Break point: Cloudera, NeuVector, Mirantis Secure Registry, Apache Hop, Java Operator SDK, and Istio

break point

The team behind Cloudera Streaming Analytics has put the finishing touches to its 1.6 release. The update, available now, comes with a tool for migrating SQL jobs, helpers to use data from IBM’s Db2 databases, and the option to include custom connectors and data formats. CSA was also modified to work with Apache Flink 1.14, so should be able to offer newer Flink capabilities such as mixing bounded and unbounded streams or batch executing programs that work with both the DataStream API and the SQL/Table API.

SUSE sets NeuVector codebase free

SUSE is sticking to its “open source first” policy by sharing the codebase of the freshly acquired NeuVector with the world. The container security platform and its managing component are now available under the Apache-2.0 License on GitHub.

NeuVector was bought by SUSE in October 2021 in a bid to strengthen the company’s security proposition and integrate the project into enterprise container management platform SUSE Rancher. While the process doesn’t seem to be completed yet, SUSE president of engineering and innovation, Sheng Liang, already sees NeuVector as the central element behind upcoming enhancements. 

Amongst other things, the code is meant to help fit SUSE Rancher with advanced cluster security features for configuration and compliance management, inspection, threat detection, and incident response. Rancher itself only joined SUSE in 2020 and has since started to slowly take over the place of SUSE’s own container platform CaaS.

Mirantis Secure Registry eyes wider adoption with 3.0 release

Mirantis Secure Registry recently reached its third major release which is the first iteration to run on “any standard Kubernetes 1.20 and above distribution”. Combined with the fact that MSR no longer requires dedicated nodes for deployment, the update could surely help turn the project into an option for a wider audience. Long-time users, who might still know MSR under the name of Docker Trusted Registry, should be aware that a reinstallation is in order to make use of the new features. However, improvements such as the grouping of jobrunner workers into deployments, and the configurability of TLS certificates, might be worth the hassle in some cases.

Apache Hop joins ranks of ASF top-level projects

After a good 15 months in the Apache Incubator, the Apache Software Foundation this week announced the promotion of data orchestration platform Apache Hop to top-level status. Hop is a reimagining of the ETL platform Kettle and looks to provide data professionals with a GUI for designing data pipelines and workflows that can be run on a number of platforms.

Java Operator SDK hits 2.0

Version 2.0 of the Java SDK for building Kubernetes Operators is now ready for consumption. Besides a wide variety of fixes, refactorings and minor improvements, users will probably be interested to learn that with the new release execution will only be rescheduled if there are no buffered events, and operators can be created without a KubernetesClient instance being present.

The update also comes with some major API changes, like ResourceController being renamed to Reconciler, or methods createOrUpdateResource and deleteResource have become reconcile and cleanup respectively. Operator builders are therefore well advised to check the migration guide for proposed adjustments to make sure their offerings keep working as expected before using the latest version of the SDK.

Istio vulnerable to privilege escalation

Istio users who have a Kubernetes Gateway CRD installed might be susceptible to a new privilege escalation attack. The associated vulnerability can be found in Istio 1.12.0 and 1.12.1 and means that users “who have CREATE permission for gateways.gateway.networking.k8s.io objects can escalate this privilege to create other resources that they may not have access to”. To mitigate the problem, admins are asked to change some settings as described in the Istio blog.