Learn Kubernetes Weekly issue 71

Airflow on Kubernetes for 2 years, Learning apple/pkl for Kubernetes Templating, Migrating from Pod Security Policies, Internal Developer Platform with labels

20 Mar 2024

Articles

What we learned after running Airflow on Kubernetes for 2 years
Alexandre Magno Lima Martins
In this case study, you will learn how the team at Teya scaled Airflow on Kubernetes to 5000 daily tasks.
Learning apple/pkl for Kubernetes Templating
Brian Sizemore
In this (long) article, you will learn how to use pkl (a configuration as code language developed by Apple) to template Kubernetes resources.
Migrating from Pod Security Policies
Viachaslau Matsukevich
In this article, you'll find instructions for setting up and installing Pod Security Admission (PSA), step-by-step migration guides to transition from Pod Security Policies (PSP) to PSA, and precise commands for transferring existing PSP rules to PSA.
Policy management in Kubernetes is changing
Emin Alemdar
Validating Admission Policies makes it easy to write, enforce and use policies in Kubernetes without needing a third-party tool.
Learn how to use them in this article.
Build a Lightweight Internal Developer Platform with Argo CD and Kubernetes Labels
Artem Lajko
This article demonstrates how to create a lightweight Internal Developer Platform utilizing GitOps with Argo CD and leveraging Kubernetes labels to offer a streamlined and efficient solution for managing and deploying your infrastructure.

Tutorials

Sync Kubernetes secrets with cloud-native secret managers
Navratan Lal Gupta
Learn to auto-update Kubernetes secrets via External Secrets Operator and secret managers like GCP secret manager.
The guide covers secret rotation, syncing, Helm installation, and TLS management.
Use OAuth2 Proxy on Kubernetes to secure access
David Young
In this tutorial, you will learn how to set up OAuth2 Proxy to pass authentication headers to Kubernetes Dashboard, which doesn't provide its authentication but instead relies on Kubernetes' own RBAC auth.
Kubernetes Cluster as a Service with vCluster
Armin Aminian
This 2-part tutorial will teach you how to combine vCluster, ArgoCD, Istio and Kyverno to create a virtual cluster as a service.
Scaling your Kubernetes pods to zero and back with KEDA
Ashok Raja
In this tutorial, you will learn how to dynamically scale your data processing or data-oriented applications to zero replicas and return to the desired capacity only when there is demand using KEDA.
Preview environments: everything you need to know
Borys Generalov
Preview environments provide a safe, controlled environment for testing and getting feedback quickly.
In this tutorial, you'll learn the importance of preview environments and how to use Garden to deploy a preview environment on a Kubernetes cluster.

Kubernetes jobs

- Site Reliability Engineer with Sidero Labs
- Salary: $80K to $130K a year
- Location: remote from Europe
- Tech stack: Kubernetes, On-premise, ArgoCD, Go, Terraform
- Infrastructure Architect with NetApp
- Salary: $235.03K to $330K a year
- Location: based in the office (and remote from home) in San Jose, CA, USA
- Tech stack: Kubernetes, AWS, Azure, GCP
- Site Reliability Engineer with NetApp
- Salary: $153.45K to $187.55K a year
- Location: based in the office in Boulder, CA, USA
- Tech stack: Kubernetes, AWS, Azure, GCP, Go, Python, Perl, Java, Ruby, C#

Discover more Kubernetes jobs on Kube Careers →

Code & tools

Usernetes: Kubernetes without the root privileges
Usernetes deploys a Kubernetes cluster inside Rootless Docker to mitigate potential container-breakout vulnerabilities.
Usernetes is similar to Rootless kind and Rootless minikube but supports creating a cluster with multiple hosts.
Kubernetes Deprecated API Versions Exporter
The kdave checks for any deprecated or removed API versions in the cluster and exports them in a Prometheus metrics format.
You can integrate it with Prometheus and Alertmanager to receive notifications before upgrading the cluster.
AWS provider for the Secrets Store CSI Driver
The AWS provider for the Secrets Store CSI Driver allows you to fetch secrets from AWS Secrets Manager and AWS Systems Manager Parameter Store and mount them into Kubernetes pods.
Telepresence: code against remote clusters
Telepresence is an open-source tool that allows code and test microservices locally against a remote Kubernetes cluster.
Detector for Docker Socket
Detector for Docker Socket (DDS) is a kubectl plugin that can detect if any of your workloads or manifest files are mounting the docker·sock volume.

Other interesting projects:

Upcoming Kubernetes events

Mar
20
Cilium: the swiss army knife for Kubernetes networking in multi-cloud environments
Online & in-person meetup organized by Cloud Native Security Pittsburgh.
- Location: Pittsburgh, US and virtual
- This is a free event.
Mar
21
CloudNativeHacks
In-person conference organized by Linux Foundation.
- Location: Paris, FR
- This event requires an entrance fee
Mar
21
Cloud Native 2024
Online conference organized by Conf42.
- This is a virtual event
- This is a free event.
Mar
26
Kustomize: for those who don't like double braces
Online & in-person meetup organized by Cloud Native Prague.
- Location: Prague, CZ and virtual
- This is a free event.
Mar
27
Platform Engineering on EKS
Online & in-person meetup organized by AWS Bulgaria User Group.
- Location: Sofia, BG and virtual
- This is a free event.
Apr
18
Advanced Kubernetes course
Online workshop organized by Learnk8s.
- This is a virtual event
- This event requires an entrance fee

Discover more Kubernetes events on Kube Events →

Kubernetes Call for Papers

expired
CloudNativeSecurityCon North America
The Call For Paper was open until 1 April 2024 at UTC. More info →
Location: Seattle, WA, USA
In-person conference organized by Linux Foundation.
The conference starts on the 26 June 2024.
Apply here
expired
Kubernetes Community Days Italy 2024
The Call For Paper was open until 4 April 2024 at UTC. More info →
Location: Milan, IT
In-person conference organized by KCD Italy.
The conference starts on the 20 June 2024.
Apply here
expired
Kubernetes Community Days Czech Slovak 2024
The Call For Paper was open until 31 March 2024 at UTC. More info →
Location: Prague, CZ and virtual
Online & in-person conference organized by KCD Czech & Slovak.
The conference starts on the 6 June 2024.
Apply here
expired
ContainerDays 2024
The Call For Paper was open until 31 March 2024 at UTC. More info →
Location: Hamburg, DE
In-person conference organized by Loovent.
The conference starts on the 4 September 2024.
Apply here
expired
Kubernetes Community Days Zürich 2024
The Call For Paper was open until 1 April 2024 at UTC. More info →
Location: Zürich, CH
In-person conference organized by KCD Zürich.
The conference starts on the 13 June 2024.
Apply here
expired
Kuberentes Community Days Dhaka 2024
The Call For Paper was open until 24 March 2024 at UTC. More info →
Location: Dhaka, BD
In-person conference organized by KCD Dhaka.
The conference starts on the 11 May 2024.
Apply here
expired
Kubernetes Community Days Argentina 2024
The Call For Paper was open until 5 April 2024 at UTC. More info →
Location: Buenos Aires, AR
In-person conference organized by KCD Argentina.
The conference starts on the 10 May 2024.
Apply here
expired
Kubernetes Community Days Islamabad 2024
The Call For Paper was open until 25 March 2024 at UTC. More info →
Location: Islamabad, PK
In-person conference organized by KCD Islamabad.
The conference starts on the 20 April 2024.
Apply here
expired
Kubernetes Community Days Barcelona 2024
The Call For Paper was open until 1 April 2024 at UTC. More info →
Location: Madrid, ES
In-person meetup organized by KCD Spain.
The meetup starts on the 13 June 2024.
Apply here

Until next time!

— Dan

Subscribe and, every Wednesday, receive the latest Kubernetes news!

Or follow us on: