Learn Kubernetes Weekly issue 72
Golden testing Helm, Pod metrics, Switch to API Gateway, Kubelet authorization, Immutable containers, Persistent volumes in multiple AZs
27 Mar 2024
This newsletter is brought to you by Komodor — simplify cluster management and troubleshooting to unlock the full value of Kubernetes.
Articles
Eran Kampf
Golden tests, also known as snapshot testing, involve comparing the current output of your code with a "golden" reference or a previously stored correct version.
Learn how to use them to test your Helm charts.
Harnessing the power of metrics: four essential use cases for pod metrics
Guy Menachem
In this article, you'll explore four essential use cases for pod metrics and their significance in driving operational excellence:
- Cost optimization.
- Capacity planning.
- Limiting resource consumption.
- MTTR measurements.
sponsored
Kubernetes Gateway API v1.0: should you switch?
Navendu Pottekkat
This article teaches about the Kubernetes Gateway API v1.0, its benefits, and whether you should switch from the Ingress API.
It also explores the pluggable nature of the Gateway API and its potential to become the standard for routing in Kubernetes.
Kubernetes node security: the role of Kubelet authorization
Seifeddine Rajhi
In this article, you'll examine the Node authorization mode and the NodeRestriction admission controller.
These components play a crucial role in granting Kubelets the rights and privileges to access the essential resources required for their operation.
How to use TokenRequest API and TokenVolume Projection in Kubernetes?
Adil Ilhan
This article teaches you to manage Service Accounts securely by creating expirable tokens using projected volumes or the TokenRequest API.
It advises against non-expirable tokens, demonstrates auto-renewal, and how to prevent automatic token mounting.
Enhancing container security: the vital role of ReadOnlyRootFilesystem
Alex Vazquez
In this article, learn how ReadOnlyRootFilesystem enhances container security by enforcing immutability, thwarting attacks, and ensuring consistent deployments.
Articles worth checking out:
The continuous Kubernetes reliability platform
Komodor
Simplify cluster management and troubleshooting to unlock the full value of Kubernetes and drive innovation at scale.
Tutorials
Monitoring and hardening the GitOps delivery pipeline with Flux
Florian Heubeck
The ultimate goal of every GitOps setup is complete automation.
To operate a system hands-off, its monitoring and alerting must be reliable and comprehensive.
This tutorial will teach you how to monitor a FluxCD-operated GitOps setup on Kubernetes.
Kubernetes jobs
Site Reliability Engineer with Sidero Labs
Salary: $80K to $130K a year
Location: remote from Europe
Tech stack: Kubernetes, On-premise, ArgoCD, Go, Terraform
Platform Engineer with Duro
Salary: $135K to $175K a year
Location: based in the office (and remote from home) in Los Angeles, CA, USA
Tech stack: Kubernetes, Docker, Go, GraphQL, Javascript, Typescript, Terraform
DevSecOps Engineer with StockX
Salary: $140K to $160K a year
Location: remote from the United States
Tech stack: Kubernetes, AWS, Azure, Docker, Python, SQL, Terraform
Discover more Kubernetes jobs on Kube Careers →
Code & tools
Falco is a cloud-native security tool designed for Linux systems.
It employs custom rules on kernel events, which are enriched with container and Kubernetes metadata, to provide real-time alerts.
Crossplane troubleshooting tool
Crossplane Tool is a project designed to experiment with visualizing Crossplane resources.
The goal is to help Crossplane users understand the structure of their control plane resources and speed up troubleshooting.
Bank Vaults: a Vault swiss-army knife
Bank-Vaults is an umbrella project which provides various tools for Cloud Native secret management, including:
- Bank-Vaults CLI to configure Hashicorp Vault.
- Vault operator.
- Vault secrets webhook to inject secrets.
- Vault SDK
GKE and GCLB integration controller
Autoneg is a GKE-specific Kubernetes controller that works with the GKE Network Endpoint Group (NEG) controller to manage integration between your Kubernetes service endpoints and GCLB backend services.
Hypershift: clusters with hosted control planes
HyperShift is a middleware for hosting OpenShift control planes at scale that saves cost and time to provision and portability cross-cloud with a strong separation of concerns between management and workloads.
Other interesting projects:
Upcoming Kubernetes events
Mar
27
Online & in-person meetup organized by AWS Bulgaria User Group.
Location: Sofia, BG and virtual
This is a free event.
Apr
3
The attacker perspective: insights from hacking Alibaba Cloud's Kubernetes environments
Online meetup organized by Cloud Technology in the North.
This is a virtual event
This is a free event.
Mar
28
Kubernetes network observability with Retina
Online webinar organized by Peter Jausovec.
This is a virtual event
This is a free event.
Mar
28
The ultimate guide to container security
Online webinar organized by Palo Alto Networks.
This is a virtual event
This is a free event.
Mar
27
iPaaS is passé and HIP ain't hip
Online webinar organized by Fiorano.
This is a virtual event
This is a free event.
Discover more Kubernetes events on Kube Events →
Kubernetes Call for Papers
expired
CloudNativeSecurityCon North America
The Call For Paper was open until 1 April 2024 at UTC. More info →
Location: Seattle, WA, USA
In-person conference organized by Linux Foundation.
The conference starts on the 26 June 2024.
- Apply here
expired
Kubernetes Community Days Italy 2024
The Call For Paper was open until 4 April 2024 at UTC. More info →
Location: Milan, IT
In-person conference organized by KCD Italy.
The conference starts on the 20 June 2024.
- Apply here
expired
Kubernetes Community Days Czech Slovak 2024
The Call For Paper was open until 31 March 2024 at UTC. More info →
Location: Prague, CZ and virtual
Online & in-person conference organized by KCD Czech & Slovak.
The conference starts on the 6 June 2024.
- Apply here
expired
The Call For Paper was open until 31 March 2024 at UTC. More info →
Location: Hamburg, DE
In-person conference organized by Loovent.
The conference starts on the 4 September 2024.
- Apply here
expired
Kubernetes Community Days Zürich 2024
The Call For Paper was open until 1 April 2024 at UTC. More info →
Location: Zürich, CH
In-person conference organized by KCD Zürich.
The conference starts on the 13 June 2024.
- Apply here
expired
Kubernetes Community Days Argentina 2024
The Call For Paper was open until 5 April 2024 at UTC. More info →
Location: Buenos Aires, AR
In-person conference organized by KCD Argentina.
The conference starts on the 10 May 2024.
- Apply here
expired
Kubernetes Community Days Barcelona 2024
The Call For Paper was open until 1 April 2024 at UTC. More info →
Location: Madrid, ES
In-person meetup organized by KCD Spain.
The meetup starts on the 13 June 2024.
- Apply here
expired
Kubernetes Community Days Hyderabad 2024
The Call For Paper was open until 15 April 2024 at UTC. More info →
Location: Hyderabad, IN and virtual
Online & in-person meetup organized by KCD Hyderabad.
The meetup starts on the 22 June 2024.
- Apply here
7
days
The Call For Paper is open until 5 May 2024 at UTC. More info →
Location: Hong Kong, HK
In-person conference organized by Linux Foundation.
The conference starts on the 21 August 2024.
- Apply here
Until next time!
— Dan
Subscribe and, every Wednesday, receive the latest Kubernetes news!