Learn Kubernetes weekly — issue 2

23 Nov 2022

TL;DR: Highlights from this week are: a BlaBlaCar case study on running Node.js on Kubernetes at scale and using Kyverno for multi-tenant governance.

Articles

1. The Kubernetes networking guide

   The purpose of The Kubernetes networking guide is to provide an overview of various Kubernetes networking components with a specific focus on exactly how they implement the required functionality.

2. Governing multi-tenant Kubernetes clusters with Kyverno

   Garrett Sweeney

   With Kyverno:

   • Invalid resources can be blocked with helpful errors.
   • Misconfigured resources can be corrected on the fly.
   • New resources can be dynamically generated.

   Learn how to use Kyverno to govern multi-tenant clusters in this article.

3. DNS on GKE: everything you need to know

   Abdellfetah SGHIOUAR

   This article tries to answer the following questions: when deciding on how to use DNS with GKE, what are the available native Kubernetes options, which options exist on Google Cloud, and how do these two things play together?

4. Operating Node.js in Kubernetes at scale at BlaBlaCar

   Guillaume Wuip

   In this case study, you will learn how BlaBlaCar uses CPU and memory metrics and other Kubernetes features to configure scaling for Node.js apps.

5. Accessing PVC data without the pod

   Richard Durso

   What do you do when Prometheus is stuck in a crash loop and the only fix is to delete a file within an unmountable PVC?

   This article explains how to reach the content of PVC volumes when the respective pod is unavailable.

6. Reduce the cost of running AKS cluster by leveraging Azure spot VMs

   Martin Gjoshevski

   There are many ways to optimise and cut costs when running your AKS cluster.

   In this article, you'll focus on using Azure Spot Virtual Machines.

   By simply utilising Spot VMs in your AKS architecture, you can realise savings of more than 70%.

Articles worth checking out:

• Managing Kubernetes without losing your cool

• Cubernetes

• Identifying vulnerabilities in your CI/CD pipeline before they reach the cluster

• Recommendations for Readiness and Liveness Probes

• Mo' tenancy, mo' problems

• Build a Kubernetes operator in 10 minutes

• Creating custom Crossplane providers

• Accessing Google Kubernetes private cluster through tunneling via private VM instance as jumphost

• Goodbye Sealed Secrets, hello sops

• Build an EKS cluster with Terraform

• Managing ingress traffic on Kubernetes platforms

• East-west communication in Kubernetes  —  how do services communicate within a cluster?

• Monitoring MySQL using Prometheus, Grafana and mysqld_exporter in Kubernetes

• K8s gateway API is here - what's in it for you?

Tutorials

1. How to configure PostgreSQL with SSL/TLS Support on Kubernetes

   Purna Poudel

   This tutorial describes detailed steps to deploy PostgreSQL on Kubernetes with SSL/TLS support using PersistentVolume, configMap, and secrets along with possible issues, troubleshooting steps and work-around.

2. Deploy a private Docker registry as a pod in Kubernetes

   Varun Kumar G

   In this tutorial, you'll deploy a TLS-enabled Private Docker Registry as a Pod.

   This will help you to push your custom-built images to the registry, which later can be pulled by any of the worker nodes.

3. How to handle deployments using Kubernetes

   Siddhantpradhan

   In this article you'll learn how to:

   • Use kubectl.
   • Create deployment YAML files.
   • Launch, update, and scale deployments.
   • Practice updating deployments using rolling, canary and blue-green strategies.

Kubernetes jobs

1. • Developer Advocate with NetApp

   • Salary: $165.06K to $201.74K a year

   • Location: remote from the United States

   • Tech stack: Kubernetes, AWS

2. • Site Reliability Engineer with NetApp

   • Salary: $166.5K to $203.5K a year

   • Location: remote from the United States

   • Tech stack: Kubernetes, GCP, AWS, Docker, Python, Shell, Go, Powershell, SQL, Ansible

Discover more Kubernetes jobs on Kube Careers →

Code & tools

1. kubescape/kubescape

   Kubescape is a tool that provides risk analysis, security compliance, RBAC visualizer and image vulnerabilities scanning.

2. boz/kail

   kail streams logs from all containers of all matched pods.

   You can match pods by service, replicaset, deployment, and others.

3. alnoda-workspaces/workspaces

   This project facilitates creating a containerized development, execution and admin environment for Kubernetes, Ansible and Terraform.

4. helmwave/helmwave

   Helmwave is a helm-native tool for deploying your Helm Charts.

   Helmwave is like docker-compose for Helm.

5. boltops-tools/kubes

   Kubes is a Kubernetes app deployment tool.

   It builds the docker image, creates the Kubernetes YAML, and runs kubectl apply.

Other interesting projects:

• awesome-it/adeploy

Upcoming Kubernetes events

1. Nov

   24

   Implementing zero-trust security for containers in EKS

   Online workshop organized by Tigera.

   • This is a virtual event

   • This is a free event.

2. Nov

   30

   From YAML to cluster: securing CI/CD pipelines & Kube security shifting left

   In-person meetup organized by Full Stack Developers Israel.

   • Location: Tel Aviv-Yafo, IL

   • This is a free event.

3. Nov

   30

   Kubebuilder: a framework for building Kubernetes APIs & managing manifests with Jsonnet

   In-person meetup organized by Prague Golang Meetup.

   • Location: Praha, CZ

   • This is a free event.

4. Nov

   30

   Understanding SBOMs: a practical guide to implementing NIST/CISA's Software Bill of Materials

   Online meetup organized by Kubernetes Dallas.

   • This is a virtual event

   • This is a free event.

5. Dec

   1

   kubectl apply -f cloud-Infrastructure.yaml with Crossplane

   In-person meetup organized by Cloud Native Night.

   • Location: Mainz, DE

   • This is a free event.

6. Dec

   6

   Advanced Kubernetes course

   In-person workshop organized by Learnk8s.

   • Location: Munich, DE

   • This event requires an entrance fee

Discover more Kubernetes events on Kube Events →

I just wanted to thank all of you who subscribed to the newsletter — I did not expect to reach 2k+ subscribers in the first 24 hours.

Thank you!

I'm still looking for feedback (good or bad), as this will help us prioritize the next feature you will see.

So far, we have had requests for release logs, an RSS version of the newsletter and more events (you can head over to kube.events for a full list and a more focussed newsletter).

Side note: we learned the hard way that Gmail truncates emails longer than 102KB. So you might not see this message unless you expand it! We are working on a fix.

What do you think of the newsletter? Anything you'd like to see? Hit the reply button and let me know!

Until next time!

— Dan

Subscribe and, every Wednesday, receive the latest Kubernetes news!