Learn Kubernetes Weekly issue 89

Managing 100s of Kubernetes clusters using Cluster API, When Kubernetes and Go don't work well together, Kubernetes probes done wrong

24 Jul 2024

This newsletter is brought to you by Otterize — Automate workload IAM policies: zero-friction development, zero-trust security.

Articles

1. Managing 100s of Kubernetes clusters using Cluster API

   Zain Malik

   This case study discusses how the team at City Storage Systems manages over 100 multi-tenant Kubernetes clusters.

   Using Cluster API, they have achieved complete automation in cluster provisioning, lifecycle management, and upgrades.

2. Mastering Kubernetes networking: a journey in cloud-native packet management

   Nic Vermandé

   Kubernetes networking is complex, and an understanding of components like Ingress and microservices communication is needed.

   Otterize automates Network Policy creation based on real traffic patterns, simplifying the process for developers and boosting security without slowing development.

   sponsored

3. When Kubernetes and Go don't work well together

   Emin Laletovic

   This article discusses an issue in which a pod was repeatedly restarted due to an OOM error.

   The problem stemmed from Go's garbage collector not being aware of the container's memory limits, which caused memory allocation to exceed these limits.

4. What we learned from launching edge compute from enterprise architecture

   Brian Chambers

   Brian reflects on launching a compute edge k3s platform at Chick-fil-A.

   They discuss the challenges, lessons learned, and the impact on their Enterprise Architecture practice, highlighting the need to tie technology capabilities to business challenges.

5. Kubernetes probes done wrong

   Julio Renner

   This article discusses the importance of properly configuring Kubernetes probes.

   It provides examples of scenarios where misconfigured probes caused harm, emphasizing the need for careful consideration when setting them up.

6. Lambda versus containers

   Marc Campora

   This article highlights the operational simplicity and cost advantages of Lambda over Kubernetes.

   It discusses cost perspectives, cold start issues, operational constraints, and considerations for migrating microservices to Lambda.

Articles worth checking out:

• How Kubernetes picks which pods to delete during scale-in

• Decoding Azure security with an interesting use case: Azure File share mount on AKS workloads

• Kubernetes and back: why I don't run distributed systems

• A comprehensive overview of Argo CD architectures

• Deciphering the Kubernetes networking maze: navigating Load-Balance, BGP, IPVS and beyond

• Mastering graceful shutdown in distributed systems and microservices

• Don't load balance GRPC or HTTP2 using Kubernetes service

• Making GitHub workflows to deploy to GKE with Terraform and Workload Identity Federation

Kubernetes PCI compliance into actionable detections

Otterize

Identify security gaps effortlessly with Otterize!

It locates sensitive services and translates regulatory requirements like PCI into actionable detections.

Whether on Kubernetes clusters or hybrid infrastructures, Otterize maps deployments and pinpoints areas needing extra protection.

Try it now

Tutorials

1. Running Tekton pipelines on Kubernetes at scale

   piotr.minkowski

   In this tutorial, you will learn how to configure and run CI pipelines on Kubernetes at scale with Tekton or OpenShift Pipelines.

2. Network mapping & network policies

   Otterize

   Otterize's open-source Network Mapper and Intents Operator can map your cluster with zero configuration, low privileges, low resource usage, and automate the management of network policies.

   sponsored

3. Writing a Kubernetes Operator

   Dmitry Dodzin

   This tutorial documents the process of writing a Kubernetes Operator using the Rust language and kube-rs.

   It provides a step-by-step guide, including the creation of a new resource and the implementation of methods to handle resource calls.

4. How to run OAuth2 Proxy with Traefik in Kubernetes, using Helm and Terraform

   Mike Schouw

   The article discusses using OAuth2 Proxy with Traefik in Kubernetes.

   The process involves configuring Traefik and OAuth2 Proxy and using Traefik's forwardAuth middleware.

Kubernetes jobs

1. • DevOps Engineer with Softeta

   • Salary: €66K to €84K a year

   • Location: based in the office (and remote from home) in Vilnius, LT

   • Tech stack: Kubernetes, AWS, Azure, GCP, Docker, Shell, Python, Ansible, Puppet, Chef

2. • Site Reliability Engineer with MasteryPrep

   • Salary: $165K to $175K a year

   • Location: remote from the United States

   • Tech stack: Kubernetes, GCP, Docker, Shell, Python, Javascript, Typescript, Powershell, PostgreSQL, Terraform

3. • Platform Engineer with Peaksware

   • Salary: $80.32K to $133.86K a year

   • Location: based in the office (and remote from home) in Louisville, CO, USA

   • Tech stack: Kubernetes, AWS, Docker, Shell, Python, C#, Powershell, Terraform, Ansible

4. • Site Reliability Engineer with Alloy

   • Salary: $194K to $228K a year

   • Location: based in the office (and remote from home) in New York, NY, USA

   • Tech stack: Kubernetes, AWS, Azure, GCP, Docker, Go, Shell, Python, Javascript, Terraform

Discover more Kubernetes jobs on Kube Careers →

Code & tools

1. kail: streams logs

   kail streams logs from all containers of all matched pods.

