Learn Kubernetes Weekly issue 33

On-premise load balancer, pods rebalancing, RBAC privilege escalation, multi-tenancy, de-cloud and de-k8s

28 Jun 2023

Articles

1. In house Kubernetes load balancer architecture on-premises

   Kevin Jonathan Harnanta

   In this article, you will learn how to build an external load balancer (similar to MetalLB) from scratch by writing a Node Watcher, Webhook and Template engine.

2. Pod rebalancing and allocations in Kubernetes

   Daniele Polencic

   If there's a node that has more space, does Kubernetes recompute and balance the workloads?

   Find out why Kubernetes doesn't rebalance pod and how you can fix this with the Descheduler.

3. Mitigating RBAC-based privilege escalation in popular Kubernetes platforms

   Yuval Avrahami

   In this article, you will look into the different mitigations implemented to address privilege escalation and powerful permissions in Kubernetes.

4. Reversing the workflow with External Secrets Operator's push secret feature

   Emin Alemdar

   The External Secrets Operator allows the fetching of secret data from external secret management providers.

   But a less known feature is that you can push Kubernetes secrets to third parties.

   You can use this feature to migrate secrets between providers.

5. Multi-tenancy in Kubernetes

   Daniele Polencic

   Should you have more than one team using the same Kubernetes cluster? Can you run untrusted workloads safely from untrusted users? Does Kubernetes do multi-tenancy?

   This article will explore the challenges of running a cluster with multiple tenants.

6. De-cloud and de-k8s — bringing our apps back home

   Farah Schüller

   In this article, you will follow the unusual journey of the 37signals' team that decided to move their workloads from EKS to on-prem virtual machines.

   You will learn the challenges as well as the tools that they developed to support the migration.

Articles worth checking out:

• Memory requests and limits in Kubernetes

• Autoscaling ingress controllers in Kubernetes

• Comparing k3s with Kubernetes

• Renegade cluster

• Clickops vs. Crossplane: deploying to the clouds from a beginner's perspective

• Kubernetes from a developers's point of view

• How can pods talk to one another? A brief guide to Kubernetes networking

• Properly install EFS CSI driver on EKS cluster

• How we deploy 5x faster with warm Docker containers

• Painless controller testing with e2e-framework and Tilt

Change tracking: diffs for your Kubernetes cluster

Robusta.dev

Did something change that you weren't aware of?

Rewind the clock.

Spot changes that occurred in your cluster right before an incident started.

Tutorials

1. Desktop client for Kubernetes: Aptakube

   Aptakube

   Aptakube is a fast, lightweight and modern GUI for Kubernetes.

   Avoid context switching by connecting to multiple clusters simultaneously! Metrics, Aggregated Log Viewer, Quick Actions, YAML Editor, and more — all sleekly bundled into a compact app!

   sponsored

2. WASI node pools for AKS with Pulumi

   Engin Diri

   Microsoft transitioned from krustlet to containerd shims for operating WASM workloads in their WASI node pools in AKS.

   In this tutorial, you will learn how to deploy WASM applications to AKS using the WasmNodePoolPreview feature.

3. Kubernetes first steps book (& videos!)

   Learnk8s

   TL;DR: In this course, you will learn how to package and deploy applications as Docker containers in a Kubernetes cluster.

   You will also learn how to architect apps that are designed to be horizontally scalable.

   sponsored

4. Writing a Kubernetes operator

   Dmitry Dodzin

   In this beginner-friendly tutorial, you will follow the examples and learn how to write a Kubernetes operator from scratch.

5. How to promote releases between GitOps environments

   Mattias Fjellström

   In this tutorial, you will learn how to promote releases between GitOps environments using GitHub Actions and Helm-charts instead of plain Kubernetes manifests with some Kustomize overlays.

More tutorials:

• Spring Boot web app with Kubernetes

Kubernetes jobs

1. • Site Reliability Engineer with British Government

   • Salary: £55.4K to £74.6K a year

   • Location: based in the office (and remote from home) in London (Remote-Hybrid)

   • Tech stack: Kubernetes, AWS, Azure, Python, Terraform, Cloudformation, Jenkins

2. • Site Reliability Engineer with Insider, Inc.

   • Salary: $150K to $220K a year

   • Location: remote from the United States

   • Tech stack: Kubernetes, AWS, GCP, Shell, Python, Go, Terraform, Cloudformation, Pulumi, Jenkins

Discover more Kubernetes jobs on Kube Careers →

Code & tools

1. kruize/autotune

   Kruize Autotune accepts a user-provided "SLO" goal to optimize application performance.

   It uses Prometheus to identify "layers" of an application that it is monitoring and matches tunables from those layers to the user-provided SLO.

2. helmfile/helmfile

   Helmfile is a declarative specification for deploying Helm charts.

