K8S Ecological Weekly | Rancher Desktop v0.1.0 at a glance

The content of "K8S Ecological Weekly" mainly contains some recommended weekly information related to the K8S ecology that I came into contact with. Welcome to subscribe to the column "k8s ecology" .

Trivy v0.17 is officially released

Trivy is an open source security scanner for image vulnerabilities by Aqua Security. I have introduced it many times in previous weekly reports, which is especially convenient to use! (Eat my Amway!) Trivy released the v0.17 version this week. Let's take a look at the changes that are worth noting this time.

Breaking changes

In the previous version of --skip-dirs parameter was allowed to be separated by a comma (,) to set multiple directories. From this version, it will follow the default behavior of most software, --skip-dirs multiple times, and only process one directory for each parameter.

Before v0.17:

trivy image --skip-dirs "/usr/lib/ruby/gems,/etc" fluent/fluentd:edge

Version v0.17 and later:

trivy image --skip-dirs /usr/lib/ruby/gems --skip-dirs "/etc" fluent/fluentd:edge

If you have a small partner using this feature, you need to pay special attention when upgrading! So as not to affect your own workflow.

New features

• Can support Go binary file scanning. For the main implementation, please refer to the article I wrote before "Reverse Go Binary File and Obtain Its Dependency Information"
• Can support vulnerability scanning of JAVA-related archive files, such as JAR, WAR and EAR formats.

But please note: This function is currently not available in an offline environment. needs to be sent in order to get more information. Therefore, if the network environment is poor, this process may take a longer time. You can increase the --timeout parameter to control the timeout period.

• adds a new Plugin mechanism Plugin mechanism similar to kubectl and Helm. : What if trivy integrates kubectl as a plugin, and kubectl uses trivy as a plugin? welcome to leave a message to discuss~
• Sprig functions can be used in trivy's custom templates. Is it familiar? Helm 3.5 was introduced in the previous weekly report and also supports the same content.

For more detailed information about this version, please refer to its ReleaseNote

Alertmanager v0.22.0-rc.0 released

Those who use Prometheus should be familiar with Alertmanager. Many useful features have been added to this version:

• With a new form of creating Silence, a new calendar;
• Routes can be set according to time, which can also solve many requirements such as "non-working hours, not alarming the test environment";
• When filtering on the interface, it can support "non" matching conditions, for example, we can directly do the following operations: "non-production environment, close all";
• The web interface natively supports TLS and basic auth;
• Added OAuth2.0/OIDC support;
• Apple M1 support;

For more detailed information about this version, please refer to its ReleaseNote

Rancher Desktop v0.1.0 released

Rancher recently launched a desktop tool built on electron for managing Kubernetes and containers in desktop environments such as Windows and macOS. Its core features are as follows:

• Support optional Kubernetes version (supported by k3s);
• Can test the changes in application load when the Kubernetes version is upgraded (also provided by k3s);
• Build/pull/push of the container image (implemented by kim and BuildKit, etc.);
• Support local port mapping (implemented through kubectl port-forward);

Here is a brief talk about my views on this tool. Judging from the above introduction, it is actually easy to find that this is coming to the Docker Desktop market. So far, none of the tools on the market can fully cover and replace Docker Desktop. No matter container & image management, image security scanning, built-in k8s cluster and other tools can provide developers with great convenience. This is also one of the main reasons why Docker still has a large market in developer tools.

Second, let's take a look at the timing of the launch of this tool. Recently, Docker Desktop has received a lot of criticism due to the "Turn off update reminder" feature set to be available to paying users in the new version. This tool chose to release the first version at this time, perhaps by coincidence, perhaps it just happened to give some people more options.

In addition, the feature change in the new version of Docker Desktop has actually been discussed a lot on major social media/forums. Personally, I think this decision is reasonable. It is also Docker Inc. It must be done. This company has done enough in open source. If it does not make any strategy on its own closed source products, it will be really dangerous.

Upstream progress

• # 101 093 · Kubernetes / Kubernetes earlier this year # 98571 in order to stop the probe in the Pod elegant exit when it introduces unexpected behavior. It was fixed in this PR. The scenario of this problem is that startupProbe cannot be executed normally after the Pod is restarted.

Welcome to subscribe to my article public account【MoeLove】