Forwarded from LearnKube news
This media is not supported in your browser
VIEW IN TELEGRAM
How do you choose the best instance type for your Kubernetes cluster?
When using an 8 GB/2vCPU instance, are all the memory and CPU available to pods?
The Kubernetes instance calculator answers those questions and a lot more! https://learnk8s.io/kubernetes-instance-calculator
This is what you can do:
💰 Estimate costs for your workloads based on requests and instance sizes.
🔝 Explore instance overcommitment and efficiency.
📈 Identify over and underspending by model error rates on your actual memory and CPU usage.
⚖️ Compare instances between different cloud providers.
You can find the Kubernetes instance calculator here: https://learnk8s.io/kubernetes-instance-calculator
When using an 8 GB/2vCPU instance, are all the memory and CPU available to pods?
The Kubernetes instance calculator answers those questions and a lot more! https://learnk8s.io/kubernetes-instance-calculator
This is what you can do:
💰 Estimate costs for your workloads based on requests and instance sizes.
🔝 Explore instance overcommitment and efficiency.
📈 Identify over and underspending by model error rates on your actual memory and CPU usage.
⚖️ Compare instances between different cloud providers.
You can find the Kubernetes instance calculator here: https://learnk8s.io/kubernetes-instance-calculator
The article highlights the criticality of whitelisting image registries for cluster security, emphasizing trusted images from secure sources like DockerHub, Redhat Catalog, and GitHub Container Registry.
More: https://medium.com/@alparslanuysal/whitelisting-image-registries-44150c86c4ac
More: https://medium.com/@alparslanuysal/whitelisting-image-registries-44150c86c4ac
Reflector is a Kubernetes addon designed to monitor changes to resources (Secrets and ConfigMaps) and reflect changes to mirror resources in the same or other namespaces.
More: https://github.com/emberstack/kubernetes-reflector
More: https://github.com/emberstack/kubernetes-reflector
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
🧮 Kubernetes instance calculator
💰 Kubernetes cost benchmark report 2024
📕 Practical guide to Kubernetes API
🛟 ETCD: DR solution
📉 How to massively reduce Prometheus load and cardinality by only using Istio labels you need
🙉 ConfigMap conundrum: subtleties of dynamic updates in Kubernetes configurations
Read it now: https://learnk8s.io/issues/88
🧮 Kubernetes instance calculator
💰 Kubernetes cost benchmark report 2024
📕 Practical guide to Kubernetes API
🛟 ETCD: DR solution
📉 How to massively reduce Prometheus load and cardinality by only using Istio labels you need
🙉 ConfigMap conundrum: subtleties of dynamic updates in Kubernetes configurations
Read it now: https://learnk8s.io/issues/88
kube-lock sits as an intermediary between you and kubectl, allowing you to lock and unlock contexts.
It prevents misfires to production / high-value Kubernetes clusters that you might have strong IAM privileges on.
More: https://github.com/chaosinthecrd/kube-lock
It prevents misfires to production / high-value Kubernetes clusters that you might have strong IAM privileges on.
More: https://github.com/chaosinthecrd/kube-lock
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Applied Intuition
💰 $65K to $400K a year
🏠 From the office in Mountain View, CA, USA
→ https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55
DevSecOps Engineer with Credit Karma
💰 $190K to $270K a year
🏠 From the office in Oakland, CA, USA
→ https://kube.careers/t/2399bd1d-f5f3-4ac2-bdf8-e2d75b45348e?s=55
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
DevSecOps Engineer with Crusoe
💰 $210K to $240K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/c82031a3-218d-4f6d-b5c1-86e76359cb90?s=55
👉 Browse all 658 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Applied Intuition
💰 $65K to $400K a year
🏠 From the office in Mountain View, CA, USA
→ https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55
DevSecOps Engineer with Credit Karma
💰 $190K to $270K a year
🏠 From the office in Oakland, CA, USA
→ https://kube.careers/t/2399bd1d-f5f3-4ac2-bdf8-e2d75b45348e?s=55
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
DevSecOps Engineer with Crusoe
💰 $210K to $240K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/c82031a3-218d-4f6d-b5c1-86e76359cb90?s=55
👉 Browse all 658 Kubernetes jobs on Kube Careers https://kube.careers
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
In this episode, Jen, a Technical Marketing Engineer at Tigera, discusses the complexities of adopting network policies.
She shares her initial struggles due to a lack of familiarity, highlighting the learning curve of implementing something new.
From her experience, Jennifer notes that network policies can initially seem daunting but become manageable with experience and a proper organizational setup.
Watch the full episode: https://kube.fm/network-observability-jen
She shares her initial struggles due to a lack of familiarity, highlighting the learning curve of implementing something new.
From her experience, Jennifer notes that network policies can initially seem daunting but become manageable with experience and a proper organizational setup.
Watch the full episode: https://kube.fm/network-observability-jen
The article discusses using OAuth2 Proxy with Traefik in Kubernetes.
The process involves configuring Traefik and OAuth2 Proxy and using Traefik's forwardAuth middleware.
More: https://medium.com/@mike.schouw/how-to-run-oauth2-proxy-with-traefik-in-kubernetes-using-helm-and-terraform-85c39dddcd44
The process involves configuring Traefik and OAuth2 Proxy and using Traefik's forwardAuth middleware.
More: https://medium.com/@mike.schouw/how-to-run-oauth2-proxy-with-traefik-in-kubernetes-using-helm-and-terraform-85c39dddcd44
Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next online courses start next week: https://kube.events/t/1ebfa298-b5c6-4e42-8399-e43e6834683c
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next online courses start next week: https://kube.events/t/1ebfa298-b5c6-4e42-8399-e43e6834683c
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
This article explores Azure security, using a use case of Azure File share mount on AKS as an example.
The author shares valuable insights gleaned from troubleshooting and comprehending Azure's complex security mechanisms.
More: https://medium.com/@connectwithneeraj/decoding-azure-security-with-an-interesting-use-case-azure-file-share-mount-on-aks-workloads-2cb50bcf1c8a
The author shares valuable insights gleaned from troubleshooting and comprehending Azure's complex security mechanisms.
More: https://medium.com/@connectwithneeraj/decoding-azure-security-with-an-interesting-use-case-azure-file-share-mount-on-aks-workloads-2cb50bcf1c8a
k8s-cluster-checker is a bundle of Python noscripts which can be used to analyze:
- OS version(supports flatcar OS, coreOS & Ubuntu only)
- Kubernetes version
- Docker version
- Admission Controllers
- Security context
- Health probes
And more.
More: https://github.com/dguyhasnoname/k8s-cluster-checker
- OS version(supports flatcar OS, coreOS & Ubuntu only)
- Kubernetes version
- Docker version
- Admission Controllers
- Security context
- Health probes
And more.
More: https://github.com/dguyhasnoname/k8s-cluster-checker
This tutorial covers setting up GitHub workflows to deploy to GKE with Terraform and Workload Identity Federation to avoid service account keys.
More: https://medium.com/@alexey.inkin/making-github-workflows-to-deploy-to-gke-with-terraform-and-workload-identity-federation-074ac83b899c
More: https://medium.com/@alexey.inkin/making-github-workflows-to-deploy-to-gke-with-terraform-and-workload-identity-federation-074ac83b899c
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
💯 Managing 100s of Kubernetes clusters using Cluster API
🚫 When Kubernetes and Go don't work well together
🐓 What we learned from launching edge compute from enterprise architecture
🩺 Kubernetes probes done wrong
ƛ Lambda versus containers
Read it now: https://learnk8s.io/issues/89
🌟 What if you could visualize and map the traffic before enforcing Network Policies?
Then, you should check out the sponsor of this issue: Otterize. Otterize helps you automate Network Policies, Kafka ACLs, certificates and AWS IAMs https://otterize.com/?utm_medium=newsletter&utm_source=learnk8s
💯 Managing 100s of Kubernetes clusters using Cluster API
🚫 When Kubernetes and Go don't work well together
🐓 What we learned from launching edge compute from enterprise architecture
🩺 Kubernetes probes done wrong
ƛ Lambda versus containers
Read it now: https://learnk8s.io/issues/89
🌟 What if you could visualize and map the traffic before enforcing Network Policies?
Then, you should check out the sponsor of this issue: Otterize. Otterize helps you automate Network Policies, Kafka ACLs, certificates and AWS IAMs https://otterize.com/?utm_medium=newsletter&utm_source=learnk8s
Inclavare Containers is a container runtime with a novel approach for launching protected containers in hardware-assisted Trusted Execution Environments, which can prevent an untrusted entity from accessing sensitive and confidential assets.
