Learn Kubernetes Weekly issue 78

conntrack limiting your Gateway, Lookup resources inside Helm, Cilium native routing in Kind, DaemonSets: the Philosopher's Stone of lazy sysadmins

8 May 2024

This newsletter is brought to you by Otterize — automate workload IAM policies: zero-friction development, zero-trust security.

Articles

  1. How conntrack could be limiting your Kubernetes Gateway

    Jay Miracola

    The article discusses how conntrack can limit a Kubernetes gateway under high load.

    It provides insights on monitoring conntrack events, ways to address conntrack exhaustion, and considerations for optimizing performance.

  2. Lookup Kubernetes resources inside Helm Charts

    Kirill Shirinkin

    Did you know that you can query Kubernetes API directly from your Helm templates?

    This article demonstrates how to query Kubernetes API from Helm templates to automate tasks like scaling down deployments.

  3. Play with Cilium native routing in Kind cluster

    Jérôme NAHELOU

    In this article, you will learn how to optimize performance and network management in your Kubernetes environment by fully leveraging the advanced features of tools such as Cilium, eBPF, and XDP.

  4. EKS pods stuck in Init/ContainerCreating state

    Hazmei Abdul Rahman

    Ascenda Loyalty's team encountered issues with pods stuck in ContainerCreating due to maxing out pod ENIs, a limitation when using security groups for pods.

    The fix involved reducing ENI usage and addressing discrepancies caused by db migration jobs.

  5. DaemonSets: the Philosopher’s Stone of lazy sysadmins

    Luis Toro Puig

    DaemonSets in Kubernetes offer a convenient way for sysadmins to deploy system-level services across a cluster, but using them for privileged and non-isolated workloads raises security concerns.

    Learn why in this article.

  6. Hardening container images: best practices and examples for Docker

    Fabien Soulis

    Container image hardening involves adhering to best practices, monitoring vulnerabilities, and enhancing container security.

    This article provides guidelines to mitigate risks in running Docker containers in production.

Articles worth checking out:

Human readable Network Policies and Kafka ACLs

Otterize

Instead of managing pod identities and manually authoring individual network policies, Otterize implements intent-based access control (IBAC).

Declare what the pods can do, and everything is automatically wired together.

Human readable Network Policies and Kafka ACLs

Tutorials

  1. Scaling a bare metal cluster into the cloud

    Mathius Pius

    In this tutorial, you will learn how to expand and scale an on-premise, bare-metal cluster into a public cloud using Kubespan — a Wireguard-based mesh network and Talos.

    sponsored

  2. Secret management in EKS using SSM Parameter Store, KMS and ESO

    Geoffrey

    In this article, you'll learn how to store secrets while ensuring multi-tenancy, local work and scalability with:

    • SSM Parameter Store to store configs and secrets.
    • IAM to restrict access.
    • KMS to encrypt/decrypt secrets.
    • External Secret Operator.

  3. Kubernetes, Talos OS, Raspberry PI 4, and the power duo of Prometheus and Grafana!

    Juan Botero

    The guide details setting up Kubernetes, Talos OS, Prometheus, and Grafana on Raspberry Pi 4.

  4. Set up a Kubernetes cluster in under 5 minutes with Proxmox and k3s

    Mihai Farcas

    This tutorial demonstrates setting up a Kubernetes cluster in under 5 minutes using Proxmox and k3s on compact mini PCs.

    It covers adding a new node, creating a virtual machine, installing K3S, and monitoring power consumption.

  5. Create managed resources using Crossplane Composite

    Muhammad Mustafa

    In this tutorial, you'll learn how to use Crossplane to create and manage multiple managed resources using Compositions.

    It demonstrates the process using minikube and covers the creation of an Instance and DynamoDB table.

Kubernetes jobs

    • Software Engineer with Monta

    • Salary: kr. 540K to kr. 660K a year

    • Location: based in the office (and remote from home) in Copenhagen, DK

    • Tech stack: Kubernetes, AWS, Docker, Java, Kotlin, Redis, MySQL, Grafana, Prometheus, Loki

    • DevOps Engineer with PressReader

    • Salary: US$110K to US$130K a year

    • Location: based in the office (and remote from home) in British Columbia, CA

    • Tech stack: Kubernetes, AWS, Azure, GCP, On-premise, ArgoCD, Docker, Openstack, Terraform, Azure DevOps

    • Software Engineer with Altruist

    • Salary: $170K to $226K a year

    • Location: based in the office (and remote from home) in San Francisco, CA, USA

    • Tech stack: Kubernetes, AWS, Docker, Python, SQL, Java, Cassandra, Redis, PostgreSQL, MySQL

    • Software Engineer with Boba Commodities

    • Salary: £110K to £120K a year

    • Location: based in the office (and remote from home) in London, GB

    • Tech stack: Kubernetes, AWS, Python, SQL, Javascript, C#, Flink, Airflow, Kafka, Terraform

    • DevOps Engineer with Madwire

    • Salary: $100K to $160K a year

    • Location: remote from the United States

    • Tech stack: Kubernetes, AWS, GCP, Go, Python, Javascript, Terraform, Pulumi, CircleCI, GitHub Actions

Discover more Kubernetes jobs on Kube Careers →

Code & tools

  1. Helm Uniform Layer Library

    The HULL Helm library chart is designed to ease building, maintaining and configuring Kubernetes objects in Helm charts.

  2. kubernetes/git-sync

    git-sync is a simple command that pulls a git repository into a local directory.

    It is a perfect "sidecar" container in Kubernetes - it can periodically pull files down from a repository so that an application can consume them.

  3. Wireguard operator

    Wireguard-operator is a WireGuard operator created to easily provision a VPN in a Kubernetes cluster.

  4. Kraken registry

    Kraken is a P2P-powered Docker registry that focuses on scalability and availability.

    It is designed for Docker image management, replication, and distribution in a hybrid cloud environment.

  5. Capsule: Kubernetes operator for multi-tenancy

    Capsule implements a multi-tenant and policy-based environment in your Kubernetes cluster.

    It is designed as a micro-services-based ecosystem with a minimalist approach, leveraging only upstream Kubernetes.

Other interesting projects:

Upcoming Kubernetes events

  1. May

    10

    Kubernetes Community Days Argentina 2024

    In-person conference organized by KCD Argentina.

    • Location: Buenos Aires, AR

    • This event requires an entrance fee

  2. May

    11

    Kuberentes Community Days Dhaka 2024

    In-person conference organized by KCD Dhaka.

    • Location: Dhaka, BD

    • This is a free event.

  3. May

    13

    Advanced Kubernetes course (Munich)

    In-person workshop organized by Learnk8s.

    • Location: Munich, DE

    • This event requires an entrance fee

  4. May

    15

    Kubernetes Community Days Istanbul

    In-person conference organized by KCD Istanbul.

    • Location: Istanbul, TR

    • This event requires an entrance fee

      • Use LEARNK8SKCDIST24 to get 10% off

  5. May

    16

    Understanding Amazon EKS blueprints with Amazon EKS add-ons for clusters

    Online meetup organized by AWS User Group Women Bay Area.

    • This is a virtual event

    • This is a free event.

Discover more Kubernetes events on Kube Events →

Kubernetes Call for Papers

  1. expired

    KubeCon North America

    The Call For Paper was open until 10 June 2024 at UTC. More info →

    • Location: Salt Lake City, UT, USA and virtual

    • Online & in-person conference organized by Linux Foundation.

    • The conference starts on the 12 November 2024.

    • Apply here

  2. expired

    Kubernetes Community Days Lima, Perú 2024

    The Call For Paper was open until 16 May 2024 at UTC. More info →

    • Location: Lima, PE

    • In-person conference organized by KCD Lima, Perú.

    • The conference starts on the 20 July 2024.

    • Apply here

  3. expired

    KubeDay Japan

    The Call For Paper was open until 19 May 2024 at UTC. More info →

    • Location: Tokyo, JP

    • In-person conference organized by Linux Foundation.

    • The conference starts on the 27 August 2024.

    • Apply here

  4. expired

    Kubernetes Community Days UK

    The Call For Paper was open until 4 June 2024 at UTC. More info →

    • Location: London, UK

    • In-person conference organized by KCD UK.

    • The conference starts on the 23 October 2024.

    • Apply here

  5. expired

    Kubernetes Community Days Washington DC 2024

    The Call For Paper was open until 3 June 2024 at UTC. More info →

    • Location: Washington, DC, USA

    • In-person conference organized by KCD Washington DC.

    • The conference starts on the 24 September 2024.

    • Apply here

  6. expired

    Kubernetes Community Days Austria 2024

    The Call For Paper was open until 22 June 2024 at UTC. More info →

    • Location: Vienna, AT

    • In-person conference organized by KCD Austria.

    • The conference starts on the 10 October 2024.

    • Apply here

  7. expired

    CloudX 2024

    The Call For Paper was open until 14 June 2024 at UTC. More info →

    • Location: Santa Clara, CA, USA

    • In-person conference organized by DevNetwork.

    • The conference starts on the 14 November 2024.

    • Apply here

  8. expired

    KubeVirt Summit 2024

    The Call For Paper was open until 20 May 2024 at UTC. More info →

    • This is a virtual event

    • Online conference organized by KubeVirt.

    • The conference starts on the 25 June 2024.

    • Apply here

  9. expired

    The DevOps conference 2024

    The Call For Paper was open until 13 May 2024 at UTC. More info →

    • Location: Copenhagen, DK

    • In-person conference organized by Eficode.

    • The conference starts on the 5 November 2024.

    • Apply here

Until next time!

— Dan

Subscribe and, every Wednesday, receive the latest Kubernetes news!

Or follow us on: