🤔 Should you run a Kubernetes cluster with many smaller instances or a few larger ones?

This article explores the pros/cons:

📊 Resource allocations
📝 Optimal node capacity
⚖️ Scaling considerations
🌊 Bandwidth implications
♻️ IP recycling
📦 Storage

https://learnk8s.io/kubernetes-node-size

This week on the Learn Kubernetes Weekly:

📺 How to integrate legacy VMs into container pipelines
📈 Kubernetes-native synthetic monitoring
📐 Choosing a worker node size
📥 Configuring local ingress domains
🤝 Manually scheduling pods

Read it now: https://learnk8s.io/issues/40

There are many factors to consider when deciding how Kubernetes secrets are managed and injected into containers.

This blog post will discuss the most popular approaches available for Kubernetes Secrets management.

More: https://doppler.com/blog/kubernetes-secrets-management-in-2022

Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!

What should you expect?

- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.

The course starts this September and you can sign up here: https://learnk8s.io/online-advanced-september-2023

Checkov is a static code analysis tool for infrastructure as code and also a software composition analysis tool for images and open-source packages.

It scans cloud infrastructure provisioned using Terraform, Kubernetes, Helm charts, Kustomize, and more.

More: https://github.com/bridgecrewio/checkov

In this tutorial, you will learn how to authenticate users to your apps deployed in Kubernetes using Nginx-ingress, Oauth2 and Azure AD.

More: http://work.haufegroup.io/secure-your-application-with-k8s-nginx-ingress-oauth2-azuread

KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure that applications adhere to best practices.

More: https://github.com/stackrox/kube-linter

What's the salary range for a Kubernetes engineer?

Do you need a Kubernetes certification to apply for a job?

What technologies should I learn next to land my next job?

We analyzed 123 Kubernetes jobs for the second quarter of 2023 and found that:

- The average Kubernetes job pays €80,864 in Europe and $129,802 in North America.
- 87% of the total listings are seeking senior engineers.
- There's a significant drop in fully-remote positions (from 22% in 2022 to 2% today).
- GitLab CI isn't the top CI tool (with 21% mentions): Jenkins (37%) has passed it again 😭.

You can read the report here: https://kube.careers/state-of-kubernetes-jobs-2023-q2

This week on the Learn Kubernetes Weekly:

🧚‍♀️ Fairness, pricing, and burstable CPUs
💪 How to debug errors like a pro
🗜️ Optimizing interzone egress cost
👮🏻‍♂️ Fine-grained pod topology spread policies
🤫 State of Kubernetes secrets management

Read it now: https://learnk8s.io/issues/41

In this post, you will learn how to apply various Pod security standards in Amazon EKS.

More: https://aws.amazon.com/blogs/containers/implementing-pod-security-standards-in-amazon-eks

Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!

What should you expect?

- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.

The course starts this September and you can sign up here: https://learnk8s.io/online-advanced-september-2023

In this 2-part tutorial, you will learn how to set up a Keycloak instance with Postgres on Kubernetes and then improve the setup to support high availability and failure tolerance.

More: https://blog.brakmic.com/keycloak-with-postgresql-ha-on-kubernetes

This article discusses the importance of static checking and validation of YAML files in the development lifecycle of Kubernetes resources.

More: https://blog.codewdhruv.com/validate-clean-secure-k8s-yaml-files

Join a 3-part, free educational program on Kubernetes cost optimization & efficiency:

📏 How to size your cluster for efficiency
🤏 Combining autoscalers for minimal resource allocations
⚖️ Dynamically rebalancing workloads

👉 bit.ly/k8s-optimize-1

This guide shows the step-by-step implementation of a multi-node HA Vault setup in Kubernetes using dynamic credentials through the Vault AWS secrets engine.

More: https://awstip.com/deploying-vault-ha-with-integrated-storage-in-kubernetes-using-aws-dynamic-secrets-engine-with-24b36a951f6f

This week on the Learn Kubernetes Weekly:

🤝 Kubernetes contributions
⬆️ EKS upgrade journey from 1.26 to 1.27
🎖️ Quality-of-Service for memory resources
⚖️ Multus workloads with loxilb
💸 Cost of regional clusters—cross zonal egress

Read it now: https://learnk8s.io/issues/42

In this article, you'll follow Amir's journey in debugging a too-strict NetworkPolicy in GKE that prevented the gcloud CLI from fetching Service Accounts from the metadata server.

More: https://amirbilu.medium.com/how-i-ended-up-debugging-google-clouds-cli-to-get-my-kubernetes-application-to-run-9adba1c78d9

In this repository, you will find online curated resources that will help you prepare for taking the Kubernetes Certified Kubernetes Security Specialist (CKS) exam.

More: https://github.com/walidshaari/Certified-Kubernetes-Security-Specialist

In this article, you will discuss secrets management in Kubernetes:

- Secrets objects.
- Managing Kubernetes Secrets.
- Manual Secret Creation.
- Secrets in CI/CD pipelines.
- Kubernetes Secrets Store Container Storage Interface.

More: https://itnext.io/kubernetes-owasp-top-10-secrets-management-c996faa87b47

KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems.

It scans runtime Kubernetes clusters and CI/CD pipelines for enhanced software supply chain security.

More: https://github.com/openclarity/kubeclarity

This week on the Learn Kubernetes Weekly:

🗣️ Container-to-container comms
🏎️ From 0 to 10'000 Jenkins builds a week
💻 From a laptop to a containerized app
🔗 Multus for Rook Ceph networking
5️⃣ Network namespace and 5 of its use cases

Read it now: https://learnk8s.io/issues/43