open source version to a limited set of functionality. This was a mistake, says co-founder Christian Lutz in blog post that comments on the licen...

The first major release of the Crystal programming language has been released. Crystal is a Ruby-like compiled language with static type checking. The focus of the 1.0 release is on the stability of the language and standard library to increase adoption that might have been limited by fear of brea...

Amazon has added strong consistency to its AWS S3 storage service. That has been a frequently sought-after feature because users could famously never been sure to get the correct result from a read after a preceding write to an S3 object. With the latest change in the S3 service after a successful...

Cloud company Mirantis, who is now the steward of the Kubernetes Lens GUI, have announced the availability of an extension API in version 4.0 of the software. That opens up the Lens ecosystem to third-party developers who can extend the tool with their own functions. On the Lens homepage interes...

The PHP developers have released the major 8.0 version of the well-known web programming language. It brings several modern features that are known from other programming languages and are supposed to improve reliability and convenience such as named arguments, union types, match expressions, a nu...

Under the banner of "Zero Friction Kubernetes" the k0s project wants to lower the entry barriers of the container orchestration software. To that end it ships as a single binary that can be run in master ("server") or node ("worker") mode similar to what Hashicorp's Nomad does. In the same vain th...

SUSE has released openSUSE MicroOS, a specialized Linux distribution for running containerized workloads. Similar to Fedora CoreOS by Red Hat MicroOS is an "immutable OS" that's not supposed to be altered while it is running. Therefore the root filesystem is mounted read-only. MicroOS still enable...

AWS (Amazon Web Services) has given advice to users coping with Docker Hub's recently introduced rate limit. Docker, Inc. has announced that the Hub service will begin limiting the rate at which images are pulled under their anonymous and free plans. These limits will progressively take effect begin...

The Raspberry Pi Foundation has launched the Raspberry Pi 400, a new model of the tiny ARM based computer that sits inside a keyboard enclosure. Reminiscent of 80s home computers - RPi Foundation quotes BBC Micros, ZX Spectrums and Commodore Amigas - the Keyboard is a fully working computer that e...

As part of this year's virtual Open Infrastructure Summit, the OpenStack Foundation has announced to change its name to Open Infrastructure Foundation (OIF). This is intended to reflect an expansion of the organization's mission, scope and community : Instead of focusing solely on OpenStack, the mis...

Snyk, a leading provider of security for native cloud applications, today announced the next phase of its Docker partnership, in which Snyk is be named as the exclusive provider of security insights for Docker Official Images and other future content certification programs.

Official Docker images...

Canonical announced high availability (HA) clustering of MicroK8s, their lightweight distribution of Kubernetes. Already popular for IoT and developer workstations, MicroK8s now gains resilience for production workloads in cloud and server deployments.

High availability is enabled automatically...

Hashicorp, makers of Terraform, Consul and Nomad among others, have released version 0.1 of Boundary, a new software the implements zero trust access control. Promoted by Google under the name Beyond Corp the zero trust model does away with the classic concept of perimeter security and takes into...

Amazon has announced the general availability of Bottlerocket, an open source Linux distribution built to run containers. Bottlerocket is designed to improve security and operations of containerized infrastructure. Its built-in security hardening helps simplify security compliance, and its transac...

The OKD-WG has announced the general availability of OKD4, the community distribution of the Red Hat OpenShift Kubernetes platform. Formerly known as OpenShift Origin OKD is now the open source upstream project of OpenShift.

OKD4 uses Fedora CoreOS as the base OS for the nodes. It enables the clus...

SUSE has entered into a definitive agreement to acquire Rancher Labs, a privately held open source company providing a Kubernetes management platform.

“Rancher and SUSE will help organizations control their cloud native futures,” said Sheng Liang, Rancher CEO. “Our leading Kubernetes platform w...

Couchbase have released version 2.0 of their Couchbase Autonomous Operator that helps run the NoSQL document database on Kubernetes. It includes new features such as automated security management, resource management, centralized monitoring through Prometheus, auto-configuration of cross datacenter...

After several versions and iterations Docker have published a draft specification of the Docker Compose orchestration configuration files syntax. Compose enables developers and operators to specify complex container applications including storage and networking in a single YAML file.

Docker is wo...

Amazon Web Services have published a public preview of Bottlerocket a new Linux based distribution that is targeted to running containers on virtual machines or bare metal machines. Bottlerocket includes only the essential software to run containers, which improves resource utilization and reduces t...

Canonical has announced high-availability clustering for MicroK8s, its workstation and appliance version of Kubernetes. Multi-cloud Charmed Kubernetes has also got an update to support SQL databases as a replacement of the etcd key value store.

The small footprint of Canonical’s MicroK8s makes it...

Cloud company Mirantis announced that they have acquired the Docker Enterprise platform business from Docker, Inc. including the software and its 750 customers. Mirantis is committed to support Docker Enterprise platform customers and currently expects to support Swarm for at least two years, depend...

Following their own tradition Red Hat has release the Quay container registry under an open source license. Project Quay is the upstream project behind the container image registries of Red Hat Quay and Quay.io. The Quay team also created and integrated the Clair open source container security scan...

Kubernetes 1.10 is the first release of the container orchestration framework in 2018. This version stabilizes storage features and includes new features in security and networking. The Kubernetes implementation of the Container Storage Interface (CSI) moves to beta in this release: installing new v...

The Cloud Native Computing Foundation (CNCF) announced at the PromCon conference that Prometheus is the second project to "graduate", following Kubernetes. To move from the maturity level of incubation to graduation, projects must demonstrate thriving adoption, a documented, structured governance pr...

Google hands over ownership and control of the Kubernetes container orchestration project to the Cloud Native Computing Foundation (CNCF). In the future, the CNCF and its community members will be be responsible for Kubernetes.

Google published Kubernetes 2014 and formally submitted it as a projec...

The Kubic project from SUSE now uses the container runtime CRI-O by default. This is the software component that creates a container environment from an image. Since the specification of the corresponding interface by the Open Container Initiative, other runtime environments implementing the Conta...

Pulumi, who released a new cloud application management framework in June, have published a small tool called Kubespy which monitors Kubernetes resources in real time.

It can monitor the status of resources such as pods and services as well as output the changes to such resources as diffs of JSON...

Inspired by kubeadm, etcdadm provides a simple command-line experience to configure, deploy and operate secure etcd clusters that can run anywhere (on-premises, in the cloud, as well as in air-gapped environments) – with built-in support for recovery and scalability.

etcdadm provides:

• easy dep...

T-Mobile has released the new open source project PacBoot to help make computer systems safer through automated audits and compliance checks. The first PacBot release focuses on the security audit of Amazon AWS cloud setups. The tool can obtain data from Qualys Vulnerability Assessment Platform, Bit...

Version 11 of the PostgreSQL database management system is now available. The PostgreSQL developers focused on scaling up for large volumes of data in this release. This concerns, for example, the partitioning of databases, which is now faster and more robust, according to the release notes.

For...

IBM and Red Hat announced today that the companies have reached a definitive agreement under which IBM will acquire all of the issued and outstanding common shares of Red Hat for $190.00 per share in cash, representing a total enterprise value of approximately $34 billion.

With this acquisition, I...

Skycfg is an extension library for the Starlark language (of Google's Bezel build tool) that adds support for constructing protobuf messages. Starlark is a dialect of Python. Like Python, it is a dynamically typed language with high-level data types, first-class functions with lexical scope, and ga...

At the VMworld Europe in-house show VMware announced that it will acquire startup Heptio. Heptio deals exclusively with the container orchestration software Kubernetes and was founded by the Kubernetes inventors Joe Beda and Craig McLuckie who were employed at Google at the time. Later,Kubernetes wa...

Wireguard developer Jason A. Donenfeld has submitted patches of his original VPN implementation to the Linux kernel. That and the fact that Linux kernel maintainer Linus Torvalds praises the quality of the design and the code means that Wireguard will soon be available in the mainline kernel.

Wir...

At their Cloud Next conference Google unveiled its new "GKE On-Prem" product, which makes their Kubernetes cloud service available for on-premises operation. This will enable the seamless integration of container applications in the cloud and in the enterprise. For example, the on-prem service also...

Kata containers are available as a version 1.0. Kata containers are a project of the OpenStack Foundation which combines container technology with VMs for more security, using the existing Intel Clear container and Hyper.sh projects. The project was presented at the end of 2017, and now, in time for...

German security firm Cure53 has completed a security audit of the service mesh / proxy Envoy. A severe security hole was found in the Lyft web admin interface but no critical problems were found in the Envoy core. It's the first completed security audit that the Cloud Native Computing Foundation (CN...

SAP has released an open source project called "Gardener", which allows Kubernetes clusters to be managed on multiple platforms. SAP has been working on the project since mid-2017 and hopes that more developers will attracted through the release of the software.

Gardener itself is a service runn...

After announcing Kubeflow in the beginning of December, Google has now released the machine learning framework for the Kubernetes orchestrator. The Kubeflow project can be found in a new open source Github repo that contains:

• JupyterHub to create & manage interactive Jupyter notebooks
• A Tenso...

