Kubernetes LAN Party - by Wiz
This article describes a set of best practices for building containers. These practices cover a wide range of goals, from shortening the build time, to creating smaller and more resilient images, with the aim of making containers easier to build (for example, with Cloud Build), and easier to run in Google Kubernetes Engine (GKE).
These best practices are not of equal importance. For example, you might successfully run a production workload without some of them, but others are fundamental. In particular, the importance of the security-related best practices is subjective. Whether you implement them depends on your environment and constraints.
Flux is a set of continuous and progressive delivery solutions for Kubernetes, and they are open and extensible.
The APIs of Flux are stable now.
Kyverno is a policy engine designed for Kubernetes
This post is based on a webinar i've previously given where I go through some of my favourite tips for working with Kubernetes clusters all day long. The goal of all of these techniques is to make my life easier and (hopefully) less error prone. I start off with the first 5 tips being applicable to anyone working with Kubernetes and can be picked up right away. From there I move on to a couple that would benefit from having some old-skool Linux sys-admin experience. Finally I finish of with some more advanced techniques that require some previous programming experience.
https://openunison.github.io/deployauth/
Vulnerable app with examples showing how to not use secrets - GitHub - OWASP/wrongsecrets: Vulnerable app with examples showing how to not use secrets
The missing UI for Helm - visualize your releases. Contribute to komodorio/helm-dashboard development by creating an account on GitHub.
Run Juice Shop on Kubernetes
kubectl plugin to browse Kubernetes object hierarchies as a tree 🎄 (star the repo if you are using) - GitHub - ahmetb/kubectl-tree: kubectl plugin to browse Kubernetes object hierarchies as a tree 🎄 (star the repo if you are using)
FEATURE STATE: Kubernetes v1.15 [stable] Client certificates generated by kubeadm expire after 1 year. This page explains how to manage certificate renewals with kubeadm. It also covers other tasks related to kubeadm certificate management. Before you begin You should be familiar with PKI certificates and requirements in Kubernetes. Using custom certificates By default, kubeadm generates all the certificates needed for a cluster to run. You can override this behavior by providing your own certificates.
Kubelog - a log viewer for kubernetes. Tail multiple pods in one view and use searches to highlight and show results in context.
First steps with k9s
Extension for Visual Studio Code - Develop, deploy and debug Kubernetes applications
kube-ops-view - Kubernetes Operational View - read-only system dashboard for multiple K8s clusters
pod debugging tool for kubernetes clusters with docker runtimes - GitHub - huazhihao/kubespy: pod debugging tool for kubernetes clusters with docker runtimes
Kubernetes shell: An integrated shell for working with the Kubernetes - GitHub - cloudnativelabs/kube-shell: Kubernetes shell: An integrated shell for working with the Kubernetes
⎈ Multi pod and container log tailing for Kubernetes - GitHub - wercker/stern: ⎈ Multi pod and container log tailing for Kubernetes
Bash script to tail Kubernetes logs from multiple pods at the same time - GitHub - johanhaleby/kubetail: Bash script to tail Kubernetes logs from multiple pods at the same time
Table of Contents Put your prompt to work Cluster context and namespaces switching on your fingertips Monitoring cluster health and Kubernetes Resources Right From Your Terminal Web UI to...
Welcome to Linkerd! 🎈 In this guide, we’ll walk you through how to install Linkerd into your Kubernetes cluster. Then we’ll deploy a sample application to show off what Linkerd can do. This guide is designed to walk you through the basics of Linkerd. First, you’ll install the CLI (command-line interface) onto your local machine. Using this CLI, you’ll then install the control plane onto your Kubernetes cluster. Finally, you’ll “mesh” a application by adding Linkerd’s data plane to it.
In this post I’m gonna discuss about achieving Zero Trust Networking on Kubernets using Calico CNI network policies. All the Kubernetes deployments and Calico network policy configurations which…
Installation instructions
Deploy and run Kubernetes workloads at any scale on any infrastructure.
All batteries included. 100% open source & free.
Vulnerable by design
When the apiserver is proxying a request to a node though one of its addresses, it performs a filter validation. If the address type is a DNS record (Hostname, ExternalDNS, InternalDNS), the apiserver performs two DNS queries, one for filter validation, another for proxying the request. If the attacker sets the hostname to a custom DNS server, that is able return different values with zero TTL, it is possible to bypass that filter.
What is Porter?
Take everything you need to do a deployment, the application itself and the entire process to deploy it: command-line tools, configuration files, secrets, and bash scripts to glue it all together. Package that into a versioned bundle distributed over standard Docker registries or plain tgz files.
Now anyone can install your application without deep knowledge of your deployment process, or following a step-by-step deployment doc, regardless of the tech stack.
Why Porter?
Single command to find and deploy any application, regardless of the tech stack. No knowledge of the deployment process necessary.
Secure handling of secrets and credentials, integrated with industry standard secret stores.
Share the operational load of managing your team's deployments.
Works with and improves existing tools, such as bash, cloud CLIs, terraform and helm. You don't rewrite your existing deployments to start using Porter.
Reliable deployments because the client environment: cli versions, installed commands, configuration... is dependable and consistent.
Use our Helm charts to set up Elasticsearch and Kibana on a Kubernetes cluster, secured by Search Guard.
I started reading this book around a week ago.
Kubernetes is a container orchestration system that can manage containerized applications across a cluster of server nodes. Maintaining network connectivity between all the containers in a cluster requires some advanced networking techniques. In this
Ifyou go around and ask for a Kubernetes expert, whoever responds to your call is definitely lying. They probably are an expert in one of the many components that make a Kubernetes cluster, but I bet you there is a complete section of Kubernetes they have not touched or even heard about.
Not saying that Kubernetes is complex without reason, because it has its reasons, but it is a complex beast.
Network controllers seems to be one of those components that only very few people know how they truly work, or at least I couldn’t find many during my search for answers, and once you decide on one, and get yours up and running, you pretty much forget about it.
At Blend, we make extensive use of Kubernetes on AWS to power our infrastructure. Kubernetes has many moving parts, and most of these components are swappable, allowing us to customize clusters to our needs. An important component of any cluster is the Container Network Interface (CNI), which handles the networking for all pods running on the cluster. Choosing the right CNI for each use case is critically important and making changes, once serving production traffic, can be painful. Blend had several problems with the CNI we initially chose (Weave), leading us to explore alternatives. We eventually decided to switch and in this post, we describe the challenges and solutions to migrating without downtime.
Zero configuration or integration required — just launch and go.
Weave Scope automatically detects processes, containers, hosts. No kernel modules, no agents, no special libraries, no coding. Seamless integration with Docker, Kubernetes, DCOS and AWS ECS.
Weave Scope automatically generates a map of your application, enabling you to intuitively understand, monitor, and control your containerized, microservices-based application.
A kubectl plugin that utilize tcpdump and Wireshark to start a remote capture on any pod in your Kubernetes cluster.
You get the full power of Wireshark with minimal impact on your running pods
The next level of chaos engineering is here! Kill pods inside your Kubernetes cluster by shooting them in Doom!
This is a fork of the excellent gideonred/dockerdoomd using a slightly modified Doom, forked from https://github.com/gideonred/dockerdoom, which was forked from psdoom.
This article assumes a basic knowledge of Docker. This is the first article in a series of posts called “Simplified”, where I take a look at systems that I think aren’t adequately explained in their own “getting started” documentation. Today, I’m taking a look at one of the most complicated systems I’ve used to date.