Rate-limiting is an effective and simple way to mitigate cascading failure and shared resource exhaustion. Envoy is a feature rich proxy which allows for the easy addition of rate limiting, to any service. This post walks through configuring envoy to enforce rate limiting without changing any application level configuration.
Kube-hunter is a tool that you can use to scan and secure your Kubernetes clusters. The tool was developed to increase awareness and visibility for security issues in Kubernetes environments. Tesla was one of the companies that have left hundreds of Kubernetes administration consoles accessible over the internet without security measures or password protection. scanning and monitoring changes on containers may help to avoid similar situations.
This operator is a Kubernetes controller framework that can watch any Kubernetes Object that you specify and will just execute a shell command in a subshell on any change to that Object.
The usecase of this operator is for Kubernetes Cluster Administrators to be able to automate any workflow in their cluster based on Kuberenetes Object change events without having to write the Kubernetes watch boilerplate everytime. It is NOT intended as a way for any Kubernetes user to send an arbitrary shell command into the shell-operator pod.
This tutorial explains how to create a kubeconfig file to authenticate to a self hosted Kubernetes cluster. If you use a hosted solution like GKE or AKS, you get the benefit of the cloud-providers Auth system. If it is self hosted, then it lacks this luxury. This guide helps you to create a service account on Kubernetes and create a kubeconfig file that can be used by kubectl to interact with the cluster.
This is part 4 of a multipart series which covers the programmability of the Kubernetes API using the official clients. This post covers the use of the Kubernetes Go client, or client-go, to implement a simple PVC watch tool which has been implemented in Java and Python in my previous posts.
Deploying an application is traditionally the most challenging part of the software delivery process. No two machines are the same, the guy who usually does the deployments is on vacation, and risk of disrupting production is ever looming. Without proper automation and safety checks, it can be a very daunting process.