Learn Kubernetes Weekly issue 81 · 29 May 2024

Kubernetes at Decathlon, Webhook used by attackers, When is admin not admin? HPA based on Google Calendar, Database in Kubernetes: a good idea?

This newsletter is brought to you by Otterize — automate workload IAM policies: zero-friction development, zero-trust security.

Articles

Kubernetes webhook used by attackers
security.padok.fr
This article explains how malicious admission controllers can be used to deploy backdoors, emphasizing the importance of surveillance and tools like Falco for detecting such attacks.
When is admin not admin? When it's super-admin!
raesene.github.io
The article discusses a change in Kubernetes 1.29 , where the default admin.conf credential is no longer a member of the system:masters group and a new super-admin.conf credential has been introduced.
Kubernetes HPA based on events in Google Calendar
tkachuk09.medium.com
In this article, you will learn how to dynamically scale deployments using the Horizontal Pod Autocaler and Google Calendar.
Seamless data exchange with Kafka Connect and Strimzi on Kubernetes at Decathlon
medium.com
Decathlon uses Apache Kafka and Strimzi on Kubernetes for data streaming, processing 50M+ events daily.
Learn how they faced and solved data interconnections and Kafka Connect cluster deployment challenges.
Database in Kubernetes: is that a good idea?
medium.com
This article discusses the controversy surrounding the deployment of databases in Kubernetes, highlighting the challenges with stateful services.
It explores the trade-offs in reliability, security, performance, and complexity.
Rightsizing Kubernetes requests/limits usage
tjtharrison.medium.com
In this article, you'll learn the importance of rightsizing Kubernetes requests and limits and highlight the impact of overprovisioning on resource utilization.
You'll also discover how to identify and correct skewed resource allocation.

Articles worth checking out:

Human readable Network Policies and Kafka ACLs

Otterize

Instead of managing pod identities and manually authoring individual network policies, Otterize implements intent-based access control (IBAC).

Declare what the pods can do, and everything is automatically wired together.

Human readable Network Policies and Kafka ACLs

Tutorials

Multi-environment Kubernetes setup with Flux and vCluster on AWS
medium.com
This tutorial explores using Flux and vCluster to build an adaptable environment that smoothly transitions through various stages of application development: from development to production.
Setting up a K3S cluster on Alpine Linux with Raspberry Pi 5 using a Mac
medium.com
This article guides you through setting up a K3S cluster on Alpine Linux with Raspberry Pi 5.
It covers installing Alpine Linux, preparing the SD card, configuring the RPi, installing K3S, and managing the system for a standalone or cluster setup.
Efficient cloud native application deployment — KCL and KubeVela integration
blog.devgenius.io
Through this guide, you'll learn how to deploy apps using KubeVela and KCL.
It discusses the benefits of this integration and provides a step-by-step workflow for application deployment.

Hacking Alibaba Cloud's Kubernetes cluster

In this KubeFM episode, Hillai and Ronen, security researchers at Wiz, explore the intricacies of hacking Alibaba Cloud's Kubernetes cluster.

They share their experiences and insights on identifying and exploiting vulnerabilities, mainly focusing on misconfigurations and their impact on cloud security.

You will learn:

How Hillai and Ronen gained access to a Kubernetes cluster through a Postgres database.
How they moved laterally and managed to obtain push and pull rights to a private container registry.
Recommendations for securing multi-tenant Kubernetes clusters and maintaining environment hygiene.

Hacking Alibaba Cloud's Kubernetes cluster

Kubernetes jobs

- Site Reliability Engineer with Commify
- Salary: €78K to €82K a year
- Location: based in the office (and remote from home) in Bucharest, RO
- Tech stack: Kubernetes, Azure, Shell, Python, Ruby, C#, Powershell, Terraform, Azure DevOps, Jenkins
- Software Engineer with Mercari
- Salary: ¥4.8M to ¥6.34M a year
- Location: remote from Japan
- Tech stack: Kubernetes, AWS, GCP, Go, SQL, Javascript, Java, PHP, Swift, Kotlin
- Site Reliability Engineer with Commify
- Salary: £70K to £75K a year
- Location: based in the office (and remote from home) in Nottingham, GB
- Tech stack: Kubernetes, Azure, Shell, Python, Ruby, C#, Powershell, Terraform, Azure DevOps, Jenkins
- Software Engineer with Monta
- Salary: kr. 540K to kr. 660K a year
- Location: based in the office (and remote from home) in Copenhagen, DK
- Tech stack: Kubernetes, AWS, Docker, Java, Kotlin, Redis, MySQL, Grafana, Prometheus, Loki

Discover more Kubernetes jobs on Kube Careers →

Code & tools

Omni: SaaS deployment of Kubernetes
github.com/siderolabs
Omni is a SaaS-simple deployment of Kubernetes - on your hardware.
It allows you to start with bare metal, virtual machines or a cloud provider and create clusters spanning all your locations with a few clicks.
cdebug: container debugging
github.com/iximiuz
cdebug is a swiss army knife of container debugging:
- Troubleshoot containers lacking shell.
- Forward unpublished or even localhost ports to your host system.
- Expose endpoints from the host system to containers & Kubernetes networks.
Percona Operator for MySQL
github.com/percona
Percona Operator for MySQL follows our best practices for deployment and configuration of highly available, fault-tolerant MySQL instances in a Kubernetes-based environment on-premises or in the cloud.
Kubernetes Web View
codeberg.org
Kubernetes Web View allows you to list and view all Kubernetes resources (including CRDs) with permalink-friendly URLs on a plain HTML frontend.
This tool was mainly developed to provide a web version of kubectl for troubleshooting.
Declarative TUI dashboard
github.com/everettraven
buoy is a declarative TUI dashboard for Kubernetes.
You define your dashboard in a JSON file, and it will fetch the information from your Kubernetes cluster and build a dashboard for viewing the requested content right in your terminal window.

Other interesting projects:

Subscribe to Learn Kubernetes Weekly

Trusted by 77K engineers. Delivered 150 issues and counting.

or subscribe via

Upcoming Kubernetes events

May
30
Should you use Kubernetes and Docker in your next project?
Online webinar organized by Learnk8s.
- This is a virtual event
- This is a free event.
May
30
Running 10,000 ephemeral stateful jobs in managed Kubernetes daily
Online & in-person meetup organized by Cloud Native Prague.
- Location: Prague, CZ and virtual
- This is a free event.
Jun
4
Devopsdays Ukraine: let's talk security
Online conference organized by Devopsdays.
- This is a virtual event
- This event requires an entrance fee
Jun
5
The state of ingress: why do we need Gateway API?
Online meetup organized by CNCF Online Programs.
- This is a virtual event
- This is a free event.
Jun
6
Kubernetes Community Days Czech Slovak 2024
Online & in-person conference organized by KCD Czech & Slovak.
- Location: Prague, CZ and virtual
- This event requires an entrance fee
- - Use Learnk8s to get 20% off
Jun
13
Advanced Kubernetes course
Online workshop organized by Learnk8s.
- This is a virtual event
- This event requires an entrance fee

Discover more Kubernetes events on Kube Events →

Thanks to our sponsors who make Kube Today possible

Find out more about being a sponsor →

Kubernetes call for papers

expired
KubeCon North America
The Call For Paper was open until 10 June 2024 at UTC. More info →
Location: Salt Lake City, UT, USA and virtual
Online & in-person conference organized by Linux Foundation.
The conference starts on the 12 November 2024.
Apply here
expired
Kubernetes Community Days UK
The Call For Paper was open until 4 June 2024 at UTC. More info →
Location: London, UK
In-person conference organized by KCD UK.
The conference starts on the 23 October 2024.
Apply here
expired
Kubernetes Community Days Washington DC 2024
The Call For Paper was open until 3 June 2024 at UTC. More info →
Location: Washington, DC, USA
In-person conference organized by KCD Washington DC.
The conference starts on the 24 September 2024.
Apply here
expired
Kubeday Colombia
The Call For Paper was open until 29 June 2024 at UTC. More info →
Location: Medellín, CO
In-person conference organized by Linux Foundation.
The conference starts on the 9 October 2024.
Apply here
expired
Kubernetes Community Days Austria 2024
The Call For Paper was open until 23 June 2024 at UTC. More info →
Location: Vienna, AT
In-person conference organized by KCD Austria.
The conference starts on the 8 October 2024.
Apply here
expired
Kubernetes Community Days Lahore 2024
The Call For Paper was open until 22 June 2024 at UTC. More info →
Location: Lahore, PK
In-person conference organized by KCD Lahore.
The conference starts on the 7 July 2024.
Apply here
expired
Kube Native 2024
The Call For Paper was open until 26 August 2024 at UTC. More info →
This is a virtual event
Online conference organized by Conf42.
The conference starts on the 26 September 2024.
Apply here
expired
CloudX 2024
The Call For Paper was open until 14 June 2024 at UTC. More info →
Location: Santa Clara, CA, USA
In-person conference organized by DevNetwork.
The conference starts on the 5 November 2024.
Apply here
expired
Platform Engineering 2024
The Call For Paper was open until 5 August 2024 at UTC. More info →
This is a virtual event
Online conference organized by Conf42.
The conference starts on the 5 September 2024.
Apply here