Learn Kubernetes Weekly issue 54

Scaling long-lived connections, Up to 40% more performant with Cilium, Crossplane single-tenant architecture, SecurityContext with examples

22 Nov 2023

Articles

Load balancing and scaling long-lived connections in Kubernetes
Daniele Polencic
Kubernetes doesn't load balance long-lived connections, and some pods might receive more requests than others.
If you're using gRPC, AMQP or any other long-lived connection (e.g. database), you might want to consider client-side load balancing.
Unleashing the power of Cilium CNI to propel Trendyol's performance up to 40%!
Emin Aktaş, Asım Sezai Ceylan
In this article, you will learn the thought process, benchmarks and tests completed by the team at Trendyol to achieve 40% better throughput performance and justify upgrading their CNI from Flannel to Cilium.
Leveraging Crossplane to deploy and manage a single-tenant architecture
Micha Bitton
This case study discusses how ArgoCD and Crossplane simplify provisioning and maintaining dedicated environments for a single-tenant architecture.
Kubernetes exposed: one yaml away from disaster
Michael Katchinskiy
Kubernetes clusters belonging to over 350 organizations were found to be openly accessible and largely unprotected, with at least 60% breached and used for malware deployment.
Learn the attacks (and mitigations) in this article.
Kubernetes SecurityContext with practical examples
Eugene Butan
This article explores how SecurityContext in Kubernetes can enhance security by adjusting operating system settings, including process and filesystem permissions, making the root filesystem read-only, and limiting Linux process capabilities.
Kubebuilder tips and tricks
Steven Sklar
The article shares tips and tricks for writing a Kubernetes operator using the Go operator-SDK, including log formatting, managing parent-child relationships, dealing with retries on conflicts, and utilizing Kubebuilder markers.

Articles worth checking out:

Tutorials

Kubernetes multicluster load balancing with Skupper
Piotr Minkowski
In this article, you will learn how to leverage Skupper for load balancing between app instances running on multiple Kubernetes clusters.
Kubernetes pod priority and preemption: how to ensure your critical pods get the resources they need
Seifeddine Rajhi
In this tutorial, you will learn about pod priority, preemption, and pod PriorityClass.
You will also learn how to use these features to ensure that your critical pods always get the resources they need.
Securing Kubernetes applications with CrowdSec intrusion detection system
Seifeddine Rajhi
This tutorial teaches you how to install and configure CrowdSec in a Kubernetes cluster and how to detect attacks on Kubernetes applications.

Kubernetes jobs

- Site Reliability Engineer with Digital Waffle
- Salary: €65K a year
- Location: based in the office (and remote from home) in Birmingham, GB
- Tech stack: Kubernetes, AWS, Docker, Java, Shell, Python, Terraform, Cloudformation, Jenkins, Travis CI
- Machine Learning Engineer with FATHOM
- Salary: $160K to $220K a year
- Location: remote from the United States
- Tech stack: Kubernetes, AWS, Airflow
- DevSecOps Engineer with Angi
- Salary: $175K to $185K a year
- Location: remote from the United States
- Tech stack: Kubernetes, AWS, On-premise, Helm, Python, SQL, Java, Scala, Ruby, Terraform

Discover more Kubernetes jobs on Kube Careers →

Code & tools

KubeSkoop: diagnose your Kubernetes network
KubeSkoop is a networking diagnosis tool for different CNI plug-ins.
It automatically reconstructs the network traffic graph and monitors and analyses the kernel's critical path with eBPF to resolve most cluster network problems.
Kubernetes-WithOut-Kubelet
KWOK (Kubernetes-WithOut-Kubelet) is a toolkit that enables setting up a cluster of thousands of nodes in seconds.
Under the scene, all Nodes are simulated to behave like real ones, so the overall approach employs a pretty low resource footprint.
Descheduler
You can use the Kubernetes Descheduler to evict pods based on specific strategies so that the pods can be rescheduled onto more appropriate nodes.
Aperture: APIs & cloud native
Aperture is an intelligent load management platform for cloud-native applications.
Aperture provides capabilities such as concurrency limiting, rate limiting and auto-scaling.
KubeZoo: multi-tenancy gateway
KubeZoo is a gateway service that leverages the existing namespace model and adds multi-tenancy capability to existing Kubernetes.
KubeZoo provides view-level isolation among tenants by capturing and transforming the requests and responses.

Other interesting projects:

Upcoming Kubernetes events

Nov
25
Kubernetes and Cloud Native for beginners
In-person conference organized by Infosys & Infracloud.
- Location: Pune, IN
- This event requires an entrance fee
Nov
22
Harnessing the power of operators in Kubernetes
Online & in-person meetup organized by Cloud Native Vienna.
- Location: Vienna, AT and virtual
- This is a free event.
Nov
28
Optimizing resource usage in Kubernetes
Online webinar organized by JVM Group Stockholm.
- This is a virtual event
- This is a free event.
Nov
27
Advanced Kubernetes course (Munich)
In-person workshop organized by Learnk8s.
- Location:
- This event requires an entrance fee
Nov
24
Managing applications with Kubernetes
Online webinar organized by SpringPeople.
- This is a virtual event
- This is a free event.

Discover more Kubernetes events on Kube Events →

Kubernetes Call for Papers

expired
KubeCon + CloudNativeCon Europe
The Call For Paper was open until 26 November 2023 at UTC. More info →
Location: Paris, FR
In-person conference organized by Linux Foundation.
The conference starts on the 19 March 2024.
Apply here
expired
Kubernetes Community Days Costa Rica 2024
The Call For Paper was open until 1 February 2024 at UTC. More info →
Location: Heredia, CR
In-person conference organized by KCD Costa Rica.
The conference starts on the 1 March 2024.
Apply here
expired
Kubernetes Community Days Romania 2024
The Call For Paper was open until 31 January 2024 at UTC. More info →
Location: Bucharest, RO
In-person conference organized by KCD Romania.
The conference starts on the 25 April 2024.
Apply here
expired
Kubernetes Community Day São Paulo 2024
The Call For Paper was open until 3 December 2023 at UTC. More info →
Location: São Paulo, BR and virtual
Online & in-person conference organized by KCD Brasil.
The conference starts on the 23 February 2024.
Apply here
expired
One Summit
The Call For Paper was open until 4 December 2023 at UTC. More info →
Location: San Jose, CA, USA
In-person conference organized by Linux Foundation.
The conference starts on the 29 April 2024.
Apply here
expired
FOSDEM 2024
The Call For Paper was open until 8 December 2023 at UTC. More info →
Location: Brussels, BE
In-person conference organized by FOSDEM.
The conference starts on the 4 February 2024.
Apply here
expired
Open Source Camp on Kubernetes
The Call For Paper was open until 30 November 2023 at UTC. More info →
Location: Nuremberg, DE
In-person conference organized by NETWAYS.
The conference starts on the 27 February 2024.
Apply here
expired
Devopsdays Birmingham (AL)
The Call For Paper was open until 1 December 2023 at UTC. More info →
Location: Birmingham, AL, USA
In-person conference organized by Devopsdays.
The conference starts on the 18 April 2024.
Apply here
expired
Devdays Europe
The Call For Paper was open until 31 January 2024 at UTC. More info →
Location: Vilnius, LT and virtual
Online & in-person conference organized by DATA MINER.
The conference starts on the 20 May 2024.
Apply here

Until next time!

— Dan

Subscribe and, every Wednesday, receive the latest Kubernetes news!

Or follow us on: