Forwarded from Kubesploit
Kubernetes has a pluggable mechanism for enforcing granular policies on its resources.
This gets even easier when you add Open Policy Agent and Gatekeeper.
In this article, you will learn how to use Gatekeeper to keep your Deployments in check.
More: https://asankov.dev/blog/2022/04/21/securing-kubernetes-with-open-policy-agent
This gets even easier when you add Open Policy Agent and Gatekeeper.
In this article, you will learn how to use Gatekeeper to keep your Deployments in check.
More: https://asankov.dev/blog/2022/04/21/securing-kubernetes-with-open-policy-agent
asankov.dev
Securing Kubernetes with Open Policy Agent
Build-in Kubernetes security is not enough for most organizations to enforce granular rules and policies to the workloads running in their clusters. That is why projects like OPA and Gatekeeper exist to help you achieve a higher level of Kubernetes security
Forwarded from LearnKube news
In this article, you will learn how to "tidy up" your abandoned namespaces and delete unused resources by writing an application with client-go, cloudmanager (GCP) and the Github APIs.
More: https://laiyuanyuan-sg.medium.com/cluster-governance-clean-up-resources-periodically-2a8d4f0966da
More: https://laiyuanyuan-sg.medium.com/cluster-governance-clean-up-resources-periodically-2a8d4f0966da
Medium
Cluster Governance — clean up resources periodically
Build tools to clean up resources using client-go, GCP API, and Github API
👍1
In this article, you will discuss the shortcomings of the default cluster autoscaler and see how you can overcome them with Karpenter — a predictive autoscaler.
More: https://medium.com/@kai-wei-mo/redesigning-kubernetes-cluster-autoscaling-using-karpenter-for-intelligent-node-provisioning-and-a721d891e988
More: https://medium.com/@kai-wei-mo/redesigning-kubernetes-cluster-autoscaling-using-karpenter-for-intelligent-node-provisioning-and-a721d891e988
OpenFunction is a cloud-native open-source FaaS (Function as a Service) platform aiming to let you focus on your business logic without having to maintain the underlying runtime environment and infrastructure.
More: https://github.com/OpenFunction/OpenFunction
More: https://github.com/OpenFunction/OpenFunction
👍1
Kubeapps is an in-cluster web-based application that enables users with a one-time installation to deploy, manage, and upgrade applications on a Kubernetes cluster.
More: https://kubeapps.com
More: https://kubeapps.com
The OpenShift console is a nice GUI intended for use within OpenShift clusters. It offers a consolidated overview of resources, integrated metrics, alerting, etc.
In this article, you will learn how to run it in a plain Kubernetes cluster.
More: https://engineering.cloudflight.io/running-the-openshift-console-in-plain-kubernetes
In this article, you will learn how to run it in a plain Kubernetes cluster.
More: https://engineering.cloudflight.io/running-the-openshift-console-in-plain-kubernetes
Forwarded from Kube Builders
kubectl-ice is a kubectl plugin that lets you see the configuration of all pod's containers.
You can inspect volumes, images, ports and executable configurations, along with current CPU and memory metrics at the container level.
More: https://github.com/NimbleArchitect/kubectl-ice
You can inspect volumes, images, ports and executable configurations, along with current CPU and memory metrics at the container level.
More: https://github.com/NimbleArchitect/kubectl-ice
GitHub
GitHub - NimbleArchitect/kubectl-ice: Kubectl-ice is an open-source tool for Kubernetes users to monitor and optimize container…
Kubectl-ice is an open-source tool for Kubernetes users to monitor and optimize container resource usage. Features include usage breakdowns for pods and containers, making scaling and optimization ...
Forwarded from LearnKube news
Master Kubernetes with this a 4-day Advanced Kubernetes workshop on the 9th of June!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
You can sign up here: https://learnk8s.io/online-advanced-june-2022
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
You can sign up here: https://learnk8s.io/online-advanced-june-2022
Starting with Envoy 1.17, authentication and authorization to Istio clusters don't require setting up external services if you decide to use OAuth2.
Learn how it works in this hands-on tutorial.
More: https://medium.com/getindata-blog/oauth2-based-authentication-on-istio-powered-kubernetes-clusters-2bd0999b7332
Learn how it works in this hands-on tutorial.
More: https://medium.com/getindata-blog/oauth2-based-authentication-on-istio-powered-kubernetes-clusters-2bd0999b7332
Medium
OAuth2-based authentication on Istio-powered Kubernetes clusters
You have just installed your first Kubernetes cluster and installed Istio to get the full advantage of Service Mesh. Thanks to really…
Percona Operator for PostgreSQL automates and simplifies deploying and managing open source PostgreSQL clusters on Kubernetes.
More: https://github.com/percona/percona-postgresql-operator
More: https://github.com/percona/percona-postgresql-operator
Learn how to design a Kafka cluster to achieve high availability using standard kubernetes resources and test how it tolerates maintenance and total node failures.
