Learn Kubernetes Weekly issue 47

Pod-to-pod traffic, VPN tunnels: migrating from on-prem to AWS, Container Checkpointing feature, Internal container registry, 2400 of multi-tenancy

4 Oct 2023

In the last KubeFM episode, Bart and I interviewed Jorge Turrado — KEDA maintainer and CNCF Ambassador.

Check out the episode and learn how KEDA makes scaling dead easy in Kubernetes.

Next week, Chris presents how to use the Descheduler to optimize your workload allocations in Kubernetes.

I posted a short thread as a preview; you can find it here.

Articles

1. How to traceroute Kubernetes pod-to-pod traffic

   Alain Reguera Delgado

   This article explores the intricacies of Kubernetes networking and delves into the fundamental principles and mechanisms that govern pod-to-pod communication.

2. VPN tunnels: how we used them to migrate our platform to AWS

   Luca Mattivi

   In this case study, you'll learn how the team at Uala managed to migrate from on-prem servers to AWS gradually and with zero downtime using VPN tunnels with Tailscale.

3. Exploring the new Container Checkpointing feature

   Alberto Pellitteri

   The Container Checkpointing feature allows you to save the current container state and potentially resume it later without losing any information about the running processes or the stored data.

   Learn how to use it in this article.

4. Increase availability & container images caching thanks to kube-image-keeper

   Nicolas Gouze

   This article will teach you the importance of running a container registry internal to the cluster to cache your container images to mitigate:

   • Unavailability.
   • Pull limits enforced by some registries.
   • Images being removed.

5. Unleashing the power of cloud-native storage: a journey to seamlessly orchestrated storage on Kubernetes

   Fabien Marliac

   In this case study, you'll learn how the team at Peaksys migrated from a legacy Ceph cluster to Rook, overcoming various challenges such as complex cluster administration, synchronization issues, and hybrid SSD/HDD setup limitations.

6. Verifying container image signatures within CRI runtimes

   Sascha Grunert

   CRI-compatible container runtimes feature full support for container image signature verification in v1.28.

   In this article, you will learn how a single instance can validate the signatures before any image pull can occur.

Articles worth checking out:

• Automatically clean up dangling jobs with policy engine

• Exit Code 137: fixing OOMKilled Kubernetes error

• How to utilize priorities in Kubernetes?

• Why do Kubernetes control planes have an odd number of members?

• Speeding up pod startup in an autoscaling cluster

• Choosing the right storage for cloud native CI/CD on EKS

• Is your go application really using the correct number of CPU cores?

• Understanding maxSurge and maxUnavailable

• Kubernetes-101: Helm

⎈ Become an expert in Kubernetes: Advanced Kubernetes course

Learnk8s

Join Learnk8s' 4-day Advanced Kubernetes workshop on the 30th of October in Amsterdam, NL.

Get your hands dirty with Kubernetes and learn what makes Kubernetes tick in a session packed with hands-on labs!

Tutorials

1. Surviving 2400 hours of multi-tenancy: what I know now

   Artem Lajko

   In this article, you'll learn the lesson learned from running a multi-tenant cluster with vCluster for 100 days:

   • Resource reduction.
   • Decreased cold start Time.
   • Improved developer experience.
   • Monitoring.
   • Single point of failure.

2. Kyverno  —  verifying Kubernetes control plane images

   Charles-Edouard Brétéché

   In this tutorial, you will learn how to use Kyverno to verify Kubernetes container images running in the control plane are signed.

3. Securing AWS EKS :  configure the VPC CNI plugin to use IRSA

   Jens Andersson

   The VPC CNI plugin and pods inherit the EKS node IAM role by default.

   If the node role has the AmazonEKS_CNI_Plugin attached, pods running on the node can attach and detach ENIs and assign IP addresses.

   In this article, you'll learn how to solve this.

Kubernetes jobs

1. • Solution Engineer with Dynatrace

   • Salary: $130K to $170K a year

   • Location: remote from the United States

   • Tech stack: Kubernetes, AWS, Azure, GCP, OpenShift, Go, Javascript, Java, PHP, C#

2. • Platform Engineer with Angi

   • Salary: $170K to $200K a year

   • Location: remote from the United States

   • Tech stack: Kubernetes, AWS, Helm, Docker, Go, Python, Java, Spark, Hadoop, Terraform

Discover more Kubernetes jobs on Kube Careers →

Code & tools

1. Timoni: package manager for Kubernetes

   Timoni is a package manager for Kubernetes, powered by CUE and inspired by Helm.

   Instead of using Go templates with YAML like Helm or layering YAML like Kustomize, Timoni relies on Cuelang's type safety, code generation and data validation features.

2. kube-storage-version-migrator

   If you plan to upgrade the API server in your cluster, there is no guarantee that the upgraded API server still understands the object version in etcd.

   kube-storage-version-migrator migrates the data to the latest storage version.

