Learn Kubernetes Weekly issue 37

Understand container metrics, tracing pod to pod network traffic, Envoy WASM extensions, Docker networking models

26 Jul 2023

Articles

Understand container metrics and why they matter
Ian Kiprotich
In this 2-part article, you will explore the key metrics to scrape in your cluster.
Tracing pod to pod network traffic in Kubernetes
Daniele Polencic
How does Pod to Pod communication work in Kubernetes? How does the traffic reach the pod?
In this article, you will dive into how low-level networking works in Kubernetes.
Plugins case study: Envoy WASM extensions
Eli Bendersky
The article dives into the capabilities and performance requirements of custom network filter plugins for Envoy and how WASM is a good fit for that (provided there's an adequate ABI).
Docker networking model s
HungWei Chiu
This article provides an overview of several basic network models for Docker Containers:
1. None.
2. Host.
3. Bridge.
4. Container:$ID.
Kubernetes API server: the storage interface
Daniel Magnum
The primary function of the Kubernetes API Server is to ingest data, store it, and then return it when requested.
In this article, you will learn how the API Server stores data.
CrowdStrike discovers first-ever Dero cryptojacking campaign targeting Kubernetes
Benjamin Grap, Manoj Ahuje
In this article, you will dissect how an attacker can gain access to a Kubernetes cluster that allows anonymous access to mine cryptocurrency.
In the process, you will uncover:
- Usage of DaemonSets to utilize all nodes.
- "Fake" pause containers.

Articles worth checking out:

Free Manning Early Access: Road to Kubernetes eBook

Akamai

Fifteen years of deployment experience into one accessible, practical guide.

You'll learn sustainable deployment practices you can use with any language and see how Kubernetes can be used for projects of any size.

Tutorials

Enhancing Kubernetes security with KubeArmor
Alexandr Ivenin
In this tutorial, you will learn how to use Kubearmor to have granular control over container behaviour, allowing you to enforce security policies tailored to their needs.
Cook up a k3s cluster on Raspberry Pies with Ansible
Nermin Sehovic
In this tutorial, you will learn how to install a k3s cluster on a Raspberry Pi using Ansible.
Building your own Kubernetes playground: a step-by-step guide to setting up a home lab with ingress and DNS
Gareth Hunt
In this tutorial, you will learn how to set up a Kubernetes playground for local testing using Rancher Desktop, containerd and Istio.
Serving dnsmasq as a cache DNS service in Kubernetes with UDP loadbalancer
Uğur Akgül
In this tutorial, you will learn how to configure a dnsmasq deployment and an NGINX service to load balance UDP packets (DNS queries).
Fearless distroless
Nicolas Fränkel
In this tutorial, you will discuss how Distroless container images benefit from smaller image size but come with a trade-off: they are harder to debug.
The article explains how kubectl debug could work around this limitation.

Kubernetes jobs

- Software Engineer with Flexport
- Salary: $252K to $280K a year
- Location: based in the office in Bellevue, WA, USA
- Tech stack: Kubernetes, AWS, GraphQL, Javascript, Java, Ruby, Kotlin, Mongo, PostgreSQL
- Software Engineer with Fanatics
- Salary: $136K to $204K a year
- Location: remote from the United States
- Tech stack: Kubernetes, Python, Javascript, Java, Redis, Elastic Search

Discover more Kubernetes jobs on Kube Careers →

Code & tools

inspektor-gadget/inspektor-gadget
Inspektor Gadget is a collection of tools (or gadgets) to debug and inspect Kubernetes resources and applications.
It manages the packaging, deployment and execution of eBPF programs in a Kubernetes cluster.
Kubernetes Resource Recommender (KRR)
Robusta.dev
Kubernetes Resource Recommender is a CLI tool for optimizing resource allocation in Kubernetes clusters.
It gathers pod usage data from Prometheus and recommends requests and limits for CPU and memory.
sponsored
hardbyte/netchecks
Netchecks is a set of tools for testing network conditions and asserting that they are as expected.
There are two main components:
1. The operator that runs network checks and reports results.
2. Netcheck CLI and Python Library.
uber/kraken
Kraken is a P2P-powered Docker registry that focuses on scalability and availability.
It is designed for Docker image management, replication, and distribution in a hybrid cloud environment.
kubermatic/kubeone
KubeOne automates cluster operations on all your cloud, on-prem, edge, and IoT environments.
KubeOne can install high-available (HA) master clusters and single master clusters.

Other interesting projects:

Upcoming Kubernetes events

Jul
26
Optimizing network costs in Kubernetes
Online & in-person meetup organized by Cloud Native Johannesburg.
- Location: Johannesburg, ZA and virtual
- This is a free event.
Jul
27
Wearedevelopers World Congress
In-person conference organized by WeAreDevelopers.
- Location:
- This event requires an entrance fee
Jul
29
Kubernetes Community Days Taiwan 2023
Online & in-person conference organized by KCD Taiwan.
- Location: Taipei, TW and virtual
- This is a free event.
Aug
1
Troubleshoot five common DNS issues in Kubernetes clusters
Online webinar organized by Tigera.
- This is a virtual event
- This is a free event.
Aug
3
Developing cloud security program for containers
Online & in-person meetup organized by AppSec Australia.
- Location: Sydney, AU and virtual
- This is a free event.
Sept
14
Advanced Kubernetes course
Online workshop organized by Learnk8s.
- This is a virtual event
- This event requires an entrance fee

Discover more Kubernetes events on Kube Events →

Kubernetes Call for Papers

expired
Kubernetes Community Days Austria 2023
The Call For Paper was open until 31 July 2023 at UTC. More info →
Location: Vienna, AT
In-person conference organized by KCD Austria.
The conference starts on the 26 September 2023.
Apply here
expired
Platform engineering 2023
The Call For Paper was open until 1 August 2023 at UTC. More info →
This is a virtual event
Online conference organized by Conf42.
The conference starts on the 7 September 2023.
Apply here
expired
Data on Kubernetes Day
The Call For Paper was open until 7 August 2023 at UTC. More info →
Location: Chicago, IL, USA
In-person conference organized by DoK.
The conference starts on the 6 November 2023.
Apply here
expired
Multi-TenancyCon
The Call For Paper was open until 7 August 2023 at UTC. More info →
Location: Chicago, IL, USA
In-person conference organized by Linux Foundation.
The conference starts on the 6 November 2023.
Apply here
expired
Devopsdays Cairo
The Call For Paper was open until 19 August 2023 at UTC. More info →
Location: Cairo, EG
In-person conference organized by Devopsdays.
The conference starts on the 26 September 2023.
Apply here
expired
Kube Native 2023
The Call For Paper was open until 28 August 2023 at UTC. More info →
This is a virtual event
Online conference organized by Conf42.
The conference starts on the 28 September 2023.
Apply here
expired
Kubernetes Community Days Texas
The Call For Paper was open until 30 August 2023 at UTC. More info →
Location: Irving, Texas, USA
In-person conference organized by KCD Texas.
The conference starts on the 6 October 2023.
Apply here
expired
Cloud Native Rejekts NA 23
The Call For Paper was open until 5 September 2023 at UTC. More info →
Location: Chicago, US
In-person conference organized by Cloud Native Rejekts.
The conference starts on the 4 November 2023.
Apply here
expired
Open Source Summit Japan 2023
The Call For Paper was open until 11 September 2023 at UTC. More info →
Location: Tokyo, JP and virtual
Online & in-person conference organized by Linux Foundation.
The conference starts on the 5 December 2023.
Apply here

Until next time!

— Dan

Subscribe and, every Wednesday, receive the latest Kubernetes news!

Or follow us on: