The article is about how Adevinta, a company that provides an internal developer platform based on Kubernetes, enabled mixed-architecture deployments with ARM and x86 nodes. The article describes the challenges, solutions, and benefits of using a mutating webhook called Noe to automatically adjust node affinities based on the container images' supported architectures. The article also announces that Noe is open-sourced and invites the community to collaborate and improve it.
https://medium.com/adevinta-tech-blog/transparently-providing-arm-nodes-to-4-000-engineers-c09c92314f2f
https://medium.com/adevinta-tech-blog/transparently-providing-arm-nodes-to-4-000-engineers-c09c92314f2f
Medium
Transparently providing ARM nodes to 4,000 engineers
How we distribute our workloads across different CPU architectures inside our Kubernetes clusters without human intervention
👍3🔥2❤1
🐧 The immutable Linux meta-distribution for edge Kubernetes.
https://github.com/kairos-io/kairos
https://github.com/kairos-io/kairos
GitHub
GitHub - kairos-io/kairos: The immutable Linux meta-distribution for edge Kubernetes.
The immutable Linux meta-distribution for edge Kubernetes. - kairos-io/kairos
👍3🤯2❤1❤🔥1
A Golang Tool to discover unused Kubernetes Resources
https://github.com/yonahd/kor
https://github.com/yonahd/kor
GitHub
GitHub - yonahd/kor: A Golang Tool to discover unused Kubernetes Resources
A Golang Tool to discover unused Kubernetes Resources - GitHub - yonahd/kor: A Golang Tool to discover unused Kubernetes Resources
👍5💯2🔥1🎉1
The article is about how to use Istio, a service mesh for Kubernetes, to implement authentication and authorization policies for microservices. The article demonstrates how to enable mutual TLS encryption, JWT authentication, and RBAC policies to secure service-to-service communication. The article also provides code examples and commands to configure and test the policies.
https://www.infracloud.io/blogs/istio-authentication-authorization-policies/
https://www.infracloud.io/blogs/istio-authentication-authorization-policies/
InfraCloud
Guide to Istio’s Authentication and Authorization Policies
Learn how Istio's authentication and authorization policies enhance security in microservices. Get a comprehensive guide to implementing robust access control.
👍4👏2🤯2
Marvin is a CLI tool that scans a k8s cluster by performing CEL expressions to report potential issues, misconfigurations and vulnerabilities.
https://github.com/undistro/marvin
https://github.com/undistro/marvin
GitHub
GitHub - undistro/marvin: Marvin is a CLI tool that scans a k8s cluster by performing CEL expressions to report potential issues…
Marvin is a CLI tool that scans a k8s cluster by performing CEL expressions to report potential issues, misconfigurations and vulnerabilities. - undistro/marvin
👍4🎉2❤1❤🔥1
A developer who shares his experience of learning eBPF, a technology that allows the creation of programs that interact with the Linux kernel.
https://www.kungfudev.com/blog/2023/10/14/the-beginning-of-my-ebpf-journey-kprobe-bcc
https://www.kungfudev.com/blog/2023/10/14/the-beginning-of-my-ebpf-journey-kprobe-bcc
KungFuDev
The beginning of my eBPF Journey - Kprobe Adventures with BCC
Embark on a fascinating journey into the realm of eBPF programming through this blog post. We kickstart our exploration with Kprobe, a dynamic tracing tool in the Linux kernel, by delving into a simple 'Hello World' and other experiment using BCC.
❤3👍3🤯2
A network load-balancer implementation for Kubernetes using standard routing protocols
https://github.com/metallb/metallb
https://github.com/metallb/metallb
GitHub
GitHub - metallb/metallb: A network load-balancer implementation for Kubernetes using standard routing protocols
A network load-balancer implementation for Kubernetes using standard routing protocols - metallb/metallb
🔥3👍2❤1❤🔥1
The challenges and solutions of gRPC load balancing in Kubernetes, a platform for deploying microservice applications.
The authors describe how they implemented a custom DNS resolver class that uses a push-based mechanism to update the IP list of available backend servers, instead of relying on the default pull-based DNS resolution that is inefficient and unsynchronized.
https://citymall.engineering/redefining-grpc-load-balancing-the-power-of-custom-dns-in-kubernetes-126ecc3cfb6c
The authors describe how they implemented a custom DNS resolver class that uses a push-based mechanism to update the IP list of available backend servers, instead of relying on the default pull-based DNS resolution that is inefficient and unsynchronized.
