Learn Kubernetes weekly — issue 16

1 Mar 2023

  1. We built network isolation for 1,500 services to make Monzo more secure

    Jack Kleeman

    In this article, you'll learn how the team at Monzo gradually rolled out NetworkPolicies for over 1,500 microservices.

    The article describes some interesting techniques for mapping in and outbound connections and some limitations of NetworkPolicies.

  2. Lesson learned while scaling Kubernetes cluster to 1000 pods in AWS EKS

    Prashant Lakhera

    In this article, you will follow Prashant's journey in scaling EKS to 1000+ pods and learn how to overcome these challenges:

    • AWS resource limits.
    • IP addresses exhaustion.
    • Packets drop.
    • Control plane performance issues.
  3. Kubernetes authentication sidecars: a revelation in microservice architecture

    Matt Bentley

    In this article, you will learn how to solve authentication in a reusable way using sidecar containers in Kubernetes.

  4. How to avoid global outage — seamlessly migrating DaemonSet labels

    Grzegorz Skołyszewski

    In this case study, you'll learn how the team at Prezi managed to update the CSI driver installed as DaemonSet.

    This required working around the immutable spec.selector.matchLabel and spec.template.metadata.labels fields.

  5. Comparing Kubernetes operators for PostgreSQL part 2: cloudnativepg

    Alexandr Shabalin

    In this article, you’ll discuss CloudNativePG along with its features and capabilities.

    You will then compare it to Stolon, Crunchy Data, Zalando, KubeDB, and StackGres.

  6. The journey to speed up running OCI containers

    Giuseppe Scrivano

    Over 5 years, the total time needed to create and destroy an OCI container has passed from almost 160ms to a little bit more than 5ms.

    Learn what's changed in this article.

Articles worth checking out:

    • Platform Engineer with SCIGILITY

    • Salary: CHF 115K to CHF 130K a year

    • Location: remote from Switzerland

    • Tech stack: Kubernetes, On-premise, Azure, AWS, GCP, Docker, Python, Terraform, Ansible

    • DevOps Engineer with CivicActions

    • Salary: $95K to $135K a year

    • Location: remote from the United States

    • Tech stack: Kubernetes, AWS, Helm, Docker, PHP, Terraform, Gitlab, Jenkins, Ansible

Discover more Kubernetes jobs on Kube Careers →

  1. kyverno/kyverno

    Kyverno is a policy engine designed for Kubernetes.

    It can validate, mutate, and generate configurations using admission controls and background scans.

    Kyverno policies are Kubernetes resources and do not require learning a new language.

  2. edgelesssys/constellation

    Constellation is a Kubernetes engine that wraps your cluster into a single confidential context that is shielded from the underlying cloud infrastructure.

    Everything inside is always encrypted, including at runtime in memory.

  3. controlplaneio/badrobot

    Badrobot is a Kubernetes Operator audit tool.

    It statically analyses manifests for high-risk configurations such as lack of security restrictions on the deployed controller and the permissions of an associated clusterole.

  4. karlkfi/kubexit

    kubexit is a command supervisor for coordinated Kubernetes pod container termination.

  5. jovianx/service-hub

    Service Hub is a tool to create and manage a Self-Service portal for your applications using Kubernetes and Helm.

Other interesting projects:

Upcoming Kubernetes events

  1. Mar


    My experience on what to expect and how to prepare for the Kubernetes Certification exams

    Online meetup organized by Cloud Native Canada.

    • This is a virtual event

    • This is a free event.

  2. Mar


    Learn more about Kubernetes

    Online & in-person meetup organized by RTL Tech Meetup Group.

    • Location: Amsterdam, NL and virtual

    • This is a free event.

  3. Mar


    Kubernetes capture the flag

    In-person meetup organized by Kubernetes Nürnberg.

    • Location: Nürnberg, DE

    • This is a free event.

  4. Mar


    Kubernetes Community Days France

    In-person conference organized by KCD France.

    • Location: Paris, FR

    • This event requires an entrance fee

  5. Mar


    Advanced Kubernetes course

    Online workshop organized by Learnk8s.

    • This is a virtual event

    • This event requires an entrance fee

Discover more Kubernetes events on Kube Events →

Kubernetes Call for Papers

  1. expired

    Devopsdays Baltimore

    The Call For Paper was open until 1 March 2023 at UTC. More info →
    • Location: Baltimore, US

    • In-person conference organized by Devopsdays.

    • The conference starts on the 23 May 2023.

    • Apply here
  2. expired


    The Call For Paper was open until 3 March 2023 at UTC. More info →
    • Location: Toronto, CA

    • In-person conference organized by KubeHuddle.

    • The conference starts on the 17 May 2023.

    • Apply here
  3. expired

    DevOps global summit

    The Call For Paper was open until 3 March 2023 at UTC. More info →
    • This is a virtual event

    • Online conference organized by Geekle.

    • The conference starts on the 4 April 2023.

    • Apply here

Until next time!

— Dan

Subscribe and, every Wednesday, receive the latest Kubernetes news!

Or follow us on: