Learn Kubernetes Weekly issue 54 · 22 Nov 2023
Scaling long-lived connections, Up to 40% more performant with Cilium, Crossplane single-tenant architecture, SecurityContext with examples
Articles
Load balancing and scaling long-lived connections in Kubernetes
learnk8s.io
Kubernetes doesn't load balance long-lived connections, and some pods might receive more requests than others.
If you're using gRPC, AMQP or any other long-lived connection (e.g. database), you might want to consider client-side load balancing.
Unleashing the power of Cilium CNI to propel Trendyol's performance up to 40%!
medium.com
In this article, you will learn the thought process, benchmarks and tests completed by the team at Trendyol to achieve 40% better throughput performance and justify upgrading their CNI from Flannel to Cilium.
Leveraging Crossplane to deploy and manage a single-tenant architecture
medium.com
This case study discusses how ArgoCD and Crossplane simplify provisioning and maintaining dedicated environments for a single-tenant architecture.
Kubernetes exposed: one yaml away from disaster
blog.aquasec.com
Kubernetes clusters belonging to over 350 organizations were found to be openly accessible and largely unprotected, with at least 60% breached and used for malware deployment.
Learn the attacks (and mitigations) in this article.
Kubernetes SecurityContext with practical examples
medium.com
This article explores how SecurityContext in Kubernetes can enhance security by adjusting operating system settings, including process and filesystem permissions, making the root filesystem read-only, and limiting Linux process capabilities.
dev.to
The article shares tips and tricks for writing a Kubernetes operator using the Go operator-SDK, including log formatting, managing parent-child relationships, dealing with retries on conflicts, and utilizing Kubebuilder markers.
Articles worth checking out:
Tutorials
Kubernetes multicluster load balancing with Skupper
piotrminkowski.com
In this article, you will learn how to leverage Skupper for load balancing between app instances running on multiple Kubernetes clusters.
Kubernetes pod priority and preemption: how to ensure your critical pods get the resources they need
itnext.io
In this tutorial, you will learn about pod priority, preemption, and pod PriorityClass.
You will also learn how to use these features to ensure that your critical pods always get the resources they need.
Securing Kubernetes applications with CrowdSec intrusion detection system
itnext.io
This tutorial teaches you how to install and configure CrowdSec in a Kubernetes cluster and how to detect attacks on Kubernetes applications.
What does it take to build a Kubernetes cluster on bare metal?
In this episode of KubeFM, you will learn how to plan and execute a successful setup for a bare-metal Kubernetes cluster.
You will follow Mathias' journey as he rebuilt his cluster several times and learn how to:
- Identify dependencies and priorities between components to avoid incidents in the future.
- Leverage FluxCD to have a predictable and documented setup.
- Secure the nodes from external traffic with firewalls and Cilium cluster-wide network policies.
- Use Talos to have a self-contained Kubernetes operating system.
Mathias also shared tips and advice for other engineers embarking on the same process.
Kubernetes jobs
Site Reliability Engineer with Digital Waffle
Salary: €65K a year
Location: based in the office (and remote from home) in Birmingham, GB
Tech stack: Kubernetes, AWS, Docker, Java, Shell, Python, Terraform, Cloudformation, Jenkins, Travis CI
Machine Learning Engineer with FATHOM
Salary: $160K to $220K a year
Location: remote from the United States
Tech stack: Kubernetes, AWS, Airflow
DevSecOps Engineer with Angi
Salary: $175K to $185K a year
Location: remote from the United States
Tech stack: Kubernetes, AWS, On-premise, Helm, Python, SQL, Java, Scala, Ruby, Terraform
Discover more Kubernetes jobs on Kube Careers →
Code & tools
KubeSkoop: diagnose your Kubernetes network
github.com/alibaba
KubeSkoop is a networking diagnosis tool for different CNI plug-ins.
