Kubecost is a project we have been keeping our eye on for some time – and with the launch of their new project, Opencost, we thought it was a great time to bring Webb Brown on the podcast to chat. We covered a whole range of topics and highly suggest you check out the show. For this week's newsletter we are going to focus on understanding where your bills are coming from and specifically how kubecost helps figure that out. 🤑
With KubeCon EU wrapped up, we wanted to turn our attention to some work happening in K8s, best practices, along with some of the newer Sandbox projects. Hope everyone who participated in Valencia has traveled safely back home, and has a lot of new ideas to work with! 💡
In the lead up to KubeCon we find ourselves with a new release of Kubernetes! Congrats and a big thank you to everyone who worked hard to create and ship Kubernetes 1.24 over the past few months. Stay tuned as the major distros are probably all working hard to get 1.24 support added as soon as possible so we can all easily try out the latest bits! With the first release of 2022, we are focusing this issue on some of the new changes that are out, and trying to help you stay up to date! 🗓️
We had the pleasure of bringing Tim Hockin on the show to talk about a wide range of topics. As some of you know Tim is an early contributor and co-founder of kubernetes. Tim has been helping to guide our community over the last 6 years. In this week's newsletter we are gonna dive into some of the topics that we discussed on the podcast.
Keeping your clusters up to date can bring you security and stability but also a whole lot of anxiety. Good cluster hygiene is a must in k8s world but there are a whole lot of challenges with patching and upgrading the thing that runs your production systems! In this week's issue we are going to go through some sane paths and good tips on how to upgrade Kubernetes safely.
Security is always on the top of our minds, but with recent world events the importance of hardening our own infrastructure has been put front and center. Today, we wanted to share some guidelines and benchmarks that you can use when trying to figure out if you've implemented the industry best practices in your clusters. So here we go, let's talk about the best practices in securing a Kubernetes cluster.
The schedule for Kubecon EU is out and there's a lot of interesting and insightful talks to uncover. By no means is this exhaustive, but we are going to highlight a few talks we will be watching and hopefully attending. There is sooo much here, so feel free to tweet @ us about other talks you think we should have on our radar. It’s kid in a candy store time! 🍭
Today we have a new episode of the podcast out with Nick Santos from Tilt. Tilt is a developer tool to make it easier to develop a modern application that’s based on microservices and most likely Kubernetes. The conversation ranged from the origin story of Tilt to where the CNCF and great ecosystem is headed. It was both fun and informative and generally a great chat! 🎙️
Apparently someone hired Martin Scorsese to make a documentary about Kubernetes, and it's the talk of the town. So that part about Scorsese is a joke, but it's really well done and worth the watch, if you wanna know how k8s got off the ground and challenges it faced along the way. As your weekly resource for all things k8s / CNCF we had to make sure it was on everyone's radar! This week we are gonna highlight some of the stars of the documentary and take stock of how far we have all come as a community! ⭐
On this week’s episode of the Kubelist podcast, Jake Moshenko and Jimmy Zelinskie from Authzed joined us to discuss SpiceDB, their open source implementation of the Zanzibar project. Listen to this episode if you are thinking about adding a robust authorization feature to your app, or if you have one that’s a little painful to maintain. Jake and Jimmy have clearly been thinking a lot about this problem! 🎧
We wanted to use this week’s newsletter to dive deeper into GitOps and why it has become a standard practice especially in the CNCF world. I’m sure most of you have heard the term and many of you implement or use aspects of it daily, but we are going to examine when it came about, best practices around it and some tangible examples that you might be able to apply to your everyday processes.
It’s been a while since we’ve dug into Helm! Since the Helm team just shipped 3.8.0, it’s time to dedicate another Kubelist newsletter to this project. Helm is now a graduated project, and is one of (if not the top) most popular ways to consume OSS applications in Kubernetes. You know Helm, so let’s just dig into this week's links! 🎓
On this week’s episode of the Kubelist podcast, we talked with Michelle Nguyen and Natalie Serrino from CNCF sandbox project Pixie. They taught us all about eBPF and the codeless observability Pixie brings to a cluster. Pixie was so impressive that the day after recording this we implemented Pixie on our clusters and haven’t looked back! I know I say this every time but I learned so much and was just blown away by their product, a must listen episode!