More: https://learnk8s.io/kafka-ha-kubernetes
More: https://learnk8s.io/kafka-ha-kubernetes
Forwarded from Kube Builders
This repo covers Kubernetes objects' and components' details (Kubectl, Pod, Deployment, Service, ConfigMap, Volume, PV, PVC, Daemonset, Secret, Affinity, Taint-Toleration, Helm, etc.), and possible example usage scenarios (how-to, hands-on labs, etc.).
More: https://github.com/omerbsezer/Fast-Kubernetes
More: https://github.com/omerbsezer/Fast-Kubernetes
👍1
Helm-unittest is a BDD style unit test framework for Kubernetes Helm charts distributed as a Helm plugin.
Features:
- Write test files in YAML.
- Render locally.
- Snapshot testing
More: https://github.com/quintush/helm-unittest
Features:
- Write test files in YAML.
- Render locally.
- Snapshot testing
More: https://github.com/quintush/helm-unittest
GitHub
GitHub - quintush/helm-unittest: BDD styled unit test framework for Kubernetes Helm charts as a Helm plugin.
BDD styled unit test framework for Kubernetes Helm charts as a Helm plugin. - quintush/helm-unittest
In this step-by-step tutorial, you will learn how to securely deploy Postgres to Kubernetes using two methods:
1. via Helm charts and
2. YAML configurations
More: https://adamtheautomator.com/postgres-to-kubernetes
1. via Helm charts and
2. YAML configurations
More: https://adamtheautomator.com/postgres-to-kubernetes
👍1
In this article, you will learn the fundamentals of port forwarding in the context of Network Address Translation and how this networking concept can be put into practice with Pods on your Kubernetes cluster.
More: https://containiq.com/post/kubectl-port-forward
More: https://containiq.com/post/kubectl-port-forward
👍1
Forwarded from Kubesploit
This article shows the core strategies for securing an Argo CD deployment and keeping you ahead of potential exposures.
1. Use a dedicated project for the control plane.
2. Argo resources are for Argo admins only.
...
6. Have a CVE response plan ready.
More: https://dnastacio.medium.com/gitops-argocd-security-cbb6fb6378bb
1. Use a dedicated project for the control plane.
2. Argo resources are for Argo admins only.
...
6. Have a CVE response plan ready.
More: https://dnastacio.medium.com/gitops-argocd-security-cbb6fb6378bb
👍1
Forwarded from Kube Events
🗓 Kubernetes events starting in the next 24 hours:
30 May 3:00 am GMT - What is Gitops? And GitOps with OpenShift | Cloud Native Development with OpenShift - 📍 Online meetup
30 May 3:00 pm GMT - Learn how to provision Jenkins instances on demand with Kubernetes and configuration as code | Jenkins Online Meetup - 📍 Online meetup
→ See all Kubernetes events
30 May 3:00 am GMT - What is Gitops? And GitOps with OpenShift | Cloud Native Development with OpenShift - 📍 Online meetup
30 May 3:00 pm GMT - Learn how to provision Jenkins instances on demand with Kubernetes and configuration as code | Jenkins Online Meetup - 📍 Online meetup
→ See all Kubernetes events
Forwarded from Kube Builders
In this article you will learn how you can use the ambassador, adapter, sidecar and init containers to extend yours apps in Kubernetes without changing their code.
More: https://learnk8s.io/sidecar-containers-patterns
More: https://learnk8s.io/sidecar-containers-patterns
In this case study, you'll learn how Hepsiburada migrated from an on-premises active-active Elasticsearch cluster (manually scaled) deployed in two data centers to a multi-zone Google Cloud Kubernetes cluster that can scale automatically.
More: https://ayetkin.medium.com/hepsiburada-search-engine-on-kubernetes-1fe03a3e71a3
More: https://ayetkin.medium.com/hepsiburada-search-engine-on-kubernetes-1fe03a3e71a3
Forwarded from Kubesploit
You're probably aware that it is best practice not to use the latest tag when deploying to Kubernetes because that tag can be changed to point at a different image.
Learn how to use kbld with Argo CD to increase the security of your delivery pipeline.
More: https://blog.argoproj.io/preventing-tag-mutation-with-kbld-and-argo-cd-19cecd65963
Learn how to use kbld with Argo CD to increase the security of your delivery pipeline.
More: https://blog.argoproj.io/preventing-tag-mutation-with-kbld-and-argo-cd-19cecd65963
Medium
Preventing Tag Mutation With kbld And Argo CD
You’re probably aware that it is best practice not to use the latest tag when deploying to Kubernetes because that tag can be changed to…
Forwarded from LearnKube news
Master Kubernetes with this a 4-day Advanced Kubernetes workshop on the 9th of June (next week)!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
You can sign up here: https://learnk8s.io/online-advanced-june-2022
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
You can sign up here: https://learnk8s.io/online-advanced-june-2022
👍1