Red Hat today announced that it has signed a definitive agreement to acquire CoreOS, Inc. for a purchase price of $250 million. By combining CoreOS’s container and orchestration offerings such as Rocket, Quay or Tectonic with Red Hat’s Kubernetes and container-based portfolio, including OpenShift,...

Google has released a new container runtime called gVisor which promises more security than conventional Linux containers, but requires less resources than a combination of container and VM (as in runV or Kata containers). To reach this goal the Google developers have re-implemented most of the Linu...

Google has introduced Kaniko, an open-source tool for building container images from a Dockerfile even without privileged access. With Kaniko, it is possible build an image from a Dockerfile and push it to a registry. Users can run Kaniko in a standard Kubernetes cluster or the Google Kubernetes Eng...

For Heroku style deployments to Kubernetes: Gitkube is a tool for building and deploying docker images on Kubernetes using git push. Features according to the gitkube.sh project page:

• No dependencies except native tooling (git, kubectl)
• Plug and play installation
• Simple public key based au...

Rook Storage is now an Inception Level Project of the Cloud Native Computing Foundation (CNCF). Rook provides file, block, and object storage in a Kubernetes cluster. This makes Kubernetes clusters independent of the underlying storage infrastructure and easier to migrate.

As a backend Rook uses t...

ACID-compliant distributed database CockroachDB is available as a 2.0 release. A new feature is the support for "semi-structured" data in the form of a JSON datatype. CockroachDB follows the PostgreSQL design by using the JSONB datatype introduced in recent versions of the relational database.

A...

According to Daniel Stenberg, the author of the commandline tool curl, the next version of HTTP will be based on the QUIC protocol. Originally, QUIC had been developed as a UDP-based alternative to TCP by Google. Based on this, the IETF experts are working on a different protocol under this name (...

The startup Pulumi has released their eponymous cloud configuration framework under an open source license. Unlike similar tools like Terraform and Cloudformation, Pulumi does not rely on declarative configuration in a YAML syntax, but uses a proper programming language to configure cloud environm...

Dive is a command line gui tool that lets users explore the layers of a Docker image. The tool shows Docker image contents broken down by layer including changes in a specific layer or aggregated changes up to this layer.

Dive also provides a measure for what the developers call "image efficienc...

The WireGuard VPN tool has been imported into the OpenBSD ports software collection. That means WireGuard can be easily installed by OpenBSD users.

WireGuard is a new implementation of a VPN that is much easier to configure than OpenVPN or IPsec. Since it has been included in the Linux kernel i...

AWS has released a new virtualization software called Firecracker that is aimed at serverless applications. According to Amazon it is already running in production on the AWS Lambda and Fargate services.

Firecracker is based on the Linux hypervisor KVM and optimzed for efficiency and security....

According to their announcement blog post Tumblr have been using Kubernetes for many tasks such as critical-path web requests handling for tumblr.com or background and scheduled jobs. Now the are releasing three of their Kubernetes Tools under an open source license.

Their sidecar connector can...

BoringTun is an implementation of the WireGuard protocol designed for portability and speed. The executable "boringtun" is a userspace WireGuard implementation for Linux and macOS. The library "boringtun" can be used to implement fast and efficient WireGuard client apps on various platforms, incl...

The Podman command line container management tool has reached version 1.0. The tool implements an almost Docker-compatible command line but uses that CRI-O container runtime. Originally it was developed as a test tool for CRI-O but has since then become a full container engine.

In addition to t...

Gravitational has ported WireGuard to Kubernetes, that is to say that they created a network plugin for Kubernetes that uses the WireGuard VPN. It's an open source project called Gravitational Wormhole that can be found on GitHub.

The Kubernetes API is used to for the exchange of encryption key...

The first Kubernetes 1.14 in 2019 is ready. Version 1.14 comprises of 31 enhancements: 10 moving to stable, 12 in beta, and 7 new. The main themes of this release are extensibility and supporting more workloads on Kubernetes with three major features moving to general availability, and an important...

The CNCF (Cloud Native Computing Foundation) has published the results of an "open source security audit" of the Kubernetes container orchestration framework. The actual results and reports are accessible in a public GitHub repository. Live testing Kubernetes environments were setup with Kops an...

While working with OpenShift I did some research on multistage builds and stumbled upon a GitHub issue where people claimed that multistage builds on OpenShift actually worked and wondered why that was the case because OpenShift gets installed with Docker 1.13 and multi-stage builds were only intr...

Together with AWS, Google Cloud and Microsoft the open source company Red Hat is launching OperatorHub.io, a new public registry for finding Kubernetes Operators.