   You can match pods by service, replicaset, deployment, and others.

   Adjusts to a changing cluster - pods are added and removed from logging as they fall in or out of the selection.

2. chaosinthecrd/kube-lock

   kube-lock sits as an intermediary between you and kubectl, allowing you to lock and unlock contexts.

   It prevents misfires to production / high-value Kubernetes clusters that you might have strong IAM privileges on.

3. Kubernetes Terraform installer for Hetzner Cloud

   This Terraform module creates a Kubernetes Cluster on Hetzner Cloud infrastructure running Ubuntu 22.04.

   The module aims to be simple to use while providing an out-of-the-box, secure, and maintainable setup.

4. Retina: observability platform

   Microsoft

   Retina is a cloud-agnostic, open-source Kubernetes network observability platform that provides a centralized hub for monitoring application health, network health, and security

5. Kubeshare: fractional GPU

   NTHU-LSALAB

   Kubeshare is a topology and heterogeneous resource-aware scheduler for fractional GPU allocation in a Kubernetes cluster.

Other interesting projects:

• Admiralty: multicluster scheduler

• kubectl-otel

• Cozystack: building clouds

• Pod doctor

• k8s-cluster-checker

Upcoming Kubernetes events

1. Jul

   25

   Advanced Kubernetes course

   Online workshop organized by Learnk8s.

   • This is a virtual event

   • This event requires an entrance fee

2. Jul

   24

   Inspektor gadget deep dive

   Online meetup organized by The Platformers Community San Francisco.

   • This is a virtual event

   • This is a free event.

3. Jul

   25

   SkySummit

   In-person conference organized by SkySummit.

   • Location: Berlin, DE

   • This event requires an entrance fee

   • • Use KUBEEVENT10 to get 10% off

4. Jul

   25

   Deployment of Atlassian applications on Kubernetes

   Online meetup organized by Dublin Atlassian Community Events.

   • This is a virtual event

   • This is a free event.

5. Jul

   25

   Cloud native optimized unified scheduler and big data analysis engine

   Online & in-person meetup organized by ByteDance Open Source Development.

   • Location: San Francisco, US and virtual

   • This is a free event.

Discover more Kubernetes events on Kube Events →

Kubernetes Call for Papers

1. expired

   Kubernetes Community Days Denmark 2024

   The Call For Paper was open until 16 September 2024 at UTC. More info →

   • Location: Copenhagen, DK

   • In-person conference organized by KCD Denmark.

   • The conference starts on the 20 November 2024.

   • Apply here

2. expired

   KubeCon India

   The Call For Paper was open until 25 August 2024 at UTC. More info →

   • Location: Delhi, IN

   • In-person conference organized by Linux Foundation.

   • The conference starts on the 11 December 2024.

   • Apply here

3. expired

   Kube Native 2024

   The Call For Paper was open until 26 August 2024 at UTC. More info →

   • This is a virtual event

   • Online conference organized by Conf42.

   • The conference starts on the 26 September 2024.

   • Apply here

4. expired

   Platform Engineering 2024

   The Call For Paper was open until 5 August 2024 at UTC. More info →

   • This is a virtual event

   • Online conference organized by Conf42.

   • The conference starts on the 5 September 2024.

   • Apply here

5. expired

   QCon San Francisco

   The Call For Paper was open until 18 September 2024 at UTC. More info →

   • Location: San Francisco, CA, USA

   • In-person conference organized by InfoQ.

   • The conference starts on the 18 November 2024.

   • Apply here

6. expired

   Open Source Monitoring Conference

   The Call For Paper was open until 15 August 2024 at UTC. More info →

   • Location: Nuremberg, DE

   • In-person conference organized by NETWAYS.

   • The conference starts on the 21 November 2024.

   • Apply here

7. expired

   Devopsdays Bogotá

   The Call For Paper was open until 2 September 2024 at UTC. More info →

   • Location: Bogotá, CO

   • In-person conference organized by Devopsdays.

   • The conference starts on the 29 October 2024.

   • Apply here

8. expired

   Devopsdays Belo Horizonte

   The Call For Paper was open until 31 July 2024 at UTC. More info →

   • Location: Belo Horizonte, BR

   • In-person conference organized by Devopsdays.

   • The conference starts on the 28 September 2024.

   • Apply here

9. expired

   Devopsdays João Pessoa

   The Call For Paper was open until 2 August 2024 at UTC. More info →

   • Location: João Pessoa, BR

   • In-person conference organized by Devopsdays.

   • The conference starts on the 9 November 2024.

   • Apply here

Until next time!

— Dan

Subscribe and, every Wednesday, receive the latest Kubernetes news!