96 private links
This article describes a set of best practices for building containers. These practices cover a wide range of goals, from shortening the build time, to creating smaller and more resilient images, with the aim of making containers easier to build (for example, with Cloud Build), and easier to run in Google Kubernetes Engine (GKE).
These best practices are not of equal importance. For example, you might successfully run a production workload without some of them, but others are fundamental. In particular, the importance of the security-related best practices is subjective. Whether you implement them depends on your environment and constraints.
This page shows how to configure process namespace sharing for a pod. When process namespace sharing is enabled, processes in a container are visible to all other containers in the same pod.
You can use this feature to configure cooperating containers, such as a log handler sidecar container, or to troubleshoot container images that don't include debugging utilities like a shell.
Before you begin You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster.
Flux is a set of continuous and progressive delivery solutions for Kubernetes, and they are open and extensible.
The APIs of Flux are stable now.
Kyverno is a policy engine designed for Kubernetes
OWASP has created the OWASP Kubernetes Top 10, which helps identify the most likely risks.
THREAD: Isolating a pod for troubleshooting This technique helps you with debugging running Pods in production The Pod is detached from the Service (no traffic), and you can troubleshoot it live Let's get started!
This post is based on a webinar i've previously given where I go through some of my favourite tips for working with Kubernetes clusters all day long. The goal of all of these techniques is to make my life easier and (hopefully) less error prone. I start off with the first 5 tips being applicable to anyone working with Kubernetes and can be picked up right away. From there I move on to a couple that would benefit from having some old-skool Linux sys-admin experience. Finally I finish of with some more advanced techniques that require some previous programming experience.
Vulnerable app with examples showing how to not use secrets - GitHub - OWASP/wrongsecrets: Vulnerable app with examples showing how to not use secrets
Declaratively deploy your Kubernetes manifests, Kustomize configs, and Charts as Helm releases in one shot - GitHub - helmfile/helmfile: Declaratively deploy your Kubernetes manifests, Kustomize configs, and Charts as Helm releases in one shot
Kubernetes on Linux: This tutorial will walk you through the process of installing MicroK8s on Rocky Linux 9.
The missing UI for Helm - visualize your releases. Contribute to komodorio/helm-dashboard development by creating an account on GitHub.
Hello, we shall run the OWASP juice shop as a deployment, and expose it as a service in a local kubernetes cluster launched with kind. Hence, familiarity with kubernetes deployment and service is essential to follow along. You can try this with any cluster, though I am using a cluster that was launched with kind. For those not aware, kind is a tool that makes launching k8s clusters on your local machine easy.
Run Juice Shop on Kubernetes
The installation or upgrade of the Component Pack for Connection 7.0 requires the configuration of Helm
kubectl plugin to browse Kubernetes object hierarchies as a tree 🎄 (star the repo if you are using) - GitHub - ahmetb/kubectl-tree: kubectl plugin to browse Kubernetes object hierarchies as a tree 🎄 (star the repo if you are using)
colorizes kubectl output. Contribute to hidetatz/kubecolor development by creating an account on GitHub.
FEATURE STATE: Kubernetes v1.15 [stable] Client certificates generated by kubeadm expire after 1 year. This page explains how to manage certificate renewals with kubeadm. It also covers other tasks related to kubeadm certificate management. Before you begin You should be familiar with PKI certificates and requirements in Kubernetes. Using custom certificates By default, kubeadm generates all the certificates needed for a cluster to run. You can override this behavior by providing your own certificates.
Kubectl commands, but in color. Tagged with kubernetes, devops, cli, zsh.
A simple-yet-powerful API traffic viewer for Kubernetes to help you troubleshoot and debug your microservices. Think TCPDump and Chrome Dev Tools combined.