Introduced by CoreOS in 2016 the Operator pattern is a way to automate infrastructure and application management tasks on Kubernetes o...

GitHub has announced the beta launch of a new package registry for different formats such as npm, Maven, Nuget, RubyGems and Docker. After the free beta the terms of use are the same as with GitHub repositories: free for open source projects and different plans for commercials users. Prices have n...

Following the Red Hat acquisition IBM has announced that its software portfolio will be adapted to run on the OpenShift container platform. By now IBM has created more than 100 so called Cloud Paks that are optimized to run on Red Hat OpenShift which is a customized Kubernetes platform focused on us...

The TiKV distributed transactional key-value database is now an incubating project at the CNCF (Cloud Native Computing Foundation). TiKV is a distributed database that's similar to Google Spanner and HBase but claims to be easier to use. TiKV offers georeplication, horizontal scalability and consi...

The Envoy proxy has become the third project to "graduate" as a CNCF project, after the Kubernetes orchestration and the Prometheus monitoring software.

Envoy was developed by the carsharing startup Lyft and donated to the CNCF in 2017. It is a proxy as well as a "service mesh" for microservi...

Docker Inc. has released the Docker Bench for Security under an Open Source license. "Inspired" by the CIS (Center for Information Security) Benchmark for Docker the shell script checks for common best-practices around deploying Docker containers in production.

Naturally Docker has also packed...

The Rook storage distribution on top of Kubernetes has been released in version 1.0 that the developers consider a "major milestone".

Rook, that is basically a containerized version of the distributed storage software Ceph, now supports the latest development release "Nautilus" of Ceph. It sill...

The Cloud Native Computing Foundation (CNCF) announced that Fluentd is its sixth project to "graduate", following Kubernetes, Prometheus, Envoy, CoreDNS and containerd. Where "graduation" means that a project has reached a certain stage the encompasses that it has completed an independent and third...

Initiated by the folks of Rancher Labs there's a new stripped-down version of Kubernetes called K3S that is targeted to edge deployments with low resources or other installations which require lower operational complexity than plain Kubernetes. The name of the project is a play on the K8S, the usual...

Purism, makers of the Librem notebooks and smartphone, have introduced a secure boot mechanism that covers the whole chain of booting a device into the operating system. PureBoot comprises the following measures:

• Neutralized and disabled Intel Management Engine where only the code essential fo...

Containerd is the fifth project to graduate within the CNCF (Cloud Native Computing Foundation) ecosystem, following Kubernetes, Prometheus, Envoy, and CoreDNS. To move from incubation status to graduation, projects must demonstrate "thriving adoption, diversity, a formal governance process,...

A bug was found in the way the runc container runtime handles file descriptors when running containers. An attacker could use this bug to overwrite contents of the runc binary and run arbitrary commands on the container host with root privileges. To exploit this flaw the attacker needs to be able to...

Bitnami has published its Kubernetes Production Runtime (BKPR), a bundle of the Kubernetes orchestration software and other services that are typically needed when operating a Kubernetes cluster, such as logging, monitoring, certificate management and automatic discovery of Kubernetes resources vi...

The Cloud Native Computing Foundation (CNCF) has adopted the key-value store etcd that is a central (albeit distributed) component of Kubernetes. etcd has been developed by the CoreOS company that has been acquired by Red Hat in early 2018. It's a distributed key-value store similar to Apache Zookee...

Deis Labs have published the specification of the new Cloud Native Application Bundle (CNAB) format. Its purpose is to help bundling, installing and managing container-native apps and their respective services.

Applications specified through CNAB will be cloud-agnostic and secured through the u...

PingCAP, developers of the "NewSQL" database TiDB, have announced the general availability of TiDB 2.1. It's a Hybrid Transactional and Analytical Processing (HTAP) database that provides elastic horizontal scalability, strong consistency and high availability. TiDB has a MySQL-compatible interfac...

Darren Shepherd of Rancher Labs has found a severe security vulnerability in Kubernetes.

The vulnerability allows specially crafted requests to establish a connection through the Kubernetes API server to backend servers (such as aggregated API servers and kubelets), and send arbitrary requests...

Intel has released a new version of its Clear Linux distribution. While Clear Linux was initially branded as a distribution for cloud computing the current message is now that it is a distribution targeted at Linux developers. Still Clear Linux includes special machinery for working with containers....

Hi, thanks for passing by! We are a new online publication focused on modern server computing. That means distributed systems, cloud, containers, virtualization and the like, from an operations as well as from a developer perspective. While technically not necessarily connected with this we also tak...