Cloud Native Highlights: KubeCon 2020, PodSecurityPolicy GA, and Top K8s Resources

Industry Updates

The CNCF‑hosted Cloud Native + Open Source Virtual Summit China 2020 (July 30 – August 1, 2020) featured technical talks from CNCF TOC members, etcd authors, and senior Alibaba Cloud container experts. A recorded CNCF webinar included a presentation by Zhang Lei on building an application‑management platform on Kubernetes, covering concrete implementation patterns and the underlying design principles.

Upstream Kubernetes Changes

Seccomp support has reached General Availability. The release adds enforcement of the seccomp profile via the pod-security.kubernetes.io/seccomp annotation, integrating Seccomp checks into the PodSecurityPolicy admission controller.

Open‑Source Project Recommendations

Kubernetes The Hard Way – a step‑by‑step tutorial that guides users through manual installation of each Kubernetes control‑plane and node component (etcd, API server, controller manager, scheduler, kubelet, kube‑proxy). By avoiding automated scripts, the guide forces a deep understanding of component interactions, certificate management, networking, and kube‑adm alternatives.

kustomize‑controller – a server‑side controller that watches a Git repository, renders Kustomize overlays continuously, and applies the resulting manifests to a target cluster. It is designed for GitOps pipelines, handling template parameter substitution and patch generation automatically.

Technical Articles

Kubernetes – Pod Security Policies: A Fully Fleshed‑Out Example with Exception Management – explains how to define a restrictive PSP, configure required capabilities, and create whitelist exceptions for logging and monitoring workloads using podSecurityPolicy and runtimeClass annotations.

Alibaba Cloud Senior Technical Expert: Cloud‑Network Integration and Cloud‑Native Application Practices for 5G – discusses edge‑computing acceleration, integration of cloud networking with 5G back‑haul, and concrete patterns for deploying cloud‑native applications in a 5G‑enabled environment.

How to Dump OOM‑Killed Processes on Kubernetes – provides a method to retrieve core dumps or process state from containers terminated by the OOM killer, using kubectl exec with the --previous flag and accessing the container’s /proc filesystem.

I Made a Kubernetes Game Where You Explore Your Cluster and Destroy Pods – describes an open‑source Go project that visualizes a Kubernetes cluster as a game map, allowing users to discover resources and delete pods via an interactive UI, useful for learning cluster topology.