It automatically reconstructs the network traffic graph and monitors and analyses the kernel's critical path with eBPF to resolve most cluster network problems.
github.com/kubernetes-sigs
KWOK (Kubernetes-WithOut-Kubelet) is a toolkit that enables setting up a cluster of thousands of nodes in seconds.
Under the scene, all Nodes are simulated to behave like real ones, so the overall approach employs a pretty low resource footprint.
github.com/kubernetes-sigs
You can use the Kubernetes Descheduler to evict pods based on specific strategies so that the pods can be rescheduled onto more appropriate nodes.
github.com/fluxninja
Aperture is an intelligent load management platform for cloud-native applications.
Aperture provides capabilities such as concurrency limiting, rate limiting and auto-scaling.
KubeZoo: multi-tenancy gateway
github.com/kubewharf
KubeZoo is a gateway service that leverages the existing namespace model and adds multi-tenancy capability to existing Kubernetes.
KubeZoo provides view-level isolation among tenants by capturing and transforming the requests and responses.
Other interesting projects:
Upcoming Kubernetes events
Nov
25
Kubernetes and Cloud Native for beginners
In-person conference organized by Infosys & Infracloud.
Location: Pune, IN
This event requires an entrance fee
Nov
22
Harnessing the power of operators in Kubernetes
Online & in-person meetup organized by Cloud Native Vienna.
Location: Vienna, AT and virtual
This is a free event.
Nov
28
Optimizing resource usage in Kubernetes
Online webinar organized by JVM Group Stockholm.
This is a virtual event
This is a free event.
Nov
27
Advanced Kubernetes course (Munich)
In-person workshop organized by Learnk8s.
Location:
This event requires an entrance fee
Nov
24
Managing applications with Kubernetes
Online webinar organized by SpringPeople.
This is a virtual event
This is a free event.
Kubernetes call for papers
expired
KubeCon + CloudNativeCon Europe
The Call For Paper was open until 26 November 2023 at UTC. More info →
Location: Paris, FR
In-person conference organized by Linux Foundation.
The conference starts on the 19 March 2024.
- Apply here
expired
Kubernetes Community Days Costa Rica 2024
The Call For Paper was open until 1 February 2024 at UTC. More info →
Location: Heredia, CR
In-person conference organized by KCD Costa Rica.
The conference starts on the 1 March 2024.
- Apply here
expired
Kubernetes Community Days Romania 2024
The Call For Paper was open until 31 January 2024 at UTC. More info →
Location: Bucharest, RO
In-person conference organized by KCD Romania.
The conference starts on the 25 April 2024.
- Apply here
expired
Kubernetes Community Day São Paulo 2024
The Call For Paper was open until 3 December 2023 at UTC. More info →
Location: São Paulo, BR and virtual
Online & in-person conference organized by KCD Brasil.
The conference starts on the 23 February 2024.
- Apply here
expired
The Call For Paper was open until 4 December 2023 at UTC. More info →
Location: San Jose, CA, USA
In-person conference organized by Linux Foundation.
The conference starts on the 29 April 2024.
- Apply here
expired
The Call For Paper was open until 8 December 2023 at UTC. More info →
Location: Brussels, BE
In-person conference organized by FOSDEM.
The conference starts on the 4 February 2024.
- Apply here
expired
Open Source Camp on Kubernetes
The Call For Paper was open until 30 November 2023 at UTC. More info →
Location: Nuremberg, DE
In-person conference organized by NETWAYS.
The conference starts on the 27 February 2024.
- Apply here
expired
The Call For Paper was open until 1 December 2023 at UTC. More info →
Location: Birmingham, AL, USA
In-person conference organized by Devopsdays.
The conference starts on the 18 April 2024.
- Apply here
expired
The Call For Paper was open until 31 January 2024 at UTC. More info →
Location: Vilnius, LT and virtual
Online & in-person conference organized by DATA MINER.
The conference starts on the 20 May 2024.
- Apply here
Until next time!
— Dan