More: https://github.com/inclavare-containers/inclavare-containers
More: https://github.com/inclavare-containers/inclavare-containers
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with CVS Health
💰 $185.4K to $376K a year
🏠🏃🏻♂️🌎 Woonsocket, RI, USA
→ https://kube.careers/t/2dfd9c01-e497-4597-acc1-5a552840ef94?s=55
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Scale AI
💰 $212K to $254.4K a year
🏠🏃🏻♂️🌎 San Francisco, CA / New York, NY, USA
→ https://kube.careers/t/817bb996-f703-4fc5-8f1b-0cf0b43d7cd2?s=55
DevSecOps Engineer with Glean
💰 $185K to $280K a year
🏠🏃🏻♂️🌎 Palo Alto, CA, USA
→ https://kube.careers/t/384dd05a-a906-4db7-933a-51b15110f87f?s=55
DevSecOps Engineer with Applied Intuition
💰 $65K to $400K a year
🏠 From the office in Mountain View, CA, USA
→ https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55
👉 Browse all 931 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with CVS Health
💰 $185.4K to $376K a year
🏠🏃🏻♂️🌎 Woonsocket, RI, USA
→ https://kube.careers/t/2dfd9c01-e497-4597-acc1-5a552840ef94?s=55
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Scale AI
💰 $212K to $254.4K a year
🏠🏃🏻♂️🌎 San Francisco, CA / New York, NY, USA
→ https://kube.careers/t/817bb996-f703-4fc5-8f1b-0cf0b43d7cd2?s=55
DevSecOps Engineer with Glean
💰 $185K to $280K a year
🏠🏃🏻♂️🌎 Palo Alto, CA, USA
→ https://kube.careers/t/384dd05a-a906-4db7-933a-51b15110f87f?s=55
DevSecOps Engineer with Applied Intuition
💰 $65K to $400K a year
🏠 From the office in Mountain View, CA, USA
→ https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55
👉 Browse all 931 Kubernetes jobs on Kube Careers https://kube.careers
The article discusses using Kyverno for Kubernetes policy management.
It covers different types of policies, including validate, mutate, generate, and verify image rules.
The author also provides examples of how these policies can be implemented.
More: https://devopsforyou.com/kyverno-for-kubernetes-policy-management-part-2-186599f82bf
It covers different types of policies, including validate, mutate, generate, and verify image rules.
The author also provides examples of how these policies can be implemented.
More: https://devopsforyou.com/kyverno-for-kubernetes-policy-management-part-2-186599f82bf
This article provides a step-by-step guide to securing a Kubernetes cluster with OPA Gatekeeper.
You will learn how to install it, enforce policies, and monitor constraint status.
More: https://itnext.io/securing-kubernetes-with-opa-gatekeeper-4f2e05c441a4
You will learn how to install it, enforce policies, and monitor constraint status.
More: https://itnext.io/securing-kubernetes-with-opa-gatekeeper-4f2e05c441a4
Seccomp and AppArmor are common Linux security modules which Kubernetes supports to limit container workload exposure to the kernel.
Learn how to configure them in this article.
More: https://medium.com/@noah_h/kubernetes-security-tools-seccomp-apparmor-586fdc61e6d9
Learn how to configure them in this article.
More: https://medium.com/@noah_h/kubernetes-security-tools-seccomp-apparmor-586fdc61e6d9
Tugger is Kubernetes Admission webhook to enforce pulling of docker images from private registries.
More: https://github.com/jainishshah17/tugger
More: https://github.com/jainishshah17/tugger
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
👩⚕️ How to monitor containerd
🐾 Tracing Kubernetes Services
🤔 How the CSI (container storage interface) works
😈 The hater's guide to Kubernetes
🤯 Demystified node surge upgrade in GKE
Read it now: https://learnk8s.io/issues/90
🌟 LoxiLB turns Kubernetes network load balancing into high-speed, flexible and programmable Load Balancer services. LoxiLB is open source and is also the sponsor of this newsletter. You can check out the project here: https://www.loxilb.io/?utm_source=learnk8s&utm_medium=newsletter
👩⚕️ How to monitor containerd
🐾 Tracing Kubernetes Services
🤔 How the CSI (container storage interface) works
😈 The hater's guide to Kubernetes
🤯 Demystified node surge upgrade in GKE
Read it now: https://learnk8s.io/issues/90
🌟 LoxiLB turns Kubernetes network load balancing into high-speed, flexible and programmable Load Balancer services. LoxiLB is open source and is also the sponsor of this newsletter. You can check out the project here: https://www.loxilb.io/?utm_source=learnk8s&utm_medium=newsletter
This article discusses implementing authentication and authorization using Istio and OPA.
It also explains how to integrate with Helm so that developers can self-serve.
More: https://medium.com/@oryan.peer_72893/authentication-and-authorization-with-istio-and-opa-on-kubernetes-d4452508897c
It also explains how to integrate with Helm so that developers can self-serve.
More: https://medium.com/@oryan.peer_72893/authentication-and-authorization-with-istio-and-opa-on-kubernetes-d4452508897c