GC #03 - It's all about security
Show notes
Giant Conversations Episode #03 and date
Topic
Giant Swarm, Security and Open Source.
Hosted by:
Starring:
Main topic
We delve down deep into our security approach. The falacy of CVEs, the importance of PSS, the difference of developers and security practicioners and a lot more.
News from #swarmalicious
- Cloud Native Computing Foundation’s FluxCD Project Gains New Corporate Support Puja is quoted: "Giant Swarm chose Flux as the core of our GitOps experience for all our enterprise customers as we believe that it's the most cloud native GitOps approach in the market. We will continue providing support for Flux among our customers and are happy to contribute upstream based on our end user community's production usage of the project."
- TEAMS WITH EASY ACCOUNT SWITCHING IS COMING!
- Are We Watching The Internet Die? Ed Zitron warns that the proliferation of generative AI, coupled with the incentives of major tech platforms, could lead to a homogenized, centralized internet dominated by inbred AI models trained on increasingly generic, algorithm-pleasing content — a concerning future that demands skepticism and resistance from users.
- Google has a blog up discussing their threat modeling when deploying “post-quantum” (PQC) cryptographic algorithms. “If we do not encrypt our data with a quantum-secure algorithm right now, an attacker who is able to store current communication will be able to decrypt it in as soon as a decade.”
- Parca - Open Source infrastructure-wide continuous profiling Polar Signals just raised a round and they have an open source tool for profiling that e.g. Vercel is really happy about decreasing their infrastructure costs.
- Acorn is pivoting fully into AI Acorn Labs CEO. ex-Rancher, announces that the company is suddenly dropping its flagship product to focus on GPTScript, an AI scripting language.
- Software Company HashiCorp Is Weighing a Potential Sale HashiCorp been working with a financial adviser in recent months to gauge interest from potential buyers. They are making an operating and net loss per in the double digit millions but have 1.2 billion USDs on the bank. So not sure why.
News from Giant Swarm
- Swarmies are currently in Paris, next week's episode will be interviews from the conference.
- Our Marco Ebert will be speaking at KubeCon alongside James Strong from Isovalent about Ingress-Nginx and 2024 Plans (Talk happening on Thursday at 14h30)
- Giant Swarm Platform 3.0 Blog post from Timo explaining it all to follow this week. Here's a preview.
Bug of Week (from our Retrospectives)
With karpenter for cost savings, we are reaching cilium API limits due to lots of pods being evicted and need to raise those limits. Pawel then managed to figure it out. NetworkPolicy Objects with CIRDs are the culprit. Without NetworkPolicy objects everything went fine. When also 500 NetworkPolicy Objects were created each with 10 random CIDRs in them, node_local identities went up to 70k, causing cilium timeouts, causing pods being stuck in ContainerCreating. Especially for single IP networks, cilium creates 31 secondary labels. Packing single IP CIDRS into slightly bigger subnets should help. We have an upstream issue for it.
New comment