Kubernetes Icon

Kubernetes

Kubernetes is an open source system for automating deployment, scaling, and management of containerized applications.
48 Stories
All Topics

CNCF Icon CNCF

Open sourcing the Kubernetes security audit

The CNFC has been funding security audits of projects since last year. With CoreDNS, Envoy, and Prometheus taken care of, Kubernetes itself recently received the treatment. The assessment yielded a significant amount of knowledge pertaining to the operation and internals of a Kubernetes cluster. Findings and supporting documentation from the assessment has been made available today, and can be found here. If you don’t want the full report, the linked announcement lists some of the major takeaways.

read more

Jessie Frazelle blog.jessfraz.com

The business executive's guide to Kubernetes

This isn’t just for business executives. It’s good knowledge to have for anyone who has heard the hype around K8S but never any of the potential problems: This post will cover some hard truths of Kubernetes and what it means for your organization and business. You might have heard the term “Kubernetes” and you might have been led to believe that this will solve all the infrastructure pain for your organization. There is some truth to that, which will not be the focus of this post. To get to the state of enlightenment with Kubernetes, you need to first go through some hard challenges. Let’s dive in to some of these hard truths.

read more

Henning Jacobs github.com

Kubernetes failure/horror stories

Learn from other people’s fail stories. This is a compiled list of public Kubernetes failure stories. Why? Kubernetes is a fairly complex system with many moving parts. Its ecosystem is constantly evolving and adding even more layers (service mesh, …) to the mix. Considering this environment, we don’t hear enough real-world horror stories to learn from each other! This compilation of failure stories should make it easier for people dealing with Kubernetes operations (SRE, Ops, platform/infrastructure teams) to learn from others and reduce the unknown unknowns of running Kubernetes in production. For more information, see the blog post.

read more

Kubernetes github.com

Ensure your Kubernetes clusters are using best practices ✅

Polaris helps keep your cluster healthy. It runs a variety of checks to ensure that Kubernetes deployments are configured using best practices that will avoid potential problems in the future. Provides a dashboard with an overview of how your clusters are doing as well as an experimental “validating webhook” that can stop future deployments that don’t live up to the standards.

read more

Ev Kontsevoy gravitational.com

Rolling your own servers with Kubernetes (goodbye AWS)

Why Kubernetes? Should you roll your own servers? Should you go off the cloud? If you’ve listened to The Changelog #344 — where we cover the details of Changelog.com’s 2019 infrastructure with special guest Gerhard Lazu — then you’ll know the answer to these questions. But if not, as you might assume, I recommend listening to that episode and reading this post from Ev, in that order. In this three-part blog series, we’ll try to address some of the fears and uncertainties faced by organizations who had successfully started their projects on public clouds, like AWS, but for one reason or another found themselves needing to replicate their cloud environment from scratch, starting with an empty rack in their own enterprise server room or a colocation facility.

read more

The Changelog The Changelog #344

Inside the 2019 infrastructure for Changelog.com

We’re talking with Gerhard Lazu, our resident ops and infrastructure expert, about the setup we’ve rolled out for 2019. Late 2016 we relaunched Changelog.com as a new Phoenix/Elixir application and that included a brand new infrastructure and deployment process. 2019’s infrastructure update includes Linode, CoreOS, Docker, CircleCI, Rollbar, Fastly, Netdata, and more — and we talk through all the details on this show. This show is also an open invite to you and the rest of the community to join us in Slack and learn and contribute to Changelog.com. Head to changelog.com/community to get started.

read more

Fernand Galiana github.com

Popeye - a Kubernetes cluster sanitizer

Popeye is a utility that cruises Kubernetes cluster resources and reports potential issues with your deployment manifests and configurations. By scanning your clusters, it detects misconfigurations and ensure best practices are in place thus preventing potential future headaches. This is a read-only tool, which means it’s pretty safe to kick the tires. For the back story, check out Fernand’s announcement post.

read more

The Changelog The Changelog #343

Running functions anywhere with OpenFaaS

We’re talking with Alex Ellis, the founder of OpenFaaS — serverless functions made simple for Docker and Kubernetes. We talked about the back story and details of OpenFaaS, “the curious case of serverless on Kubernetes,” the landscape of open source serverless platforms, how Alex is leading and building this community, getting involved, and maintainership vs leadership.

read more

Matthias Endler matthias-endler.de

Maybe you don't need Kubernetes

There’s another gorilla to consider for container orchestration. Kubernetes is the 800-pound gorilla of container orchestration. It powers some of the biggest deployments worldwide, but it comes with a price tag. Especially for smaller teams, it can be time-consuming to maintain and has a steep learning curve. For what our team of four wanted to achieve at trivago, it added too much overhead. So we looked into alternatives — and fell in love with Nomad. From the Nomad website: HashiCorp Nomad is a single binary that schedules applications and services on Linux, Windows, and Mac. It is an open source scheduler that uses a declarative job file for scheduling virtualized, containerized, and standalone applications. Anyone from the community with experience using Nomad? Let us know in the discussion below.

read more

Omer Levi Hevroni blog.solutotlv.com

Can Kubernetes keep a secret?

Omer Levi Hevroni: When we made the shift to Kubernetes, we wanted to keep our devs independent and put a lot of effort into allowing them to create services rapidly. It all worked like a charm – until they had to handle credentials… The solution they came up with is called Kamus, which is: an open source, GitOps, zero trust, secrets solution for Kubernetes applications. Kamus allows you to seamlessly encrypt secret values and commit them to source control Jump over to the article for more on Kubernetes built-in secrets, an overview of some other alternatives, and a deep-dive on how Kamus works.

read more

Kubernetes submariner.io

Connect all your Kubernetes clusters, wherever they are in the world

Submariner is a tool built to connect overlay networks of different Kubernetes clusters. While most testing is performed against Kubernetes clusters that have enabled Flannel/Canal, Submariner should be compatible with any CNI-compatible cluster network provider, as it utilizes off-the-shelf components such as strongSwan/Charon to establish IPsec tunnels between each Kubernetes cluster. Pre-alpha so it’s not ready for production, but it is ready for a follow.

read more

Abraham Ingersoll gravitational.com

The curious case of serverless on Kubernetes

Abraham Ingersoll: While AWS continues its Mr. Softy strategy of extend, embrace and extinguish with Lambda, Google is doubling down on its Kubernetes masterstroke with the upcoming “Knative.” Using the CNCF’s trail map as a guide, he finds four serious “Serverless on Kubernets” contenders in addition to Knative and overviews them each in turn.

read more

Kubernetes k3s.io

K3s — Lightweight Kubernetes

K3s is a fully compliant production-grade Kubernetes distribution with the following changes: Legacy, alpha, non-default features are removed. Many of these features are not available in most Kubernetes clusters already. Removed in-tree plugins (cloud providers and storage plugins) which can be replaced with out-of-tree add-ons. Added sqlite3 as the default storage mechanism. etcd3 is still available, but not the default. Wrapped in a simple launcher that handles a lot of the complexity of TLS and options. Rancher is also doing an online meet-up and demo of K3s on March 13, 2019.

read more

Linux github.com

A Linux distro built specifically for Kubernetes

Talos touts: Security: reduce your attack surface by practicing the Principle of Least Privilege (PoLP) and enforcing mutual TLS (mTLS). Predictability: remove needless variables and reduce unknown factors from your environment using immutable infrastructure. Evolvability: simplify and increase your ability to easily accommodate future changes to your architecture. Hit up the README if you’re curious about the name, why there’s no shell/ssh access, or how it’s different than CoreOS/RancherOS/Linuxkit

read more

Gianluca gianarb.it

Extend Kubernetes via a shared informer

This post from Gianluca Arbezzano contains both theory and code with a complete working application to understand how to build your own shared informer to extend Kubernetes beyond applying YAML via kubectl. Kubernetes increases in popularity every day but I don’t think we use all its power just applying YAML via kubectl. Kubernetes is a framework and as every framework, it exposes powerful interfaces and API usable to extend its capability with our needs. Shared Informers are what I see as the easy way to enjoy k8s as an extendible tool to programmatically build and ship containers.

read more

Fernand Galiana Medium

If you K8s, please try K9s...

Operating Kubernetes clusters is becoming more and more taxing in terms of the number of aliases/scripts and single purpose tools one must install/master. K9s is a terminal based CLI to manage and diagnose Kubernetes clusters in a single command. It provides a unified view to navigate and diagnose K8s resources for your local or remote clusters right there in the same CLI.

read more

Medium Icon Medium

Kubernetes development workflow for macOS (tips and tricks)

Megan O’Keefe, developer relations engineer at Google, shares her setup for Kubernetes as well as some very helpful tips and tricks from her Terminal setup, navigating clusters, and how she gave kubectl superpowers. As a developer relations engineer for Kubernetes, I work a lot with demo code, samples, and sandbox clusters. This can get interesting to keep track of (read: total chaos). So in this post I’ll show some of the tools that make my Kubernetes life a lot better. This environment can work no matter what flavor of Kubernetes you’re running.

read more

The Changelog The Changelog #330

source{d} turns code into actionable insights

Adam caught up with Francesc Campoy at KubeCon + CloudNativeCon 2018 in Seattle, WA to talk about the work he’s doing at Source{d} to apply Machine Learning to source code, and turn that codebase into actionable insights. It’s a movement they’re driving called Machine Learning on Code. They talked through their open source products, how they work, what types of insights can be gained, and they also talked through the code analysis Francesc did on the Kubernetes code base. This is as close as you get to the bleeding edge and we’re very interested to see where this goes.

read more

Kubernetes tilt.build

Local Kubernetes development without the stress

Tilt makes it possible to develop all your microservices locally in Kubernetes while collaborating with your team. You define a Tiltfile that describes how your services fit together (which is supposed to be pretty straight forward if you already have a Dockerfile and a Kubernetes config), then share it with your team. Everyone runs tilt up and the app is up and running on their localhost. No more “it worked on my machine” – everything runs in containers so the right dependencies are always there. Tilt updates with container optimization tricks & best practices, so that even complex projects update in seconds.

read more

0:00 / 0:00