Kubernetes & Cloud Native News

Welcome to Kube.news

Technical / Using the Ubuntu Docker image

By Using the Ubuntu Docker image

Published by :mcasperson @ 2022/09/07, 22:45

The official Ubuntu Docker image is the most downloaded image from Docker Hub. With over one billion downloads, Ubuntu has proven itself to be a popular and reliable base image on which to build your own custom Docker images.

https://octopus.com/blog/using-ubuntu-docker-image

Technical / HPA in kubernetes

Published by :ioanab @ 2021/05/18, 09:28

https://around25.com/blog/horizontal-pod-autoscaler-in-kubernetes/

Technical / How Salesforce Operates Kubernetes Multitenant Clusters in Public Cloud at Scale

Published by :Laura L @ 2020/10/30, 13:51

https://vmblog.com/archive/2020/10/30/how-salesforce-operates-kubernetes-multitenant-clusters-in-public-cloud-at-scale.aspx#.X5wYxlNKjlw

Technical / Multi cluster monitoring with Thanos

Published by :Kube Admin @ 2020/01/28, 07:55

https://banzaicloud.com/blog/multi-cluster-monitoring/

Technical / Guide to Kubernetes Egress Network Policies

By Viswajith Venugopal

Published by :Kube Admin @ 2020/01/27, 06:43

Network policies are used in Kubernetes to specify how groups of pods are allowed to communicate with each other and with external network endpoints. They can be thought of as the Kubernetes equivalent of a firewall. As with most Kubernetes objects, network policies are extremely flexible and powerful – if you know the exact communications patterns of the services in your application, you can use network policies to restrict communications to exactly what’s required and nothing more.

https://www.stackrox.com/post/2020/01/kubernetes-egress-network-policies/

Technical / Threat Alert: Exploiting Open Docker Daemons for DDoS Attacks

By aquasec.com

Published by :Kube Admin @ 2020/01/27, 06:41

https://blog.aquasec.com/threat-alert-ddos-attack-docker-daemons

Technical / Setup and Deploy Vitess on Kubernetes (Minikube) for MySQL – Part III of III

By Alkin Tezuysal

Published by :Kube Admin @ 2020/01/21, 20:34

In this blog post, we will continue to explore Vitess and test an example database provided in its repository. This is Part III.

https://www.percona.com/blog/2020/01/15/setup-and-deploy-vitess-on-kubernetes-minikube-for-mysql-part-iii-of-iii/

Technical / Tutorial: How to use Kubernetes Secrets for storing sensitive config data

By Abhishek Gupta

Published by :Kube Admin @ 2020/01/20, 00:04

In this post, we will explore Kubernetes Secrets and how they can be used to store sensitive configuration data which needs to be handled securely e.g. database credentials, API keys etc.

https://dev.to/itnext/tutorial-how-to-use-kubernetes-secrets-for-storing-sensitive-config-data-3dl5

Technical / Templating YAML in Kubernetes with real code

By Daniele Polencic

Published by :Kube Admin @ 2020/01/16, 10:33

TL;DR: You should use tools such as yq and kustomize to template YAML resources instead of relying on tools that interpolate strings such as Helm.

https://learnk8s.io/templating-yaml-with-code

Technical / An excellent (and detailed) presentation on how to code Kubernetes controllers

Published by :Stephane @ 2020/01/16, 00:42

https://speakerdeck.com/govargo/inside-of-kubernetes-controller?utm_sq=g9h5cm0qfu

Technical / Reducing Docker image size and cutting Google Cloud costs

By Matt Zeunert > Blog

Published by :Kube Admin @ 2019/10/22, 01:41

https://www.mattzeunert.com/2019/10/13/reducing-docker-image-size-and-cutting-gcp-cost.html

Technical / LIVENESS PROBES ARE DANGEROUS

Published by :Kube Admin @ 2019/10/07, 01:32

Kubernetes livenessProbe can be dangerous. I recommend to avoid them unless you have a clear use case and understand the consequences. This post looks at both Liveness and Readiness Probes and describes some "DOs" and "DON'Ts"

https://srcco.de/posts/kubernetes-liveness-probes-are-dangerous.html

Technical / Monitoring blocked and passthrough external service traffic

Published by :Kube Admin @ 2019/10/07, 01:10

Understanding, controlling and securing your external service access is one of the key benefits that you get from a service mesh like Istio. From a security and operations point of view, it is critical to monitor what external service traffic is getting blocked as they might surface possible misconfigurations or a security vulnerability if an application is attempting to communicate with a service that it should not be allowed to. Similarly, if you currently have a policy of allowing any external service access, it is beneficial to monitor the traffic so you can incrementally add explicit Istio configuration to allow access and better security your cluster. In either case, having visibility into this traffic via telemetry is quite helpful as it enables you to create alerts and dashboards, and better reason about your security posture. This was a highly requested feature by production users of Istio and we are excited that the support for this was added in release 1.3.

https://istio.io/blog/2019/monitoring-external-service-traffic/

Technical / A Practical Guide to Setting Kubernetes Requests and Limits

Published by :Kube Admin @ 2019/10/07, 01:09

Setting Kubernetes requests and limits effectively has a major impact on application performance, stability, and cost. And yet working with many teams over the past year has shown us that determining the right values for these parameters is hard. For this reason, we have created this short guide and are launching a new product to help teams more accurately set Kubernetes requests and limits for their applications.

http://blog.kubecost.com/blog/requests-and-limits/

Technical / Upgrade to Istio 1.3 using the operator with ease

By Zsolt Varga

Published by :Kube Admin @ 2019/10/01, 01:11

In this post, we’ll be outlining how to easily upgrade Istio control planes to 1.3 with the Banzai Cloud Istio operator, within a single-mesh multi-cluster topology or across a multi-cloud or hybrid-cloud service mesh.

https://banzaicloud.com/blog/istio-operator-1.3/

Technical / Adopting Istio for a multi-tenant kubernetes cluster in Production

By Vishal Banthia

Published by :Kube Admin @ 2019/09/10, 18:17

https://medium.com/@vbanthia/adopting-istio-for-a-multi-tenant-kubernetes-cluster-in-production-df1a8260ca24

Technical / What is a Service Mesh?

By Matthew Casperson / Octopus

Published by :mcasperson @ 2019/09/10, 03:10

If you have used Kubernetes for any length of time, you will have heard the term Service Mesh. Several big companies are backing service mesh projects, such as Google with Istio and the Cloud Native Computing Foundation with Linkerd.

So what is a Service Mesh, and how is it different from the standard Service and Ingress resources native to Kubernetes?

https://octopus.com/blog/what-is-a-service-mesh

Technical / Building a Kubernetes platform at Pinterest

By Pinterest Engineering

Published by :Kube Admin @ 2019/09/03, 05:47

https://medium.com/pinterest-engineering/building-a-kubernetes-platform-at-pinterest-fb3d9571c948

Technical / Kubernetes Web UIs

By Henning Jacobs

Published by :Kube Admin @ 2019/08/30, 01:31

This post takes a look at different open source Kubernetes web UIs.

https://srcco.de/posts/kubernetes-web-uis-in-2019.html

Technical / Least Privilege in Kubernetes Using Impersonation

Published by :Kube Admin @ 2019/08/23, 16:08

Kubernetes supports the concept of ‘impersonation’ and we’re going to look at the user & group configuration that we created using impersonation to enable a least-privilege type of access to the cluster, even as an administrator, to ensure that it was more difficult to accidentally perform unwanted actions, while keeping the complexity level low.

https://johnharris.io/2019/08/least-privilege-in-kubernetes-using-impersonation/