Let’s go on to the newsletter links! We are going to focus on observability / telemetry and how to gather those things with an eBPF bias for this week, let's dig in.
Another year, another TOC meeting, and more projects to look at! We skipped the sandbox inclusion episode near the end of 2021, so we have a lot to talk about this time. In the most recent TOC Sandbox inclusion meeting, only one project was added, but there are a few other interesting projects looking to find the right place. We have everything in this issue from dev environments, production systems, and a new eBPF project!
Welcome back, and welcome to 2022! To kick off the new year, we thought we could share some news, blog posts, and projects related to protecting your cluster from ransomware.
Holiday break is upon us, eggnog, family time, escaping to your computer to do some “work”, it’s that time of year again! We thought we would take this opportunity to highlight a few fun projects that will give you that needed distraction but also might bring some value to your downtime and definitely a smile.
With the holidays right around the corner and some much needed R&R on the horizon we are taking a look at some concepts to help you enjoy your festivus with a little less anxiety. Remember we are all SRE’s now with powerful tools at our fingertips, we just have to make sure we understand best practices so we can all enjoy the break! ☃️
Right on time, we find ourselves with a new release of Kubernetes! Congrats and a big thank you to everyone who worked hard to create and ship Kubernetes 1.23 over the past few months. Stay tuned as the major distros are probably all working hard to get 1.23 support added as soon as possible so we can all easily try out the latest bits! With the last release of 2021, we are focusing this issue on some of the new changes that are out, and trying to help you stay up to date! 🎉
We decided to mix it up this week and go back to basics. We’re taking a look at your registry options in today's container landscape. From rolling your own local registry, to using a hosted service – there are lots of options out there. We picked six good ones, but we know there are many more! Feel free to send us some registry pro tips on Twitter!
On this week’s episode of the Kubelist podcast, Benjie and I talked to Chandler Hoisington from AWS about EKS Anywhere. If you haven’t heard of EKS Anywhere, Chandler does a great job explaining it and why you should consider using it as your distro. It’s not easy to run a managed K8s service, and it’s even harder to run it in customer-environments (I know this first hand!).
Let’s go on to the newsletter links! As you might have guessed, this issue of the newsletter is going to be focused on the work AWS is doing to commoditize adoption of Kubernetes under the EKS name.
On the most recent episode of the Kubelist podcast, we had a conversation with Matt Butcher and Taylor Thomas who are two of the engineers behind Krustlet (and some other projects that you might know). This episode was eye opening for us -- the future of WebAssembly on the server seems bright, and this project is doing some pretty creative and clever integrations into the Kubernetes API. WebAssembly might be early, but we are hopeful as it’s maturing quickly!
KubeCon NA 2021 is right around the corner – and we're getting pretty excited to attend either virtually or IRL with our CNCF family! The entire schedule looks amazing. This week we're highlighting a few sessions and co-located events that we are looking forward to. It’s so hard to pick just 6 to call out here – so please tweet at us some other talks y’all are excited to hear as well!
I think we all know the value of securing our Kubernetes cluster using RBAC, and keeping intruders from gaining access to the Kubernetes API. But if the default, out of the box, RBAC experience isn’t fine grained enough for you, or if you just want to learn more about how Kubernetes RBAC works and what options are out there, this issue is for you. We’ve collected some of the latest and most interesting blogs, tutorials, and tools (OSS of course) that can help you lock down the RBAC policies in your cluster.
Let’s take a quick look at some of the new projects that have been added to the CNCF sandbox this week. It’s a long road and takes a whole lot of time to graduate; so we hope it’ll be informative to check in on these projects from time to time as they mature.
When running a Kubernetes cluster, understanding the health of the services running on your clusters is job number one. Thanks to Google and their SRE handbook we have a pretty good idea of how to do this. So, without further ado let's jump into some ways to measure health (or SLOs and SLIs).
This week, we have a new episode of the Kubelist Podcast with Dan Lorenc to talk about sigstore. Supply chain attacks and security is a hot topic, but Dan has been thinking about it and working on it for a while.
Kubernetes 1.22 has dropped with a whole lot of enhancements (53) which makes it the single largest release to date! The momentum of the k8s project continues to be impressive. Let’s dive into what’s new!
This week's episode of the Kubelist Podcast was a conversation with Rick Spencer from InfluxData. Influx has been running K8s in production for a while now and has the battle scars to prove it. Rick's honesty about what was challenging was a refreshing and good look.
On this week's episode of the Kubelist Podcast, Benjie and I had some time to talk to Miguel Ángel Ajo and Stephen Kitt of Red Hat. Submariner is all about multicluster networking. We love this project and think it's solving problems that are becoming more and more obvious as Kubernetes adoption increases. This week, we are sharing some Submariner links and tutorials to learn more!
Once you have a Kubernetes cluster, it’s fun to see what it can handle. This week we are going to take a look at some scaling stories from the CNCF ecosystem and get a feel for what people are accomplishing in the real world with K8s.
On this week’s episode of the Kubelist podcast, Keith Basil from SUSE (via Rancher) joined to talk about K3s, simplifying software, and much more. We talked about other projects (Longhorn, RKE) but really kept coming back to the impressive K3s project. Personal highlight was running K3s on Raspberry PIs in SPACE in a Satellite to perform image recognition against a baby Yoda doll... what else is there to say?
Now that ArtifactHub is officially at 1.0.0, we thought it was time to take a deeper look at what it does, where it came from, and how we can use it. As many of you know, standardization around Kubernetes and the CNCF ecosystem is an ever-changing landscape, but let's try to figure out if we have found the holy grail of package management for k8s.
It’s that time again when the Technical Oversight Committee (TOC) met and voted to include some new projects into the CNCF Sandbox. We are super excited to learn about these projects, and share some of them with you this week. It looks like we have some podcasts to record to dig deeper into each of these projects soon!
For years the rule of thumb in Kubernetes land was “Don’t run your own DB!” Things have begun to change and this week we are going to look at a few of the options out there. Using a managed database service has always served us well but at Kubelist we always want to stay on top of the latest recommendations, and we think it’s totally acceptable to run databases (and other stateful services) in Kubernetes these days! 🏃🏽♀️
Software supply chain attacks are on the rise and making headlines almost every day. Luckily, there are many good tools available in the cloud native ecosystem to help secure your supply chain. I’m wondering what we’ll see in the upcoming KubeCon about this topic too! In the meantime, here are a few great links we’ve been reading lately to better understand what’s happening with these hacks.
It’s time again to do a roundup of new and exciting projects the CNCF TOC (Technical Oversight Committee) have recently accepted into the Sandbox. As always this isn’t an exhaustive list of what’s been added, so check out the CNCF Site for the latest list (and subscribe to the Kubelist Podcast).
Tune in to episode 16 of the Kubelist Podcast with Josh Dolitsky. Josh is a maintainer of the Open Container Initiative (OCI) project. There’s a surprising amount of cool work happening in this project that’s taking Docker registries and adding a pile of great new use cases on top.
We started and wrapped up Kubecon EU last week, and what a conference it was. Between virtual CTF (Capture The Flag) and great keynotes, there was a lot to take in and digest! In this week’s newsletter, we’re sharing some of our favorite moments from Kubecon. Make sure to let us know on Twitter if we missed anything!
On this week’s Kubelist Podcast we sit down with Evan Cordell from RedHat and chat about the past, present and future of the incubating Operator Framework project. For the newsletter, we’re going to take a deep dive into operators and how they fit in the Kubernetes ecosystem; and look at the challenges and tools associated with them. Make sure to checkout Operatorhub for a list of what's already out there!
Jim Bugwadia and Ritesh Patel from Nirmata joined me on episode 14 of The Kubelist Podcast to talk about Kyverno. This is another new CNCF Sandbox project, and Jim and Ritesh did a great job explaining the unique value proposition of Kyverno on the episode. If policy enforcement and simplifying some operations by using YAML is something you are looking at or working on, it might be good to give Kyverno a look.
On episode 13 of The Kubelist Podcast, I was joined by Tzury Bar Yochay and Justin Dorfman from Reblaze to talk about Curiefense. This project was added to the CNCF Sandbox recently, and is unique in the ecosystem. Curiefense is an Envoy-proxy based web application firewall that you can run in your own cluster. Give the podcast episode a listen today; Tzury and Justin do a great job explaining what a WAF is and how Curiefense operates. I’m excited to see more high quality security-focused projects in the CNCF ecosystem!
This week, we’re going to dive into some new Kubernetes 1.21 features, and see what’s the latest and greatest in the ecosystem. Bonus: Docker 1.20 is supported by kubeadm now! Let’s get going!
Let’s talk about Istio. Tune in to the podcast episode released today, where Craig Box from Google joined me to discuss the history and benefits of Istio. The conversation was really eye-opening, and helped me get a much better understanding of why Istio, and how Istio compares to other platforms. In this episode Craig also does a good job of demystifying Istio (if it’s a mystery to you). While Istio is not a CNCF project, I don’t feel like we are breaking our character of discussing projects in the CNCF ecosystem, because Istio works well with Kubernetes and is built on top of Envoy.
Recently, the CNCF TOC (Technical Oversight Committee) changed the requirements and application process in order to make it easier to get projects accepted into the Sandbox. This has been a welcome change as we’ve seen more projects than ever included earlier in their lifecycle. In this week’s issue, we are pointing to some of the new projects included in the Sandbox so far in 2021. This isn’t an exhaustive list of what’s been added, so check out the CNCF Site for the latest list (and subscribe to the Kubelist Podcast 😉).
It wasn’t that long ago (KubeCon 2018) that Open Policy Agent (OPA) was a Sandbox project, and now it's a CNCF graduate! OPA is a declarative policy system that has its own DSL; so you can control what/who can access not only your cluster but all of your cloud native resources. In this week's issue we dive into why OPA exists, what problems OPA tackles, and of course some real world experiences and gotchas using the ecosystem that has formed around it.
We’ve decided to go a little meta this week with the topic. Instead of diving into a specific area of Kubernetes or the CNCF projects, let’s take a minute to look at some of the other great newsletters and podcasts out there. We know how much work and how fun it is to produce a weekly show or newsletter, and every one of the resources on this list is just amazing. We are really proud of our own Kubelist Podcast and this weekly newsletter, but subscribe and listen to these also:
Sometimes you just want a local Kubernetes cluster on your laptop to use with development. Should you just enable the Kubernetes distribution that’s built into Docker? Or are there better options out there? In this week’s issue, we are sharing some links to posts and talks from people who have spent a lot of time solving this problem and are kind enough to share some advice. The tl;dr here is that there is no clear and obvious “best” cluster for local development, but if you are thinking about this problem, check out the links below for more data.
On today’s episode of the Kubelist Podcast, I had a conversation with Lee Mills and Matt Clarke from Spotify. Lee is the engineer manager working on the Backstage project, while Matt is a Sr Infrastructure Engineer. Backstage was recently donated to the CNCF as a Sandbox project. On the podcast, Lee and Matt explain the inspiration for Backstage and really help us understand the origins and direction of the project. Spoiler: it’s a pretty good idea and they’ve done a great job getting it off the ground. To keep the theme going this week, here are some of our favorite newer and older links about the Backstage project!
Today’s episode of the Kubelist Podcast is with Daniel Mangum from Upbound, discussing the Crossplane project. Crossplane is a Sandbox project that allows users to define Compositions of infrastructure and then deploy the infrastructure right alongside an application. This is a really cool approach to managing infrastructure as data. In this week’s newsletter, we share some links for getting started and stories from users using Crossplane.
Kubernetes has a built-in Kind called Secrets to store and pass sensitive configuration data to Pods. It’s popular – almost everyone running a cluster uses Secrets. Since it’s a Secret, it must be protected in a reasonable way by implementing best security practices, right? It can be, but it’s not always. It depends on the configuration of your cluster; and you shouldn’t assume that the defaults are the best settings from a security perspective.
In this issue, we share ways to understand and manage Kubernetes Secrets. Security isn’t binary, it’s a scale. You’ll have to make a decision about where you are comfortable on this scale, and our goal is to provide information to help you make that decision.
On today’s episode of the Kubelist Podcast I had a conversation with Dan (“Pop”) from Sysdig. Pop is the Lead of Opensource Ecosystem and Community, specifically Falco, but has been at Sysdig in various roles before finding his current role. He’s extremely knowledgeable and passionate about helping everyone run a secure cluster. If you aren’t already subscribed to his podcast, subscribe to the POPCAST and get ready for season 2.
Whether you are a Sysdig commercial customer or not, Falco is going to give you confidence in your cluster. Runtime security is important, and as mentioned in the podcast, “the kernel doesn’t lie”. Falco is connected to and listening to events where they occur (in the kernel) and you won’t find a better tool to detect unusual or insecure activity.
In this issue, we are sharing a few links and tutorials to help you run Falco, but this episode is the best explanation of the project possible.
Now that it’s become more common to run stateful workloads on Kubernetes, backup (and restore) starts to become more important. Remember that the scheduler can stop, move, restart and control the lifecycle of a component that has critical and irreplaceable data. To deal with this, it’s often recommended to choose a cloud-native database or stateful component that is built to operate in a Kubernetes environment. But even so, having a good and reliable backup stored outside of the cluster (or even the region) is at least a good idea, and possibly even a requirement to maintain SOC-2 compliance.
The good news is that there are several good tools that can handle backup and restore of data sitting inside a Kubernetes cluster. There’s a lot of overlap between these different utilities, but each has some nuances and specialities. In this issue of the newsletter, we’ve shared some of our favorite blog posts and articles comparing or walking through using Kubernetes-native backup and restore tools.
When running Kubernetes, the amount of YAML you’ll see on a daily basis is staggering. Joe Beda (one of the Kubernetes founders) recently joked about giving a talk titled “I’m sorry about the YAML”. While we can laugh about the amount of YAML, it is an error prone syntax, and it can be easy to make some mistakes. There are a few tools available to help validate and write your Kubernetes manifests. This week, we are looking at some of the methods of validating YAML before deploying, including Open Policy Agent, and a couple of utilities from Gareth Rushgrove. Hopefully the links below will help you see how to use these different tools to write production-grade Kubernetes manifests.
Richard Li from Ambassador Labs was on the Kubelist Podcast this week to discuss Telepresence, one of the first CNCF Sandbox projects. Telepresence makes sense for large teams to manage the cost of running many dev clusters better; but in this episode Richard explains how the project makes sense for small teams as well. The conversation about Telepresence 2.0 (rewritten in Go) is also great. Hopefully we get to see that version soon!
This week on the Kubelist Podcast, I had a conversation with Andreas Grabner from Dynatrace about the Keptn project. Keptn is a CNCF Sandbox project to orchestrate event-driven workflows, often for CI/CD tasks. In this issue, we’re sending some links to Keptn resources and a few other great podcast episodes from the PurePerformance podcast.
Every couple of months, the CNCF TOC (Technical Oversight Committee) meets to review outstanding Sandbox applications. As a result of the meeting last week, 7 new projects were added to the Sandbox. In this issue, we are taking a quick look at each of the new additions, and we hope to feature them all on the Kubelist podcast soon!
This week on the Kubelist Podcast, I had a conversation with William Morgan from Buoyant about the Linkerd project. The conversation ranged from the origins of Linkerd to some of the technical challenges of building it in Scala; and then Rust and Go.
Linkerd 2.9 is out this week – which William discusses, as well as explaining what’s changed. If you’re a Linkerd fan, or considering becoming one, listen to the podcast and check out the links below!
Most of us have kubectl installed on our laptops. Building on this, kubectl plugins are a simple and convenient way to package additional CLIs that depend on Kubernetes clusters. And with Krew (see today’s first link), we no longer need to package separate MacOS, Windows, and Linux binaries into homebrew, apt, rpm, snap, and other package managers. If you’ve shipped a CLI before, you know how difficult it is to keep it updated on everyone’s computer. If you haven’t, trust us, it’s difficult. Read on for some new links on creating and packaging a CLI and then delivering it to your Kubernetes users.
Flux is the original GitOps operator for Kubernetes. Back in episode 103, we focused on the ArgoCD project as an implementation of GitOps in Kubernetes. This week, we are diving into Flux, and featuring a new episode of the Kubelist Podcast with Michael Bridgen, one of the creators of the project. This issue of the Kubelist newsletter contains links to Flux tutorials, guides, and a few pages that explain the Flux v1 to Flux v2 transition.
This week on the Kubelist Podcast, we welcome Sunil James from Hewlett Packard Enterprise to chat about the SPIFFE and SPIRE projects. Sunil is one of the founders of Scytale, the company that brought SPIFFE into the CNCF, and has continued to work on it after being acquired by HPE. If you’re running microservices and are thinking about security and identity, check out the links in this issue to learn more about SPIFFE and SPIRE, and tune in to this week’s podcast episode!
This week on the Kubelist Podcast, we have a conversation with Ben Sigelman from LightStep about the OpenTelemetry project. This has us thinking about observability and collecting some good links we’ve been saving related to tracing, metrics, and logging using OpenTelemetry. On the podcast, Ben shares some thoughts on these “pillars of observability”.
If you are looking to up your observability game, dig in here and get started with OpenTelemetry. We tried to find the best links, but we know there are observability platforms that are integrated into OpenTelemetry that we didn’t have room to include here. This issue includes some of the best and most recent blog posts and tutorials available on OpenTelemetry.
This week, we’re taking a closer look at GitOps and the Argo project. Mukulika Kapas from Intuit joined the Kubelist podcast this week to discuss Argo and GitOps. Argo came out of a need at Intuit to manage clusters at scale. While the Argo project consists of four subprojects (Argo CD, Workflows, Events and Rollouts) the topic of this newsletter is GitOps, so we are focusing on the Argo CD subproject.
If you’re looking at GitOps now, or are using any of the available GitOps tools to manage CI/CD in your clusters, the links today should help you understand how others are implementing GitOps – and hopefully show you a few new tools!
We have exciting news to share today! In addition to the Kubelist weekly newsletter, we’ve started the Kubelist podcast! We’ve been enjoying sending you the Kubelist weekly newsletter (and that’s not stopping), but we wanted a way to go more in-depth on the CNCF ecosystem projects. The Kubelist podcast interviews maintainers of a CNCF project on each episode to discuss the origins and roadmap of the project. Each episode is a deep dive into a single project.
Give it a listen (and subscribe!). And while you are here, check out some of our other favorite podcasts!
How many years have you been running Kubernetes in production? Have you shared your lessons learned yet? This week, we gathered some stories about lessons learned after running Kubernetes in a year, in two years or in three years. There are similarities and common threads in these stories. Definitely a good read, and also some takeaways that might change how you run Kubernetes this year.
Hi again! This week, we decided to take a look at some of the lesser-known (at least we haven’t seen much discussion about them) special interest groups (SIGs) for Kubernetes. There are a lot of great SIGs, so instead of providing links to the popular repos, we focus on some that seem to be flying under the radar. If these are interesting to you, go digging around in kubernetes-sigs for more! We didn’t have enough room in this issue to share everything that we found!
If you are subscribing to Kubelist, you probably agree that containers have changed how we deploy software. A large enabler of containers was the creation of the Docker (now OCI) Registry. Container registries aren’t boring, and there are a lot of changes happening as the basic container registry grows into an OCI registry. This week, we take a close look at some interesting registry-related links.
This week, we are sharing some new Kubernetes 1.19 features and a great technical post from Monzo about self-hosting Kubernetes. Let’s not forget that KubeCon EU 2020 wrapped up, so we made sure to include a couple of good recap links if you weren’t able to attend. We’ll share the videos when they are published! ✔
As we build more Kubernetes-native applications and run more and more on Kubernetes, developers need to be able to have an environment that closely resembles production. This means Kubernetes for developers and Kubernetes-friendly development environments. This week, we are sharing a few of our favorite projects that help developers build for Kubernetes environments.
This week we’ll be focusing on the Zero Trust security model and how it applies to Kubernetes. This issue is split between blogs that explain what zero trust is, and hands-on practical tutorials and examples. Have your kubectl ready to go!
This week’s issue is full of technical blog posts and discussion of a couple of projects that are worth checking out. We can’t leave Open Service Mesh from Microsoft out, so we’ll start there. But we are really excited about some of the work happening to make the Kubernetes Scheduler more extensible and powerful. When reading these links about the scheduler, imagine how flexible a Kubernetes cluster of the future will be. 🔮
Not everyone using Kubernetes writes PodSpecs and thinks about Ingress controllers, PersistentVolumeClaims and other Kubernetes fundamentals. While that type of Kubernetes-native workload is fine for some users, many use cases don’t need to know the details of how a pod is scheduled. Kubernetes is a great platform to run “serverless” workloads on. The idea of delivering a function or other interface to run on a cluster is appealing. This week, we look at a couple of popular options, and some tutorials to get started with each of them.
Kubernetes 1.19 is expected to be released in the next couple of weeks. Today, we start out by sharing some of the 1.19 features and improvements that are exciting to us. We’ve also got a few links regarding some timely CNCF news about KubeCon and certifications.
A modern application is complex, and starting may require some specific sequencing. Maybe the database needs to be running before the API, or you need to provision TLS certs before starting a web server. It’s possible (recommended even) to make code changes to remove these hard sequencing dependencies, and this isn’t always easy or possible. So this week we're looking at built-in Kubernetes features that can be used to start up a complex application or upgrade, without using external coordination utilities.
The Kubernetes Dashboard and kubectl are both powerful tools, but are not the only ways to view and interact with your cluster. There are some powerful alternatives to these components that provide unique views and functionality. Dashboards in this category aren’t intended as a replacement for full and proper monitoring, but are incredibly useful to get a high level view of what’s running in the cluster. Kubectl can drive a cluster with its composable commands, but some other CLIs have more interactive views that can save time with some tasks. This week, we are sharing some of the kubectl alternatives and lightweight Kubernetes dashboards that you can install.
Kubernetes makes it easier to run different services in a single, shared cluster. This creates an opportunity for any service to disrupt and create outages in any other service or the entire cluster. When you have improperly configured services in a cluster, they will be subject to the various scheduling guarantees that Kubernetes offers. But Kubernetes does offer a solution here with built-in QoS Classes (Quality of Service) and LimitRanges. These features should be enabled and enforced in every cluster to keep your cluster healthy. This week, we’ve shared a few blog posts to help you understand these Kubernetes features and how to use them.
No Kubernetes migration is complete without a chaos engineering story. To successfully run a production system on Kubernetes without unexpected outages, everything should be horizontally scalable and resilient. In other words, expect restarts and other “problems”, code and design around them, and you’ll be successful. Chaos Engineering is the practice of running experiments on your cluster to see how well everything behaves. This week, we are looking at some blog posts and some tools to help you get started or to advance your Chaos Engineering practice.
This week, we’ve been thinking a lot about storage in Kubernetes. Storage is an extremely important, but also a very difficult capability to provide in a cluster. Doing so often means relying on external resources to create a reliable solution. There are some projects that let you run your cluster on EKS without EBS volumes, or to run a bare metal cluster that doesn’t come with any managed storage. This is a topic that we should check back in on more often, and we’d love to hear about other in-cluster storage solutions not listed here!
Instead, we’d like to create space to pause and reflect on the pain being felt in the United States and around the world. We know that a big part of what makes Kubernetes so special is its diverse and supportive community and we don’t want to distract from the voices that matter right now.
This week, we’ve been working to improve our application startup process so that it doesn’t receive traffic before it’s ready, and fails gracefully so that it can be restarted. These are all core features of a modern application, and Kubernetes supports this via Readiness Probes and Liveness Probes. But just because these are supported, doesn’t mean you necessarily should be using both of them. In this issue, we’ll cover the basics of the probes, when to use them, and more importantly, when not to.
As organizations of all sizes transition to Kubernetes, a lot has been written and shared about the journey. There are plenty of success stories and also many posts about mistakes and lessons learned. Whether you have already moved to Kubernetes or just starting out, there’s a lot to learn from these stories. This week’s issue is a collection of links that share some lessons that have been learned the hard way so that you can avoid making the same mistakes.
This isn’t the first time we’ve written an entire issue about security in Kubernetes. And it’s probably not the last time. The security landscape is constantly evolving and there’s a steady stream of best practices to implement and new attacks to protect against. Whether you are just starting to look at securing Kubernetes and the applications running on it, or want to catch up on some new info, the links here about applying security principles to Kubernetes should be interesting. Don’t stop at these 6 links though. Hopefully this inspires you to set a little time aside very soon to continue the research. 🛡️
Kubernetes has long been pigeonholed as a platform for stateless applications, however a new generation of Kubernetes-native stateful applications have been emerging. This is largely due to the introduction of the operator pattern that allows for stateful applications to be managed through automated operations. Once installed, these operators extend Kubernetes to allow built-in support for new, custom resources.
This week we wanted to showcase a few Kubernetes Operators that are built to run stateful services such as databases. Our goal is to showcase both the viability of running stateful workloads on Kubernetes and the evolution of the Operator pattern as more than just an installation tool.
As time goes on, we aren’t running out of new ways to bootstrap and install a Kubernetes cluster. We aren’t complaining though, the fact that there are so many options here is proof that this problem is not yet solved!
There are a lot of guides that talk about managing, reporting on, and lowering the costs of running Kubernetes clusters. This week, we share a set of links that all will have you thinking about optimizing the amount you are spending to run Kubernetes.
This week we take a look at three alternate Kubelets you can run or even build, and share some recent announcements.
A lot has happened in the world since our last issue, including some Kubernetes developments worth talking about. With everyone quarantined right now, it felt like a good time to send some recommended reading (and a video) your way.
Monitoring containers and clusters in Kubernetes is essential for ensuring the best performance in applications. This week’s issue will be focusing on the importance of Kubernetes monitoring and some issues that come with using monitoring tools for Kubernetes.
This week we’ll be investigating Kubernetes secrets, to discover the best and useful tips and tricks for any K8s developer. Warning ahead: There are Kubernetes Secrets found!
This week we’re looking into Kubernetes failures and incidents. As you might imagine, these issues can have a nasty impact for users, and where recovery plays the most critical role.
To avoid exploitation and the delivery of malicious bugs in Kubernetes, it is critical that your system is secure and containers are kept closed. Some of the most damaging attacks can lead to every pod and container to shut down and break. Security is vital, and that is what we will be looking at today.
Today, we’re opening common networking issues within Kubernetes. Let’s take a look at what Kubernetes Networking is dealing with, to specific issues within K8s. And solutions too.
We also are taking a look at Container to Container, Pod to Pod, and External to Services Networking!
Helm is a package manager tool used for Kubernetes. Known for managing complex apps and easy rollbacks, Helm is quite popular. These articles answer questions like “What is Helm? How do I use it?” Is it the best tool for Kubernetes? And of course, a Helm tweet.
Kubernetes has many things to offer when diving into it as a beginner. This week we look at a few in-depth Kubernetes related posts that include the environment, Docker, and Kustomize.
This week we also take a look into practicing with Kubernetes.
Entering the world of Kubernetes can be a bit scary at first, but hold on, buckle your seatbelt in and don’t be worried! Learning this open source software is quite interesting. This week we look at some posts that introduce Kubernetes and addresses the who, what, where, and why.
It’s amazing how much security content is produced in an around Kubernetes. This week we look at a few security-related posts but it's interesting to stop and consider where Kubernetes is in terms of supporting highly secure development workflows and production operations.
This week we also have a look at the ClusterAPI, Tooling and HAProxy 2!
This week we talk about security (pod security policies, TLS, honeypots), what’s new in the Kube with 1.15, and Apple joining the CNCF
Check it out!
This week we bring you articles on Kubernetes failure stories, managing permissions, and recovering from disasters with a few more goodies herein.
Kube sprawl is an interesting one, what incentivizes folks creating more and more clusters with more and more config on and on and on to power their Kubernetes journey? Some say it tenancy, Some say performance, read here to find out more.
This week we look at Kube sprawl, configurable HPA, Multi-Cloud clusters, Kube testing, and more.
Lots of cool outcomes from Kubecon EU: OpenTelemetry, Service Mesh Interface, ect.
We’ve collected a few recaps and some more around service meshes, the kube future, secrets, and scaling!
Actually not much in the way of spectacular content coming out of Kubecon yet - so maybe this is a part 1 of x.
Valero 1.0, Helm 3.0, Rook 1.0, OpenTelemetry!
Let's dive in and see what came out of Kubecon Europe and more!
Thank you to @CormacJHogan for your stateful take on things 😁.
