Learn Kubernetes Weekly issue 68

Kubernetes journey, Slack's internal compute platform, CoreDNS is going to fail you at scale, AKS workload identity across tenants, OWASP supply chain

28 Feb 2024

When planning your infrastructure, one of the fundamental questions is: how many Kubernetes clusters should you have?

One big cluster or multiple smaller clusters?

This Thursday, I'll cover three different multi-tenant scenarios in Kubernetes and compare their pros and cons.

Articles

1. Custom Ink's Kubernetes journey

   Martin Bonica

   In this article, you will follow Custom Ink's team journey in migrating from Chef and Capistrano to adopting immutable infrastructure with Kubernetes on EKS.

   It also details why they built KTool, a templating engine that integrates with Kustomize.

2. Applying product thinking to Slack's internal compute platform

   Javier Turegano

   In this article, you will learn how Slack's Bedrock platform enables developers to build their code, package it into a Docker container, and allocate computing resources to run it, all configured via a bedrock.yaml file.

3. How default settings for coreDNS is going to fail you scale Kubernetes

   Mohamed Hamdan Faris

   In this case study, you will learn how an issue with the metrics server forced the downscaling of all HPAs (including CoreDNS) and eventually all nodes (i.e. Cluster autoscaler downscaling) for a cluster which had 900+ nodes and 15k+ pods running.

4. Does workload identity on AKS work across tenants?

   Paul Yu

   In this article, you will verify how Workload Identities in AKS can work across tenants — where a Pod in a cluster can access Azure resources within another tenant.

5. OWASP Kubernetes security: supply chain vulnerabilities

   Zeyad Abulaban

   In this article, you will discuss Supply Chain attacks and how attackers can abuse insecure pipelines to have initial access or produce malware in a secure environment.

6. The power of GCP workload identity: secure access to Google Cloud platform

   Ashley Maloney

   In this article, you'll learn how GCP Workload Identity provides a powerful solution for securely accessing GCP services and APIs from apps running on GKE.

   You will also learn how to configure them.

Articles worth checking out:

• Kubernetes services; expose your app to the internet

• Understanding Kubernetes probes: liveness, readiness, and startup

• Hidden gems: a few things you might not know about Kubernetes

• Annotations in Kubernetes operator design

Tutorials

1. Handle traffic bursts with ephemeral OpenShift clusters

   Piotr Minkowski

   This article will teach you how to handle temporary traffic bursts with ephemeral OpenShift clusters provisioned in the public cloud.

2. Slim Docker images for Java

   Piotr Minkowski

   This article will teach you how to build slim Docker images for your Java apps using Alpine Linux and Jlink.

3. Testing Kairos as an OS for a Kubernetes cluster

   Vadim Zharov

   Learn to manage Kubernetes clusters with Kairos OS, an operating system optimized for containers.

   This tutorial guides you through modifying Dockerfiles, automating node addition, and upgrading clusters with new Kairos images.

4. Apache Kafka on Kubernetes with Strimzi

   Piotr Minkowski

   This article will teach you how to install and manage Apache Kafka on Kubernetes with the Strimzi operator.

Kubernetes jobs

1. • Software Engineer with Novata

   • Salary: £90K a year

   • Location: based in the office (and remote from home) in London, GB

   • Tech stack: Kubernetes, AWS, ArgoCD, Docker, Javascript, Typescript, Terraform, GitHub Actions, Datadog

2. • Infrastructure Architect with NetApp

   • Salary: $235.03K to $330K a year

   • Location: based in the office (and remote from home) in San Jose, CA, USA

   • Tech stack: Kubernetes, AWS, Azure, GCP

3. • Software Engineer with NetApp

   • Salary: $139.5K to $214.5K a year

   • Location: based in the office in Research Triangle Park, NC, USA

   • Tech stack: Kubernetes, AWS, Azure, GCP, Docker, Go, Python, C++, C

4. • Site Reliability Engineer with NetApp

   • Salary: $153.45K to $187.55K a year

   • Location: based in the office in Boulder, CA, USA

   • Tech stack: Kubernetes, AWS, Azure, GCP, Go, Python, Perl, Java, Ruby, C#

Discover more Kubernetes jobs on Kube Careers →

Code & tools

1. Kubefirst: open source platform

   The Kubefirst CLI is a cloud provisioning tool that creates a kubernetes cluster with automated Infrastructure as Code, GitOps asset management and application delivery, secrets management, and more.

2. Kubeshark: API traffic analyzer for Kubernetes

   Kubeshark, the API Traffic Viewer for kubernetes, provides deep visibility and monitoring of all API traffic and payloads going in, out and across containers and pods inside a Kubernetes cluster.

3. Kube-vip: virtual IP and load balancer

   kube-vip provides Kubernetes clusters with a virtual IP and load balancer for both the control plane (for building a highly-available cluster) and Kubernetes Services of type LoadBalancer without relying on any external hardware or software.

4. Aperture: load management

   Aperture is an intelligent load management platform for cloud-native applications.

   Aperture provides capabilities such as concurrency limiting, rate limiting and auto-scaling.

5. Intents-operator: manage policies

   The Otterize intents operator is a tool used to easily automate the creation of network policies and Kafka ACLs in a Kubernetes cluster using a human-readable format via a custom resource.

Other interesting projects:

• Constellation: confidential Kubernetes

• Kubero: Heroku paas alternative with GitOps

• Shipwright: building container images on Kubernetes

• Distribution tooling for Helm

• Strimzi: Apache Kafka on Kubernetes

• onechart: a generic Helm chart for your apps

• STUNner: media gateway for WebRTC

• Kubestatewatch is Statemonitor for Kubernetes

• MinIO: S3-compatible API

Upcoming Kubernetes events

1. Mar

   1

   Kubernetes Community Days Costa Rica 2024

   In-person conference organized by KCD Costa Rica.

   • Location: Heredia, CR

   • This is a free event.

2. Mar

   7

   Advanced Kubernetes course

   Online workshop organized by Learnk8s.

   • This is a virtual event

   • This event requires an entrance fee

3. Feb

   29

   Architecting Kubernetes clusters: one large or multiple small clusters?

   Online webinar organized by Learnk8s.

   • This is a virtual event

   • This is a free event.

4. Mar

   6

   Cloud Native & Container Day

   In-person conference organized by Conoa.

   • Location: Stockholm, SE

   • This is a free event.

5. Mar

   2

   Kubernetes monitoring: the challenges and potential solutions using OTEL and Elastic stack

   Online meetup organized by Cloud Native Kerala.

   • This is a virtual event

   • This is a free event.

Discover more Kubernetes events on Kube Events →

Kubernetes Call for Papers

1. expired

   CloudNativeSecurityCon North America

   The Call For Paper was open until 1 April 2024 at UTC. More info →

   • Location: Seattle, WA, USA

   • In-person conference organized by Linux Foundation.

   • The conference starts on the 26 June 2024.

   • Apply here

2. expired

   Kubernetes Community Days Italy 2024

   The Call For Paper was open until 4 April 2024 at UTC. More info →

   • Location: Milan, IT

   • In-person conference organized by KCD Italy.

   • The conference starts on the 20 June 2024.

   • Apply here

3. expired

   Kubernetes Community Days Czech Slovak 2024

   The Call For Paper was open until 31 March 2024 at UTC. More info →

   • Location: Prague, CZ and virtual

   • Online & in-person conference organized by KCD Czech & Slovak.

   • The conference starts on the 6 June 2024.

   • Apply here

4. expired

   ContainerDays 2024

   The Call For Paper was open until 31 March 2024 at UTC. More info →

   • Location: Hamburg, DE

   • In-person conference organized by Loovent.

   • The conference starts on the 4 September 2024.

   • Apply here

5. expired

   Kubernetes Community Days Zürich 2024

   The Call For Paper was open until 1 April 2024 at UTC. More info →

   • Location: Zürich, CH

   • In-person conference organized by KCD Zürich.

   • The conference starts on the 13 June 2024.

   • Apply here

6. expired

   Kuberentes Community Days Dhaka 2024

   The Call For Paper was open until 24 March 2024 at UTC. More info →

   • Location: Dhaka, BD

   • In-person conference organized by KCD Dhaka.

   • The conference starts on the 11 May 2024.

   • Apply here

7. expired

   DevOps Pro Europe

   The Call For Paper was open until 15 April 2024 at UTC. More info →

   • Location: Vilnius, LT and virtual

   • Online & in-person conference organized by Data Miner.

   • The conference starts on the 20 May 2024.

   • Apply here

8. expired

   stackconf 2024

   The Call For Paper was open until 31 March 2024 at UTC. More info →

   • Location: Berlin, DE

   • In-person conference organized by NETWAYS.

   • The conference starts on the 19 June 2024.

   • Apply here

9. expired

   Devopsdays London

   The Call For Paper was open until 24 May 2024 at UTC. More info →

   • Location: London, UK

   • In-person conference organized by Devopsdays.

   • The conference starts on the 26 September 2024.

   • Apply here

Until next time!

— Dan

Subscribe and, every Wednesday, receive the latest Kubernetes news!