Learn Kubernetes Weekly issue 73

How we preview Kubernetes changes, Npm packages exfiltrating Kubernetes Config, AWS EKS security groups, ArgoCD finalizer: protecting clusters

3 Apr 2024

Become an expert in Kubernetes!

Join our next Advanced Kubernetes workshop on the 18th of April (in 2 weeks) and master Kubernetes deployment, networking and more.

The hands-on course will teach you how to break and build clusters!

Articles

  1. How we preview Kubernetes changes at Chime

    Nicolas Richard

    This article explains how the team at Chime previews changes to its Kubernetes resources with 'mani-diffy', a tool that renders the manifests and commits the rendered files back for review and validation.

  2. AWS EKS security groups per pod: improve the security of your Kubernetes clusters

    Seifeddine Rajhi

    AWS EKS Security Groups Per Pod is a feature that allows you to assign security groups to individual Kubernetes pods.

    This gives you more granular control over the network traffic flowing to and from each pod.

    Learn how to use it in this guide.

  3. ArgoCD finalizer: protecting your clusters from unintended deletion

    Tal Yitzhak

    This article teaches how to protect your ArgoCD clusters from accidental deletion using finalizers, a simple yet powerful mechanism that ensures the integrity of your cloud-native infrastructure.

  4. Npm packages caught exfiltrating Kubernetes Config, SSH keys

    Ax Sharma

    This article discusses how the Sonatype Security Research team uncovered a malware campaign using npm packages to target Kubernetes configurations and SSH keys.

Fast, lightweight and modern GUI for Kubernetes

Aptakube

Connect to multiple clusters simultaneously and minimize context switching.

Explore Metrics, Logs, Quick Actions, Shell, YAML Editor, and more, all neatly packaged into one compact app.

Use the code LEARNK8S2024 for a 10% discount.

Fast, lightweight and modern GUI for Kubernetes

Tutorials

  1. Managed SSL certs for a private Kubernetes cluster with Cloudflare, cert manager, and Let's Encrypt

    Kevin Lutzer

    In this tutorial, you'll learn how to set up a cert-manager to create and renew certifications automatically.

    You'll also set up a hello-world deployment and service to test HTTPS traffic via a Kubernetes Ingress.

Kubernetes jobs

    • Site Reliability Engineer with Sidero Labs

    • Salary: $80K to $130K a year

    • Location: remote from Europe

    • Tech stack: Kubernetes, On-premise, ArgoCD, Go, Terraform

    • Software Engineer with Novata

    • Salary: £90K a year

    • Location: based in the office (and remote from home) in London, GB

    • Tech stack: Kubernetes, AWS, ArgoCD, Docker, Javascript, Typescript, Terraform, GitHub Actions, Datadog

    • Site Reliability Engineer with Oura

    • Salary: $161.17K to $220.92K a year

    • Location: based in the office in New York, NY, USA

    • Tech stack: Kubernetes, AWS, Python, Javascript, DynamoDB, GitHub Actions

Discover more Kubernetes jobs on Kube Careers →

Code & tools

  1. Kubernetes Resource Recommender

    Kubernetes Resource Recommender is a CLI tool for optimizing resource allocation in Kubernetes clusters.

    It gathers pod usage data from Prometheus and recommends requests and limits for CPU and memory.

    This reduces costs and improves performance.

  2. Dive: explore image layers

    Dive is a tool for exploring a docker image, layer contents, and discovering ways to shrink the size of your Docker/OCI image.

  3. Kubeconform: manifests validator

    Kubeconform is a Kubernetes manifests validation tool.

    Similar to Kubeval, but with the following improvements:

    1. High performance.
    2. Remote or local schema locations
    3. Up-to-date schemas for all recent versions of Kubernetes.

  4. Kubernetes RBAC authorizing HTTP proxy

    The kube-rbac-proxy is an HTTP proxy for a single upstream, that can perform RBAC authorization against the Kubernetes API using SubjectAccessReview.