https://citymall.engineering/redefining-grpc-load-balancing-the-power-of-custom-dns-in-kubernetes-126ecc3cfb6c
Medium
Efficient Load Balancing in Kubernetes: gRPC and the Role of Custom Push-Based DNS Resolution
CONTEXT
👍3🔥2❤1🎉1
A Kubernetes web UI that is fully-featured, user-friendly and extensible
https://github.com/headlamp-k8s/headlamp
https://github.com/headlamp-k8s/headlamp
GitHub
GitHub - kubernetes-sigs/headlamp: A Kubernetes web UI that is fully-featured, user-friendly and extensible
A Kubernetes web UI that is fully-featured, user-friendly and extensible - kubernetes-sigs/headlamp
👍3❤2❤🔥1🔥1
underlay network and rdma solution of cloud native, for bare metal, VM and public cloud environment
https://github.com/spidernet-io/spiderpool
https://github.com/spidernet-io/spiderpool
GitHub
GitHub - spidernet-io/spiderpool: Underlay and RDMA network solution of the Kubernetes, for bare metal, VM and any public cloud
Underlay and RDMA network solution of the Kubernetes, for bare metal, VM and any public cloud - spidernet-io/spiderpool
👍4🔥2💯2
The article delves into how chaos engineering helps in proactively identifying potential system failures in modern cloud applications, thereby averting costly outages. It further elaborates on the application of chaos engineering in security testing, dubbed Security Chaos Engineering (SCE), to ensure systems respond appropriately to common threats by conducting controlled experiments that inject failures into various components like servers and database
https://www.datadoghq.com/blog/chaos-engineering-for-security/
https://www.datadoghq.com/blog/chaos-engineering-for-security/
Datadog
Security-focused chaos engineering experiments for the cloud | Datadog
Learn how to approach chaos engineering experiments with the security of your cloud resources in mind.
👍4🔥2❤1❤🔥1
KrakenD Community Edition: High-performance, stateless, declarative, API Gateway written in Go.
https://github.com/krakend/krakend-ce
https://github.com/krakend/krakend-ce
GitHub
GitHub - krakend/krakend-ce: KrakenD Community Edition: High-performance, stateless, declarative, API Gateway written in Go.
KrakenD Community Edition: High-performance, stateless, declarative, API Gateway written in Go. - krakend/krakend-ce
❤2👍2👏2
The blog post discusses the application of chaos engineering to intentionally induce failures in distributed systems, aiding in assessing their resilience and improving the observability stack at Coroot. Through simulated network failures, the post explores how such disruptions can be detected in a distributed environment, providing insights into ensuring accurate identification of different failure scenarios
https://coroot.com/blog/chaos-driven-observability-spotting-network-failures
https://coroot.com/blog/chaos-driven-observability-spotting-network-failures
Coroot
Chaos-driven observability: spotting network failures in a Kubernetes cluster
Detecting network issues with Coroot
❤3👍3❤🔥2
The blog post recounts a real-world scenario where a Kubernetes API was overwhelmed by numerous requests, detailing the troubleshooting process and the implemented solution to stabilize the system. Through creating and deploying FlowSchema and PriorityLevelConfiguration manifests, the authors were able to manage request flows efficiently, thereby restoring and optimizing the Kubernetes cluster's performance
https://blog.palark.com/kubernetes-api-flow-control-management/
https://blog.palark.com/kubernetes-api-flow-control-management/
🔥6👍2👏2
Mutating Webhook to dynamically add tolerations based on detected image architectures
https://github.com/PeterGrace/tolerable
https://github.com/PeterGrace/tolerable
GitHub
GitHub - PeterGrace/tolerable: Mutating Webhook to dynamically add tolerations based on detected image architectures
Mutating Webhook to dynamically add tolerations based on detected image architectures - PeterGrace/tolerable
👍3❤2👎1💯1
The blog post elucidates the author's journey with Argo Workflows, highlighting its effectiveness for infrastructure automation and its advantage over Jenkins. Through personal experiences, the author shares mistakes made, lessons learned, and certain developed patterns to assist readers in avoiding similar pitfalls. The blog's objective is to impart the acquired knowledge and patterns which are conducive to a more efficient utilization of Argo Workflows
https://hodgkins.io/argo-workflow-proven-patterns-from-production
https://hodgkins.io/argo-workflow-proven-patterns-from-production
hodgkins.io
Argo Workflows - Proven Patterns from Production
Discover hard-earned insights on leveraging Argo Workflows for infrastructure automation. This guide outlines essential lessons, from managing workflow TTL and pod garbage collection to running synthetic tests with CronWorkflow. Plus, explore advanced patterns…
👍3❤2❤🔥1💯1
A set of modern Grafana dashboards for Kubernetes.
https://github.com/dotdc/grafana-dashboards-kubernetes
https://github.com/dotdc/grafana-dashboards-kubernetes
GitHub
GitHub - dotdc/grafana-dashboards-kubernetes: A set of modern Grafana dashboards for Kubernetes.
A set of modern Grafana dashboards for Kubernetes. - dotdc/grafana-dashboards-kubernetes
👍4❤2🔥2