3. Spyglass: cluster health metrics, visualization, and cost optimization

   Spyglass is an open-source tool that allows users to monitor Kubernetes cluster metrics and track cluster deployment costs in a centralized location.

4. Kubefirst: GitOps infrastructure

   Kubefirst is a cloud provisioning tool that creates a kubernetes cluster with automated Infrastructure as Code, GitOps asset management and application delivery, secrets management, and more.

5. Spegel: stateless registry mirror

   Spegel is a stateless cluster local OCI registry mirror that enables each node in a cluster to act as a local registry mirror, allowing nodes to share images between themselves.

Other interesting projects:

• tahtaciburak/mico

• vfx1b/kubectl-really-get-all

• dkoshkin/kubectl-assistant

• Image swap mutating admission webhook

• kwatch: monitor & detect crashes in your cluster

• LProbe: local health check probes

• Kubewarden policy deprecated-api-versions

Upcoming Kubernetes events

1. Oct

   5

   Dockerfile nightmares: buildpacks are the cure

   In-person meetup organized by Cloud Native Vienna.

   • Location: Vienna, AT

   • This is a free event.

2. Oct

   5

   Kubernetes 101 workshop

   Online workshop organized by Cloud Native Islamabad.

   • This is a virtual event

   • This is a free event.

3. Oct

   6

   Kubernetes Community Days Texas

   In-person conference organized by KCD Texas.

   • Location: Irving, Texas, USA

   • This event requires an entrance fee

4. Oct

   10

   Kubernetes for sustainability: energy monitoring with Kepler

   Online & in-person meetup organized by Green Software Development Karlsruhe.

   • Location: Karlsruhe, DE and virtual

   • This is a free event.

5. Oct

   10

   Kubernetes resource management, security and Falco & platform engineering using GitOps

   In-person meetup organized by Boston.

   • Location: Cambridge, MA, USA

   • This is a free event.

6. Oct

   12

   Dynamically rebalancing workloads and optimizing resource utilization in Kubernetes

   Online webinar organized by Learnk8s.

   • This is a virtual event

   • This is a free event.

7. Oct

   30

   Advanced Kubernetes course (Amsterdam)

   In-person workshop organized by Learnk8s.

   • Location: Amsterdam, NL

   • This event requires an entrance fee

Discover more Kubernetes events on Kube Events →

Kubernetes Call for Papers

1. expired

   GitOpsCon Europe

   The Call For Paper was open until 4 October 2023 at UTC. More info →

   • This is a virtual event

   • Online conference organized by Linux Foundation.

   • The conference starts on the 5 December 2023.

   • Apply here

2. expired

   Kubernetes Community Days Oslo 2024

   The Call For Paper was open until 13 November 2023 at UTC. More info →

   • Location: Olso, NO

   • In-person conference organized by KCD Norway.

   • The conference starts on the 24 January 2024.

   • Apply here

3. expired

   KubeCon + CloudNativeCon Europe

   The Call For Paper was open until 26 November 2023 at UTC. More info →

   • Location: Paris, FR

   • In-person conference organized by Linux Foundation.

   • The conference starts on the 19 March 2024.

   • Apply here

4. expired

   Kubernetes Community Days Utrecht 2023

   The Call For Paper was open until 22 October 2023 at UTC. More info →

   • Location: Utrecht, NL

   • In-person conference organized by KCD Netherlands.

   • The conference starts on the 1 December 2023.

   • Apply here

5. expired

   One Summit

   The Call For Paper was open until 4 December 2023 at UTC. More info →

   • Location: San Jose, CA, USA

   • In-person conference organized by Linux Foundation.

   • The conference starts on the 29 April 2024.

   • Apply here

6. expired

   DevSecOps 2023

   The Call For Paper was open until 30 October 2023 at UTC. More info →

   • This is a virtual event

   • Online conference organized by Conf42.

   • The conference starts on the 30 November 2023.

   • Apply here

7. expired

   DeveloperWeek 2024

   The Call For Paper was open until 14 October 2023 at UTC. More info →

   • Location: San Francisco, CA, USA and virtual

   • Online & in-person conference organized by DevNetwork.

   • The conference starts on the 21 February 2024.

   • Apply here

8. expired

   Devopsdays Birmingham (AL)

   The Call For Paper was open until 1 December 2023 at UTC. More info →

   • Location: Birmingham, AL, USA

   • In-person conference organized by Devopsdays.

   • The conference starts on the 18 April 2024.

   • Apply here

9. expired

   Great International Developer Summit

   The Call For Paper was open until 31 October 2023 at UTC. More info →

   • Location: Bengaluru, IN

   • In-person conference organized by Saltmarch.

   • The conference starts on the 23 April 2024.

   • Apply here

Until next time!

— Dan

Subscribe and, every Wednesday, receive the latest Kubernetes news!