Learn Kubernetes Weekly issue 80 · 22 May 2024
Offensive techniques, Reaching the limitations of Linux, Beyond java -jar, Attacking and defending clusters, Advanced Gatekeeper policies
This newsletter is brought to you by Komodor — simplify cluster management and troubleshooting to unlock the full value of Kubernetes.
Next week: Should you use Kubernetes and Docker for your next project?
I'm hosting a webinar for people who are getting started with Kubernetes and want to learn more about the hype!
Articles
Top offensive techniques for Kubernetes
medium.com
This article considers various techniques in offensive Kubernetes security related to RBAC, Kubelet, Etcd, EKS, and admission controllers.
Understanding the Kubernetes release cycle and how to prepare for EOL
komodor.com
Understanding how Kubernetes releases work and being aware of EOL timelines is essential.
Teams must be aware of the need to transition to supported versions to maintain operational efficiency, security, and access to the latest features.
sponsored
Reaching the limitations of Linux with environment variables
medium.com
This case study follows two engineers who encountered issues with Elasticsearch pods, leading to high CPU spikes.
Excessive environment variables in Kubernetes namespaces caused the root cause, which was resolved by turning off
enableServiceLinks.Running JVM applications on Kubernetes: beyond java -jar
thiago-mendes.medium.com
The article provides essential tips for optimizing JVM applications running on Kubernetes, focusing on ergonomics, memory sizing, CPU overbooking, and HPA configuration.
Attacking and defending Kubernetes clusters
medium.com
This article explores Kubernetes clusters' vulnerabilities, demonstrating an attack using the MITRE att&ck matrix.
It also discusses defense strategies, including contacting the GCP metadata api and implementing security best practices.
Advanced Gatekeeper policies : rejecting a node assignment
medium.com
The article discusses the use of advanced Gatekeeper policies in Kubernetes to reject a node assignment under specific conditions.
The author explains the process of node assignment and how to effectively test the policy using a CLI tool called Gator.
Articles worth checking out:
The continuous Kubernetes reliability platform
Komodor
Simplify cluster management and troubleshooting to unlock the full value of Kubernetes and drive innovation at scale.
Tutorials
Running GPU-Accelerated LLM workloads on EKS
medium.com
In this tutorial, you will learn how to run a GPU-accelerated open-source Large Language Model (LLM) inference workload using Elastic Kubernetes Service (EKS).
A practical approach to signed and encrypted container images
pradiptabanerjee.medium.com
The tutorial discusses the importance of using signed and encrypted container images to enhance security in Kubernetes workloads.
It uses Podman to create, sign, and verify container images on standalone systems and Kubernetes clusters.
Securing front-end applications in Kubernetes with SSL/TLS
semaphoreci.com
This article discusses securing front-end applications in Kubernetes with SSL/TLS.
The article also provides a step-by-step guide on deploying a sample front-end application and requesting a certificate.
Calico and Kubernetes: a perfect pair for robust Network Policy
sagarkrp.medium.com
This tutorial discusses how network policies can restrict pod communication, showcases examples of implementing policies with Calico, and highlights the importance of defining rules for pod communication within namespaces.
In this KubeFM episode, Faris shares his experience managing CoreDNS and scaling Kubernetes clusters with 900 nodes and 15k pods.
He shares the challenges and solutions encountered during an incident, providing valuable insights into maintaining a robust Kubernetes environment.
You will learn:
- The importance of scaling the Kubernetes control plane for large clusters.
- Strategies for optimizing CoreDNS to ensure efficient DNS resolution and prevent incidents.
- The pros and cons of using VictoriaMetrics versus Prometheus for monitoring and observability.
- Tips for maintaining a calm and effective team dynamic during high-stress situations.
Kubernetes jobs
Engineering Manager with Sefaria
Salary: ₪348K to ₪396K a year
Location: remote from Israel
Tech stack: Kubernetes, Python, SQL, Javascript
Site Reliability Engineer with Commify
Salary: €78K to €82K a year
Location: based in the office (and remote from home) in Bucharest, RO
Tech stack: Kubernetes, Azure, Shell, Python, Ruby, C#, Powershell, Terraform, Azure DevOps, Jenkins
Software Engineer with Mercari
Salary: ¥4.8M to ¥6.34M a year
Location: remote from Japan
Tech stack: Kubernetes, AWS, GCP, Go, SQL, Javascript, Java, PHP, Swift, Kotlin
Site Reliability Engineer with Commify
Salary: £70K to £75K a year
Location: based in the office (and remote from home) in Nottingham, GB
Tech stack: Kubernetes, Azure, Shell, Python, Ruby, C#, Powershell, Terraform, Azure DevOps, Jenkins
Discover more Kubernetes jobs on Kube Careers →
Code & tools
github.com/learnk8s
This repository contains a list of free trials/credits for Managed Kubernetes Services.
Crossplane troubleshooting tool
github.com/komodorio
Crossplane Tool is a project designed to experiment with visualizing Crossplane resources.
The goal is to help Crossplane users understand the structure of their control plane resources and speed up troubleshooting.
sponsored
github.com/lucky-sideburn
With k-inv, you can stress a Kubernetes cluster in a fun way and check its resilience by playing space invaders.
github.com/kubernetes-sigs
E2E Framework is a Go framework for end-to-end testing of components running in Kubernetes clusters.
The primary goal is to use the native Go testing API to define end-to-end test suites that can be used to test Kubernetes components.
pv-migrate: migrate persistent volumes
github.com/utkuozdemir
pv-migrate is a CLI tool/kubectl plugin to easily migrate the contents of one Kubernetes PersistentVolumeClaim to another.
Other interesting projects:
Upcoming Kubernetes events
May
22
Kubernetes Community Days New York 2024
In-person conference organized by KCD New York.
Location: New York, NY, USA
This event requires an entrance fee
Use LK8SINKCDNY2024 to get 10% off
May
23
Online meetup organized by CNCF Online Programs.
This is a virtual event
This is a free event.
May
23
The impact of leader election on the Kubernetes API and an investigation into alternatives
Online & in-person meetup organized by NGINX Community Group: Cork Chapter.
Location: Cork, IE and virtual
This is a free event.
May
27
Advanced Kubernetes course (Singapore)
In-person workshop organized by Learnk8s.
Location:
This event requires an entrance fee
May
27
In-person conference organized by Devopsdays.
Location: Montréal, CA
This event requires an entrance fee
May
30
Should you use Kubernetes and Docker in your next project?
Online webinar organized by Learnk8s.
This is a virtual event
This is a free event.
Kubernetes call for papers
expired
The Call For Paper was open until 10 June 2024 at UTC. More info →
Location: Salt Lake City, UT, USA and virtual
Online & in-person conference organized by Linux Foundation.
The conference starts on the 12 November 2024.
- Apply here
expired
The Call For Paper was open until 4 June 2024 at UTC. More info →
Location: London, UK
In-person conference organized by KCD UK.
The conference starts on the 23 October 2024.
- Apply here
expired
Kubernetes Community Days Washington DC 2024
The Call For Paper was open until 3 June 2024 at UTC. More info →
Location: Washington, DC, USA
In-person conference organized by KCD Washington DC.
The conference starts on the 24 September 2024.
- Apply here
expired
The Call For Paper was open until 29 June 2024 at UTC. More info →
Location: Medellín, CO
In-person conference organized by Linux Foundation.
The conference starts on the 9 October 2024.
- Apply here
expired
Kubernetes Community Days Austria 2024
The Call For Paper was open until 23 June 2024 at UTC. More info →
Location: Vienna, AT
In-person conference organized by KCD Austria.
The conference starts on the 8 October 2024.
- Apply here
expired
The Call For Paper was open until 14 June 2024 at UTC. More info →
Location: Santa Clara, CA, USA
In-person conference organized by DevNetwork.
The conference starts on the 5 November 2024.
- Apply here
expired
The Call For Paper was open until 24 May 2024 at UTC. More info →
Location: London, UK
In-person conference organized by Devopsdays.
The conference starts on the 26 September 2024.
- Apply here
expired
The Call For Paper was open until 5 August 2024 at UTC. More info →
This is a virtual event
Online conference organized by Conf42.
The conference starts on the 5 September 2024.
- Apply here
Until next time!
— Dan