   It lets you:

   • Keep a directory of chart value files and maintain changes in version control.
   • Apply CI/CD to configuration changes.
   • Periodically sync to avoid skew in environments.

3. xenitab/spegel

   Spegel is a stateless cluster local OCI registry mirror that enables each node in a cluster to act as a local registry mirror, allowing nodes to share images between themselves.

4. kubernetes-sigs/descheduler

   You can use the Kubernetes Descheduler to evict pods based on specific strategies so that the pods can be rescheduled onto more appropriate nodes.

5. redactics/http-nas

   http-nas is a lightweight Node.js HTTP-based file streaming service that functions as NAS (network-attached storage) with Kubernetes and Airflow usage in mind.

Other interesting projects:

• tonedefdev/kubecsr

• kubescape/cel-admission-library

• juicedata/juicefs

• devops-nirvana/grafana-dashboards

Upcoming Kubernetes events

1. Jun

   28

   Navigating the GitOps landscape: a deep dive into the OpenGitOps working group

   In-person meetup organized by Cloud Native Computing Rheinland.

   • Location: Köln, DE

   • This is a free event.

2. Jun

   28

   Using virtual clusters for development and CI/CD workflows

   Online webinar organized by Loft Labs.

   • This is a virtual event

   • This is a free event.

3. Jun

   29

   Power up your Kubernetes on AWS

   In-person meetup organized by AWS.

   • Location: Genève, CH

   • This is a free event.

4. Jun

   29

   How Tetragon can help you take your Kubernetes defense to the next level

   In-person meetup organized by München Kubernetes/Cloud Native Meetup.

   • Location: München, DE

   • This is a free event.

5. Jun

   29

   Debugging Java containers in Kubernetes

   Online meetup organized by Sogeti Java Community Meetup.

   • This is a virtual event

   • This is a free event.

6. Aug

   22

   DeveloperWeek Cloud

   Online conference organized by DevNetwork.

   • This is a virtual event

   • This event requires an entrance fee

7. Sept

   19

   Software Architecture fwdays'23

   Online & in-person conference organized by fwdays.

   • Location: Astarta, UA and virtual

   • This event requires an entrance fee

   • • Use 2C9F3DEFD6 to get 10% off

Discover more Kubernetes events on Kube Events →

Kubernetes Call for Papers

1. expired

   Kubernetes Community Day Australia 2023

   The Call For Paper was open until 30 June 2023 at UTC. More info →

   • Location: Sydney, AU

   • In-person conference organized by KCD Australia.

   • The conference starts on the 21 August 2023.

   • Apply here

2. expired

   Kubernetes Community Days Washington DC

   The Call For Paper was open until 1 July 2023 at UTC. More info →

   • Location: Washington, DC, USA

   • In-person conference organized by KCD Washington DC.

   • The conference starts on the 12 September 2023.

   • Apply here

3. expired

   Kubernetes Community Days UK 2023

   The Call For Paper was open until 2 July 2023 at UTC. More info →

   • Location: London, UK

   • In-person conference organized by KCD UK.

   • The conference starts on the 17 October 2023.

   • Apply here

4. expired

   Kubernetes Community Days Austria 2023

   The Call For Paper was open until 31 July 2023 at UTC. More info →

   • Location: Vienna, AT

   • In-person conference organized by KCD Austria.

   • The conference starts on the 26 September 2023.

   • Apply here

5. expired

   Data on Kubernetes Day

   The Call For Paper was open until 7 August 2023 at UTC. More info →

   • Location: Chicago, IL, USA

   • In-person conference organized by DoK.

   • The conference starts on the 6 November 2023.

   • Apply here

6. expired

   Devopsdays Cairo

   The Call For Paper was open until 19 August 2023 at UTC. More info →

   • Location: Cairo, EG

   • In-person conference organized by Devopsdays.

   • The conference starts on the 26 September 2023.

   • Apply here

7. expired

   Kube Native 2023

   The Call For Paper was open until 28 August 2023 at UTC. More info →

   • This is a virtual event

   • Online conference organized by Conf42.

   • The conference starts on the 28 September 2023.

   • Apply here

8. expired

   Kubernetes Community Days Texas

   The Call For Paper was open until 30 August 2023 at UTC. More info →

   • Location: Irving, Texas, USA

   • In-person conference organized by KCD Texas.

   • The conference starts on the 6 October 2023.

   • Apply here

9. expired

   Open Source Summit Japan 2023

   The Call For Paper was open until 11 September 2023 at UTC. More info →

   • Location: Tokyo, JP and virtual

   • Online & in-person conference organized by Linux Foundation.

   • The conference starts on the 5 December 2023.

   • Apply here

Until next time!

— Dan

Subscribe and, every Wednesday, receive the latest Kubernetes news!