Learn Kubernetes Weekly issue 67

Health check crashes when over-loaded with requests, Kubernetes and the JVM, supply chain attack bomb, Speeding up CI with Buildkit, SBOM with Trivy

21 Feb 2024

Next week, I'll present "Architecting Kubernetes clusters: one large shared or multiple small clusters?" which is part of the free educational program on building Kubernetes platforms.

Articles

  1. Case study: containers health check mechanism crashes when application is over-loaded with requests

    Idan Friedman

    In this case study, you'll investigate an incident where an app stopped functioning, and all its pods crashed without warning or error logs.

    The author shares interesting conclusions related to scaling and health check mechanisms.

  2. Kubernetes and the JVM

    Juan Pedro Moreno

    In this case study, you'll look at Xebia's team transition from a monolithic Scala app to microservices on Kubernetes.

    It emphasizes JVM resource alignment, proper memory allocation for heap and non-heap usage, and monitoring with tools like Prometheus.

  3. The ticking supply chain attack bomb of exposed Kubernetes secrets

    Yakir Kadkoda

    AquaSec found exposed, often unencrypted Kubernetes Secrets in public repositories, with 46% exploitable, stressing the need for robust practices and proper secret scanning tool usage.

  4. Speeding up CI in Kubernetes with Docker and Buildkit

    Matt Potter

    In this case study, you'll learn how the VoucherCodes Platform Team improved the speed of their CI setup by 80% with Buildkit farms on Kubernetes.

  5. Vulnerability identification of images and files using SBOM with Trivy

    Krishnadutt Panchagnula

    In this article, you'll learn the importance of the Software Bill of Material (SBOM) and how Trivy, a security scanner, identifies vulnerabilities in SBOMs, along with suggesting potential fixes.

  6. Exploring Kubernetes descheduler

    HungWei Chiu

    This article teaches how the Descheduler rebalances workloads by reallocating pods in response to changes such as added nodes or updated labels.

    It details its architecture, which includes Policies with Evictors and Strategies, and its implementation.

Articles worth checking out:

Fast & Modern Kubernetes GUI

Aptakube

Aptakube is the desktop app for your day-to-day activities:

  • Manage, Scale and monitor apps from your desktop
  • Simultaneously connect to multiple clusters
  • Includes log viewer, metrics, shell, YAML editor

Use LEARNK8S2024 to get 10% off

Fast & Modern Kubernetes GUI

Tutorials

  1. Ways to get into the Kubernetes cluster

    Manoj Deshmukh

    This article teaches methods to identify and exploit vulnerabilities in Kubernetes clusters by scanning for insecure API endpoints using tools like shodan·io, search·censys·io, and kube-hunter.

  2. Dumb little things you can do to secure Kubernetes, container signing with Kyverno and cosign

    Chris Haessig

    Learn to secure Kubernetes deployments with Kyverno: enforce policies on image signatures using Cosign, and manage container lifecycles from creation to cluster deployment with authentication checks.

  3. Achieving high availability (HA) Redis Kubernetes clusters with Calico Clustermesh in Microsoft AKS

    Kartik Bharath

    In this tutorial, you will learn how you can set up a highly available Redis across different regions in multiple clusters with Calico Clustermesh.

  4. Spring Boot CI/CD on Kubernetes using Terraform, Ansible and GitHub

    Martin Hodges

    In this 12-part series, you'll create a project to implement automated cloud infrastructure provisioning to deploy a Spring Boot application to a Kubernetes cluster using CI/CD using Terraform and Ansible.

  5. Backup Kubernetes using Velero and CSI volume snapshot

    Navratan Lal Gupta

    This article teaches how to use Velero to back up Kubernetes resources, including persistent volumes.

    It provides a guide on deploying Volume Snapshot Class, installing Velero with CSI capabilities, and setting up AWS S3-compatible backup storage.

More tutorials:

Kubernetes jobs

    • Infrastructure Architect with NetApp

    • Salary: $235.03K to $330K a year

    • Location: based in the office (and remote from home) in San Jose, CA, USA

    • Tech stack: Kubernetes, AWS, Azure, GCP

    • Software Engineer with NetApp

    • Salary: $139.5K to $214.5K a year

    • Location: based in the office in Research Triangle Park, NC, USA

    • Tech stack: Kubernetes, AWS, Azure, GCP, Docker, Go, Python, C++, C

    • Site Reliability Engineer with NetApp

    • Salary: $153.45K to $187.55K a year

    • Location: based in the office in Boulder, CA, USA

    • Tech stack: Kubernetes, AWS, Azure, GCP, Go, Python, Perl, Java, Ruby, C#

Discover more Kubernetes jobs on Kube Careers →

Code & tools

  1. ClusterAPI

    Cluster API is a Kubernetes sub-project focused on providing declarative APIs and tooling to simplify provisioning, upgrading, and operating multiple Kubernetes clusters.

  2. Network mapper: map Kubernetes in-cluster traffic

    Otterize network mapper creates a map of in-cluster traffic by capturing DNS traffic and inspecting active connections.

  3. Hikaru: Kubernetes yaml in Python

    Hikaru is a tool that lets you shift between YAML, Python objects/source, and JSON representations of your Kubernetes config files.

    It provides programmatic tools for inspecting complex files to enable the automation of policy and security compliance.

  4. Flagger: progressive delivery

    Flagger is a progressive delivery tool that automates the release process for apps.

    It reduces the risk of introducing a new version in production by gradually shifting traffic to the latest version while measuring metrics and running conformance tests.

  5. Chart-testing: linting and testing charts

    ct is a tool for testing Helm charts.

    It is meant for linting and testing pull requests and automatically detects charts changed against the target branch.

Other interesting projects:

Upcoming Kubernetes events

  1. Feb

    21

    Pipeline security with cosign and OPA & a love story with KubeVirt and Backstage

    In-person meetup organized by Cloud Native NoVA.

    • Location: McLean, VA, USA

    • This is a free event.

  2. Feb

    23

    Kubernetes Community Day São Paulo 2024

    Online & in-person conference organized by KCD Brasil.

    • Location: São Paulo, BR and virtual

    • This is a free event.

  3. Feb

    23

    Dive deep into GitOps & eBPF

    In-person meetup organized by Cloud Native Trivandrum.

    • Location: Thiruvananthapuram, IN

    • This is a free event.

  4. Feb

    23

    Kubernetes Community Days Guadalajara 2024

    In-person conference organized by KCD Guadalajara.

    • Location: Guadalajara, MX

    • This event requires an entrance fee

  5. Feb

    27

    How to build a CI system with tekton, what is OCI? & defending against DoS attacks with Calico

    In-person meetup organized by Cloud Native Frankfurt.

    • Location: Frankfurt, DE

    • This is a free event.

  6. Mar

    11

    Advanced Kubernetes course (London)

    In-person workshop organized by Learnk8s.

    • Location:

    • This event requires an entrance fee

  7. Mar

    14

    SCALE 21x

    In-person conference organized by SCALE.

    • Location: Pasadena, CA, USA

    • This event requires an entrance fee

Discover more Kubernetes events on Kube Events →

Kubernetes Call for Papers

  1. expired

    CloudNativeSecurityCon North America

    The Call For Paper was open until 1 April 2024 at UTC. More info →

    • Location: Seattle, WA, USA

    • In-person conference organized by Linux Foundation.

    • The conference starts on the 26 June 2024.

    • Apply here

  2. expired

    Kubernetes Community Days Italy 2024

    The Call For Paper was open until 4 April 2024 at UTC. More info →

    • Location: Milan, IT

    • In-person conference organized by KCD Italy.

    • The conference starts on the 20 June 2024.

    • Apply here

  3. expired

    Kubernetes Community Days Czech Slovak 2024

    The Call For Paper was open until 31 March 2024 at UTC. More info →

    • Location: Prague, CZ and virtual

    • Online & in-person conference organized by KCD Czech & Slovak.

    • The conference starts on the 6 June 2024.

    • Apply here

  4. expired

    ContainerDays 2024

    The Call For Paper was open until 31 March 2024 at UTC. More info →

    • Location: Hamburg, DE

    • In-person conference organized by Loovent.

    • The conference starts on the 4 September 2024.

    • Apply here

  5. expired

    Kubernetes Community Days Zürich 2024

    The Call For Paper was open until 1 April 2024 at UTC. More info →

    • Location: Zürich, CH

    • In-person conference organized by KCD Zürich.

    • The conference starts on the 13 June 2024.

    • Apply here

  6. expired

    DevOps Pro Europe

    The Call For Paper was open until 15 April 2024 at UTC. More info →

    • Location: Vilnius, LT and virtual

    • Online & in-person conference organized by Data Miner.

    • The conference starts on the 20 May 2024.

    • Apply here

  7. expired

    PlatformCon 2024

    The Call For Paper was open until 25 February 2024 at UTC. More info →

    • This is a virtual event

    • Online conference organized by Humanitec.

    • The conference starts on the 10 June 2024.

    • Apply here

  8. expired

    stackconf 2024

    The Call For Paper was open until 31 March 2024 at UTC. More info →

    • Location: Berlin, DE

    • In-person conference organized by NETWAYS.

    • The conference starts on the 19 June 2024.

    • Apply here

  9. expired

    DevOps Talks Conference Melbourne

    The Call For Paper was open until 1 March 2024 at UTC. More info →

    • Location: Melbourne, AU

    • In-person conference organized by DevOps Talks.

    • The conference starts on the 21 March 2024.

    • Apply here

Until next time!

— Dan

Subscribe and, every Wednesday, receive the latest Kubernetes news!

Or follow us on: