KubernetesLinks

Download this resource to learn how Teleport’s tight integration with AWS simplifies the implementation of Zero Trust in the cloud.

This tech paper also outlines how Teleport’s access platform can become the centralized window and the single entry point for consuming AWS internal and external services.

Learn more.

The complex nature of Microservices architecture requires a systematic testing strategy to ensure end-to-end (E2E) testing for any given use case. This blog explains some of the most adopted automation testing strategies with the help of the Testing Triangles for Microservices.

The Testing Triangles approach is a modern way of testing microservices with a bottom-up approach. It focuses on unit, component, contract, integration and end-to-end testing to ensure end-to-end (E2E) testing for any use case.

The goal is to identify issues early on and reduce production bugs. It is also part of the “Shift-left” testing methodology, which aims to test early and often to increase code quality and reduce the number of bugs. The Testing Triangles approach is a comprehensive and systematic approach to testing microservices architecture.

By @squadcast

This guide explains how to use Ansible to automate the installation and setup of Docker on Ubuntu 22.04. The playbook provided in this guide automates the steps outlined in the guide on How To Install and Use Docker on Ubuntu 22.04 .

Kubernetes adoption is increasing and organizations are paying more attention to the reliability, security, and cost efficiency of their workloads. Fairwinds has released an updated Kubernetes Benchmark Report for 2023, based on data from 150,000 workloads, to help organizations understand their container configurations and compare them to their peers.

The report shows that Kubernetes security, cost efficiency, and reliability remain top concerns for cloud native users. It also reveals that many organizations are not aligning their configurations to best practices, which can lead to unnecessary risk, cloud cost overruns, and poor application performance.

The report also states that DevOps teams are outnumbered as Kubernetes usage expands and it becomes harder for them to manage the potential configuration risks introduced by new teams. The report is divided into three sections: reliability, security, and cost efficiency, to help organizations identify where they may be lagging behind and how to improve their configurations.

The author discusses the process of upgrading a legacy Kubernetes cluster and tips and tricks to make the process easier. They emphasizes the importance of regular upgrades, as k8s releases new versions quickly and has a support policy of N-2, meaning the 3 most recent minor versions receive security and bug fixes.

The tutorial suggests a staggered approach to upgrading, with the dev cluster being as close to bleeding edge as possible, staging a minor release behind dev, and production as close to staging as possible. It also advises to wait until a minor version hits patch .2 at least before upgrading, and to use per-environment YAMLs and automated tools like Kustomize.

A roundup of our most popular Kubernetes articles from last year published onenterprisersproject.com.

Kubernetes adoption has become widespread, with 96% of organizations using or evaluating it for container orchestration. However, Kubernetes also presents security risks due to the flexibility of container applications and their ability to carry discrete components that interact over the network.

These risks include compromised container images or containers, misuse of a container to attack other containers or hosts, registry risks, orchestrator risks, vulnerabilities in runtime software, and host operating system risks. Malicious actors often attack Kubernetes by exploiting misconfigurations or specific vulnerabilities in exposed ports.

To secure Kubernetes environments, organizations should align cluster configurations with security best practices, ensure applications running on the cluster have no known vulnerabilities, enforce runtime security policies, and protect credentials.

The "defense-in-depth" approach is recommended, using the "4C Security Model" which covers cloud, cluster, container, and code layers. Automation tools such as Kubescape can also help with risk management and compliance.

Kubernetes v1.25 has introduced alpha feature to change the default StorageClass assigned to a PersistentVolume claim (PVC), enabling users to update PVCs without a StorageClass assigned later and graduated to beta in v1.26, improving the management of 'stuck' PVCs and resource ordering during cluster installation.

Kubernetes v1.26 has introduced unhealthy pod eviction policy for PodDisruptionBudgets, allowing cluster administrators to drain nodes without manual interventions and providing greater flexibility for application owners in managing disruptions.

In this talk, Shukun introduces the idea of combining 3 projects, Cluster-API, Metal3-io and Cluster Autoscaler, to achieve autoscaling on a bare metal cluster.

Metal3-io is a CNCF sandbox project which aims to provide a Kubernetes-style way to manage bare metal servers and Cluster-API, is developed to manage Kubernetes cluster lifecycle.

By using these projects, it is easy to manage bare metal infrastructure and build Kubernetes clusters on it. With the help of Cluster Autoscaler, the efficiency of the physical resources can be increased. Shukun will explain how these projects interact with each other and show how to use them.

The definitive guide to deploying and managing Kubernetes across major cloud platforms.

What you will learn:

• Manage containerized applications with Kubernetes
• Understand Kubernetes architecture and the responsibilities of each component
• Set up Kubernetes on Amazon Elastic Kubernetes Service, Google Kubernetes Engine, and Microsoft Azure Kubernetes Service
• Deploy cloud applications such as Prometheus and Elasticsearch using Helm charts
• Discover advanced techniques for Pod scheduling and auto-scaling the cluster
• Understand possible approaches to traffic routing in Kubernetes

Move smoothly between Kubernetes YAML and Python for creating/updating/componentizing configurations.

A CLI tool to install and manage Kubernetes clusters in Hetzner Cloud using the lightweight distribution k3s by Rancher.

A ChatGPT bot implemented using Robusta for Kubernetes issues.

CloudNativePG is a Kubernetes operator that covers the full lifecycle of a PostgreSQL database cluster with a primary/standby architecture, using native streaming replication