Learn Kubernetes Weekly issue 32
Reacting faster to nodes failures, IP and pod in EKS, kubelet authz, NATS with k3s, bypassing RBAC
21 Jun 2023
Articles
Kubernetes tip: how to make Kubernetes react faster when nodes fail?
Bhargav Bhikkaji
In this article, you will look at what flags (in the controller manager and kubelet) are involved in detecting failures in Kubernetes nodes and how you can tune those to react quicker to failures.
Daniele Polencic
When running an EKS cluster, you might face two issues:
- Running out of IP addresses assigned to pods.
- Low pod count per node (due to ENI limits).
In this article, you will learn how to overcome those.
Let's talk about kubelet authorization
Rory McCune
In this post, you will look at the Node authorization mode and NodeRestriction admission controller, which are used to provide rights to Kubelets to access the resources they need to function.
Exploring NATS as a backend for k3s
Byron Ruth
In this article, you will learn how to leverage K3s and KINE to replace etcd and stream all your state changes from the edge into a central location.
Abusing etcd to inject resources and bypass RBAC and admission controller restrictions
LoBuHi
In this article, you'll learn how to manually inject resources without restrictions from RBAC or Admission Controllers by replicating the target infrastructure or by exporting and importing ETCD entries while maintaining the byte length of each value.
CPU requests and limits in Kubernetes
Daniele Polencic
In Kubernetes, what should I use as CPU requests and limits?
Popular answers include:
- Always use limits!
- NEVER use limits, only requests!
- I don't use either; is it OK?
This article explores the answers.
Articles worth checking out:
Change tracking: diffs for your Kubernetes cluster
Robusta.dev
Did something change that you weren't aware of?
Rewind the clock.
Spot changes that occurred in your cluster right before an incident started.
Tutorials
Kubernetes in Kubernetes with vcluster
Artem Lajko
In this tutorial, you will learn how to run multiple nested clusters using vcluster, ArgoCD and k3s inside an AKS cluster.
Kubernetes first steps book (& videos!)
Learnk8s
TL;DR: In this course, you will learn how to package and deploy applications as Docker containers in a Kubernetes cluster.
You will also learn how to architect apps that are designed to be horizontally scalable.
sponsored
Sigstore's cosign and policy-controller with GKE, artifact registry and KMS
Mathieu Benoit
In this tutorial, you will learn how to sign container images with Cloud KMS and Google Artifact Registry and then only allow those signed images to run in a GKE cluster.
Enforce security and governance in Kubernetes using OPA Gatekeeper
Naresh Waswani
In this article, you will learn how to use the Open Policy Agent to enforce security and governance policies to have fine-grain control on the services running in a Kubernetes cluster.
How Telepresence improves your development workflow
Kayode Adeniyi
In this article, you will get your hands dirty on a Kubernetes cluster by automating artefact building and deployment using Skaffold and debugging the sample application with Telepresence.
More tutorials:
Kubernetes jobs
Platform Engineer with Fresha
Salary: £80K to £110K a year
Location: based in the office (and remote from home) in London (Remote-Hybrid)
Tech stack: Kubernetes, AWS, Python, Ruby, Terraform
DevSecOps Engineer with Lockheed Martin
Salary: $105K to $227.4K a year
Location: remote from the United States
Tech stack: Kubernetes, AWS, Shell, Python, Cloudformation, Gitlab, Jenkins
Discover more Kubernetes jobs on Kube Careers →
Code & tools
Selefra is an open-source policy-as-code software that provides analysis for multi-cloud and SaaS environments, including over 30 services such as AWS, GCP, Azure, Alibaba Cloud, Kubernetes, Github, Cloudflare, and Slack.
Kubernetes Resource Recommender is a CLI tool for optimizing resource allocation in Kubernetes clusters.
It gathers pod usage data from Prometheus and recommends requests and limits for CPU and memory.
This reduces costs and improves performance.
ClusterWatch provides a visualization of the Kubernetes cluster architecture with detailed descriptions and stats.
It also offers real-time metrics data, presented via Grafana charts, and built-in support for Prometheus and alerts.
Kubernetes workshops for your team: from zero to expert
Learnk8s
Learn and master Kubernetes networking, architecture, authentication, scaling, storage (and more) with Learnk8s' private training workshops.
sponsored
eien is a command line tool that manages and deploys apps to any Kubernetes cluster and abstracts all kubernetes concepts from you.
Other interesting projects:
Upcoming Kubernetes events
Jun
21
In-person meetup organized by München Kubernetes.
Location: München, DE
This is a free event.
Jun
24
In-person workshop organized by Vegas Programmers.
Location: Las Vegas, US
This is a free event.
Jun
26
Use Knative when you can, and Kubernetes when you must
Online meetup organized by Cloud Technology in the North.
This is a virtual event
This is a free event.
Jun
27
In-person conference organized by LF Projects.
Location: San Diego, US
This event requires an entrance fee
Jun
28
Navigating the GitOps landscape: a deep dive into the OpenGitOps working group
In-person meetup organized by Cloud Native Computing Rheinland.
Location: Köln, DE
This is a free event.
Discover more Kubernetes events on Kube Events →
Kubernetes Call for Papers
expired
Kubernetes Community Day Australia 2023
The Call For Paper was open until 30 June 2023 at UTC. More info →
Location: Sydney, AU
In-person conference organized by KCD Australia.
The conference starts on the 21 August 2023.
- Apply here
expired
Kubernetes Community Days Washington DC
The Call For Paper was open until 1 July 2023 at UTC. More info →
Location: Washington, DC, USA
In-person conference organized by KCD Washington DC.
The conference starts on the 12 September 2023.
- Apply here
expired
Kubernetes Community Days UK 2023
The Call For Paper was open until 2 July 2023 at UTC. More info →
Location: London, UK
In-person conference organized by KCD UK.
The conference starts on the 17 October 2023.
- Apply here
expired
Wearedevelopers World Congress
The Call For Paper was open until 19 July 2023 at UTC. More info →
Location:
In-person conference organized by WeAreDevelopers.
The conference starts on the 27 July 2023.
- Apply here
expired
The Call For Paper was open until 1 August 2023 at UTC. More info →
This is a virtual event
Online conference organized by Conf42.
The conference starts on the 7 September 2023.
- Apply here
expired
The Call For Paper was open until 19 August 2023 at UTC. More info →
Location: Cairo, EG
In-person conference organized by Devopsdays.
The conference starts on the 26 September 2023.
- Apply here
expired
The Call For Paper was open until 28 August 2023 at UTC. More info →
This is a virtual event
Online conference organized by Conf42.
The conference starts on the 28 September 2023.
- Apply here
expired
Kubernetes Community Days Texas
The Call For Paper was open until 30 August 2023 at UTC. More info →
Location: Irving, Texas, USA
In-person conference organized by KCD Texas.
The conference starts on the 6 October 2023.
- Apply here
expired
The Call For Paper was open until 11 September 2023 at UTC. More info →
Location: Tokyo, JP and virtual
Online & in-person conference organized by Linux Foundation.
The conference starts on the 5 December 2023.
- Apply here
Until next time!
— Dan
P.S.: if you wish to get in touch with me, just hit the reply button on this email!
Subscribe and, every Wednesday, receive the latest Kubernetes news!