  5. Bottlerocket: container OS

    Bottlerocket is a free and open-source Linux-based operating system meant for hosting containers.

    It is specifically designed to work with your container orchestrator (like Kubernetes) to automate the containers' lifecycle in your cluster.

Other interesting projects:

Upcoming Kubernetes events

  1. Apr

    6

    KubeFest

    In-person conference organized by Cloud Native Rioja.

    • Location: Logroño, ES

    • This is a free event.

  2. Apr

    8

    Qcon London

    In-person conference organized by InfoQ.

    • Location: London, UK

    • This event requires an entrance fee

  3. Apr

    8

    Node Autoprovision on AKS & Flux with Terraform

    Online meetup organized by Azure Community Enthusiasts User Group.

    • This is a virtual event

    • This is a free event.

  4. Apr

    9

    Kubernetes Community Days Lahore 2024

    In-person conference organized by KCD Lahore.

    • Location: Lahore, PK

    • This is a free event.

  5. Apr

    10

    Devopsdays Raleigh

    In-person conference organized by Devopsdays.

    • Location: Raleigh, NC, USA

    • This event requires an entrance fee

  6. Apr

    18

    Advanced Kubernetes course

    Online workshop organized by Learnk8s.

    • This is a virtual event

    • This event requires an entrance fee

  7. Apr

    25

    Kubernetes Community Days Romania 2024

    In-person conference organized by KCD Romania.

    • Location: Bucharest, RO

    • This is a free event.

Discover more Kubernetes events on Kube Events →

Kubernetes Call for Papers

  1. expired

    Kubernetes Community Days Italy 2024

    The Call For Paper was open until 4 April 2024 at UTC. More info →

    • Location: Milan, IT

    • In-person conference organized by KCD Italy.

    • The conference starts on the 20 June 2024.

    • Apply here

  2. expired

    Kubernetes Community Days Argentina 2024

    The Call For Paper was open until 5 April 2024 at UTC. More info →

    • Location: Buenos Aires, AR

    • In-person conference organized by KCD Argentina.

    • The conference starts on the 10 May 2024.

    • Apply here

  3. expired

    Kubernetes Community Days Hyderabad 2024

    The Call For Paper was open until 15 April 2024 at UTC. More info →

    • Location: Hyderabad, IN and virtual

    • Online & in-person meetup organized by KCD Hyderabad.

    • The meetup starts on the 22 June 2024.

    • Apply here

  4. expired

    KubeCon China

    The Call For Paper was open until 5 May 2024 at UTC. More info →

    • Location: Hong Kong, HK

    • In-person conference organized by Linux Foundation.

    • The conference starts on the 21 August 2024.

    • Apply here

  5. expired

    KubeCon North America

    The Call For Paper was open until 10 June 2024 at UTC. More info →

    • Location: Salt Lake City, UT, USA and virtual

    • Online & in-person conference organized by Linux Foundation.

    • The conference starts on the 12 November 2024.

    • Apply here

  6. expired

    Kubernetes Community Days Lima, Perú 2024

    The Call For Paper was open until 16 May 2024 at UTC. More info →

    • Location: Lima, PE

    • In-person conference organized by KCD Lima, Perú.

    • The conference starts on the 20 July 2024.

    • Apply here

  7. expired

    KubeDay Japan

    The Call For Paper was open until 19 May 2024 at UTC. More info →

    • Location: Tokyo, JP

    • In-person conference organized by Linux Foundation.

    • The conference starts on the 27 August 2024.

    • Apply here

  8. expired

    DevOps Pro Europe

    The Call For Paper was open until 15 April 2024 at UTC. More info →

    • Location: Vilnius, LT and virtual

    • Online & in-person conference organized by Data Miner.

    • The conference starts on the 20 May 2024.

    • Apply here

  9. expired

    Devopsdays Ukraine: let's talk security

    The Call For Paper was open until 4 May 2024 at UTC. More info →

    • This is a virtual event

    • Online conference organized by Devopsdays.

    • The conference starts on the 4 June 2024.

    • Apply here

Until next time!

— Dan