Skip to content

Kubernetes. “Kubernetes is not for application development but for platform development” (Kelsey Hightower)

Kubernetes magic is in enterprise standardization, not app portability ๐ŸŒŸ

Certified Kubernetes Offerings

Channel based messaging platform

The State of Cloud-Native Development. Details data on the use of Kubernetes, serverless computing and more

Kubernetes Failure Stories

Kubernetesbyexample

Kubernetes README

Kubernetes open-source container-orchestation

Kubernetes architecture

10 most common mistakes

5 Open-source projects that make #Kubernetes even better

kubernetes arch multicloud hybrid


Kubernetes API

Kubernetes Releases

Namespaces

Kubernetes Best Practices and Tips

Disruptions

Cost Estimation Strategies

kubecost

Kubernetes Resource and Capacity Management. Capacity Planning

Kubernetes Monitoring

Logging in Kubernetes

ECK Elastic Cloud on Kubernetes

Health Checks

Architecting Kubernetes clusters

Templating YAML in Kubernetes with real code. YQ YAML processor

Kubernetes Limits

Kube Scheduler

Kubernetes Knowledge Hubs

Kubectl commands

Kubectl Cheat Sheets

Kubectl explain

for r in $(kubectl api-resources|grep -v ^N|awk '{print $1}');do kubectl explain $r --recursive;done

Kubectl Autocomplete

source <(kubectl completion bash) # setup autocomplete in bash into the current shell, bash-completion package should be installed first.
echo "source <(kubectl completion bash)" >> ~/.bashrc # add autocomplete permanently to your bash shell.

You can also use a shorthand alias for kubectl that also works with completion:

alias k=kubectl
complete -F __start_kubectl k

List all resources and sub resources that you can constrain with RBAC

  • kind of a handy way to see all thing things you can affect with Kubernetes RBAC. This will list all resources and sub resources that you can constrain with RBAC. If you want to see just subresources append “| grep {name}/”:
kubectl get --raw /openapi/v2  | jq '.paths | keys[]'

Copy a configMap in kubernetes between namespaces

  • Copy a configMap in kubernetes between namespaces with deprecated “–export” flag:
kubectl get configmap --namespace=<source> <configmap> --export -o yaml | sed "s/<source>/<dest>/" | kubectl apply --namespace=<dest> -f -
kubectl get configmap <configmap-name> --namespace=<source-namespace> -o yaml | sed โ€˜s/namespace: <from-namespace>/namespace: <to-namespace>/โ€™ | kubectl create -f

Copy secrets in kubernetes between namespaces

kubectl get secret <secret-name> --namespace=<source>โ€Š-o yaml | sed โ€˜s/namespace: <from-namespace>/namespace: <to-namespace>/โ€™ | kubectl create -f

Export resources with kubectl and python

Buildkit CLI for kubectl a drop in replacement for docker build

Kubectl Alternatives

Manage Kubernetes (K8s) objects with Ansible Kubernetes Module

Jenkins Kubernetes Plugins

Self Service Kubernetes Namespaces

Client Libraries for Kubernetes

Helm Kubernetes Tool

Kubernetes Development Tools. Kubernetes clients and dashboards

Okteto local kubernetes development

Lens Kubernetes IDE

lens ide

Kubenav

  • kubenav is the navigator for your Kubernetes clusters right in your pocket. kubenav is a mobile, desktop and web app to manage Kubernetes clusters and to get an overview of the status of your resources.

Cloud Manager

Skaffold. Local Kubernetes Development

Kind

  • Kind is a tool for running local Kubernetes clusters using Docker container โ€œnodesโ€. kind was primarily designed for testing Kubernetes itself, but may be used for local development or CI.

Autoscaling

Cluster Autoscaler Kubernetes Tool

HPA and VPA

Cluster Autoscaler and Helm

Cluster Autoscaler and DockerHub

Cluster Autoscaler in GKE, EKS, AKS and DOKS

Cluster Autoscaler in OpenShift

Kubernetes Load Testing and High Load Tuning

Extending Kubernetes

Adding Custom Resources. Extending Kubernetes API with Kubernetes Resource Definitions. CRD vs Aggregated API

  • Custom Resources
  • itnext.io: CRD is just a table in Kubernetes
  • Use a custom resource (CRD or Aggregated API) if most of the following apply:
    • You want to use Kubernetes client libraries and CLIs to create and update the new resource.
    • You want top-level support from kubectl; for example, kubectl get my-object object-name.
    • You want to build new automation that watches for updates on the new object, and then CRUD other objects, or vice versa.
    • You want to write automation that handles updates to the object.
    • You want to use Kubernetes API conventions like .spec, .status, and .metadata.
    • You want the object to be an abstraction over a collection of controlled resources, or a summarization of other resources.
  • Kubernetes provides two ways to add custom resources to your cluster:
    • CRDs are simple and can be created without any programming.
    • API Aggregation requires programming, but allows more control over API behaviors like how data is stored and conversion between API versions.
  • Kubernetes provides these two options to meet the needs of different users, so that neither ease of use nor flexibility is compromised.
  • Aggregated APIs are subordinate API servers that sit behind the primary API server, which acts as a proxy. This arrangement is called API Aggregation (AA). To users, it simply appears that the Kubernetes API is extended.
  • CRDs allow users to create new types of resources without adding another API server. You do not need to understand API Aggregation to use CRDs.
  • Regardless of how they are installed, the new resources are referred to as Custom Resources to distinguish them from built-in Kubernetes resources (like pods).

Krew, a plugin manager for kubectl plugins

OpenKruise/Kruise

Crossplane, a Universal Control Plane API for Cloud Computing. Crossplane Workloads Definitions

Kubernetes Community

Community Forums

Kubernetes Special Interest Groups (SIGs)

Kubernetes SIG’s Repos

Kubectl Plugins


Enforcing Policies and governance for kubernetes workloads with Conftest

Kubernetes Backup and Migrations

Kubernetes Volume Snapshot

Backup with Trillio Cloud-Native Data Protection for Kubernetes, OpenStack and Virtualization

Backup with Kasten K10

Backup with Velero

Konveyor Open Source Migration Tool for Kubernetes

Kubernetes Troubleshooting

Debugging Techniques and Strategies. Debugging with ephemeral containers

learnk8s debug your pods

Kubernetes Tutorials

Online Training

Famous Kubernetes resources of 2019

Famous Kubernetes resources of 2020

K8s Diagrams

Kubernetes Patterns and Antipatterns. Service Discovery

Top 10 Kubernetes patterns

Books and e-Books

Famous Kubernetes resources of 2019

Kubernetes: Up and Running

Kubernetes Patterns eBooks

Kubernetes Operators

Operator Capability Levels

  • Operator Capability Levels Operators come in different maturity levels in regards to their lifecycle management capabilities for the application or workload they deliver. The capability models aims to provide guidance in terminology to express what features users can expect from an Operator.

Cluster Addons

  • Cluster Addons ๐ŸŒŸ With cluster addon operators, we are exploring a kubernetes-native way of managing addons using CRDs(Custom Resource Definitions) and controllers where the controllers encode how best to manage the addon. Installing and managing an addon could be as simple as creating a custom resource.

K8Spin Operator. Kubernetes multi-tenant operator

Flux. The GitOps Operator for Kubernetes

K8s KPIs with Kuberhealthy Operator

  • K8s KPIs with Kuberhealthy ๐ŸŒŸ transforming Kuberhealthy into a Kubernetes operator for synthetic monitoring. This new ability granted developers the means to create their own Kuberhealthy check containers to synthetically monitor their applications and clusters. Additionally, we created a guide on how to easily install and use Kuberhealthy in order to capture some helpful synthetic KPIs.

Writing Kubernetes Operators and Controllers

Kubernetes Networking

Gateway API

Multicloud communication for Kubernetes

Kubernetes Network Policy

Cilium

Kubernetes Ingress Specification

Xposer Kubernetes Controller To Manage Ingresses

  • Xposer ๐ŸŒŸ A Kubernetes controller to manage (create/update/delete) Kubernetes Ingresses based on the Service
    • Problem: We would like to watch for services running in our cluster; and create Ingresses and generate TLS certificates automatically (optional)
    • Solution: Xposer can watch for all the services running in our cluster; Creates, Updates, Deletes Ingresses and uses certmanager to generate TLS certificates automatically based on some annotations.

Software-Defined IP Address Management (IPAM)

  • IP Address Management (IPAM)
  • fusionlayer.com: Software-Defined IP Address Management (IPAM)
    • Cloud computing and service automation are changing the way in which applications and data are being delivered and consumed. The existing 30-year-old networking model is failing to keep up with the automated service architectures and the Internet of Things (IoT) based on end-to-end automation.
    • To facilitate the migration to cloud-era computing, service providers and data centers must add networking into the automated service workflows. This requires agility and elasticity that traditional networking products are not designed to provide. As IT environments of tomorrow involve a plethora of orchestrators and controllers spinning up services and applications inside shared networks, they all must be managed and provisioned by a unified solution authoritative for all network-related information.

CNI Container Networking Interface

List of existing CNI Plugins (IPAM)

kubernetes sdn solutions

Project Calico

DNS Service with CoreDNS

Kubernetes Node Local DNS Cache

Kubernetes Sidecars

Kubernetes Security

kubernetes security mindmap

Service Accounts

Kubernetes Secrets

Encrypting the certificate for Kubernetes. SSL certificates with Let’s Encrypt in Kubernetes Ingress via cert-manager

RBAC

Admission Control

Security Best Practices Across Build, Deploy, and Runtime Phases

  • Kubernetes Security 101: Risks and 29 Best Practices ๐ŸŒŸ
  • Build Phase:
    1. Use minimal base images
    2. Donโ€™t add unnecessary components
    3. Use up-to-date images only
    4. Use an image scanner to identify known vulnerabilities
    5. Integrate security into your CI/CD pipeline
    6. Label non-fixable vulnerabilities
  • Deploy Phase:
    1. Use namespaces to isolate sensitive workloads
    2. Use Kubernetes network policies to control traffic between pods and clusters
    3. Prevent overly permissive access to secrets
    4. Assess the privileges used by containers
    5. Assess image provenance, including registries
    6. Extend your image scanning to deploy phase
    7. Use labels and annotations appropriately
    8. Enable Kubernetes role-based access control (RBAC)
  • Runtime Phase:
    1. Leverage contextual information in Kubernetes
    2. Extend vulnerability scanning to running deployments
    3. Use Kubernetes built-in controls when available to tighten security
    4. Monitor network traffic to limit unnecessary or insecure communication
    5. Leverage process whitelisting
    6. Compare and analyze different runtime activity in pods of the same deployments
    7. If breached, scale suspicious pods to zero

kubernetes security controls landscape

Kubernetes Authentication and Authorization

Kubernetes Authentication Methods

Kubernetes supports several authentication methods out-of-the-box, such as X.509 client certificates, static HTTP bearer tokens, and OpenID Connect.

X.509 client certificates

Static HTTP Bearer Tokens

OpenID Connect

Implementing a custom Kubernetes authentication method

Pod Security Policies (SCCs - Security Context Constraints in OpenShift)

EKS Security

Kubernetes Scheduling and Scheduling Profiles

Assigning Pods to Nodes. Pod Affinity and Anti-Affinity

Pod Topology Spread Constraints and PodTopologySpread Scheduling Plugin

Kubernetes etcd

Kubernetes Storage

Kubernetes Volumes Guide

ReadWriteMany PersistentVolumeClaims

Non-production Kubernetes Local Installers. Kubernetes distributions for local environments

Telepresence local development for k8s and openshift microservices

Managed Kubernetes in Public Cloud

GKE vs EKS vs AKS

Other Managed Kubernetes

  • thenewstack.io: Otomi Container Platform Offers an Integrated Kubernetes Bundle If you want to enjoy the benefits of Kubernetes, configuring and installing the software itself can be just the first of many deeply technical and oftentimes confusing steps. To simplify this, many major cloud providers offer managed Kubernetes services, but even then you may need to install secondary services to handle tasks such as tracing, logging, monitoring, identity access management, and so on. The Otomi Container Platform looks to address this complexity by bundling together more than 30 different Kubernetes add-ons, as well as providing what it calls an โ€œOSX like interface,โ€ and today the project has open sourced a community edition under the Apache 2.0 license.

AWS EKS (Hosted/Managed Kubernetes on AWS)

Kubesphere

Tools for multi-cloud Kubernetes management

On-Premise Production Kubernetes Cluster Installers

Comparative Analysis of Kubernetes Deployment Tools

Deploying Kubernetes Cluster with Kops

C:\ubuntu> vagrant init ubuntu/xenial64
C:\ubuntu> vagrant up
C:\ubuntu> vagrant ssh-config
C:\ubuntu> vagrant ssh
$ curl -LO https://github.com/kubernetes/kops/releases/download/$(curl -s https://api.github.com/repos/kubernetes/kops/releases/latest | grep tag_name | cut -d '"' -f 4)/kops-linux-amd64
$ chmod +x kops-linux-amd64
$ sudo mv kops-linux-amd64 /usr/local/bin/kops

Deploying Kubernetes Cluster with Kubeadm

Deploying Kubernetes Cluster with Ansible

kube-aws Kubernetes on AWS

Kubespray

Conjure up

WKSctl

Terraform (kubernetes the hard way)

Caravan

ClusterAPI

Microk8s

k8s-tew

  • k8s-tew Kubernetes is a fairly complex project. For a newbie it is hard to understand and also to use. While Kelsey Hightowerโ€™s Kubernetes The Hard Way, on which this project is based, helps a lot to understand Kubernetes, it is optimized for the use with Google Cloud Platform.

Kubernetes Distributions

Red Hat OpenShift

Rancher

Weave Kubernetes Platform

Ubuntu Charmed Kubernetes

VMware Kubernetes Tanzu and Project Pacific

KubeAcademy Pro (free training)

Kontena Pharos

Mirantis Docker Enterprise with Kubernetes and Docker Swarm

  • Mirantis Docker Enterprise 3.1+ with Kubernetes
  • Docker Enterprise 3.1 announced. Features:
    • Istio is now built into Docker Enterprise 3.1!
    • Comes with Kubernetes 1.17. Kubernetes on Windows capability.
    • Enable Istio Ingress for a Kubernetes cluster with the click of a button
    • Intelligent defaults to get started quickly
    • Virtual services supported out of the box
    • Inbuilt support for GPU Orchestration
    • Launchpad CLI for Docker Enterprise deployment & upgrades

Mirantis k0s

K0s

Cloud Development Kit (CDK) for Kubernetes

  • cdk8s.io ๐ŸŒŸ Define Kubernetes apps and components using familiar languages. cdk8s is an open-source software development framework for defining Kubernetes applications and reusable abstractions using familiar programming languages and rich object-oriented APIs. cdk8s apps synthesize into standard Kubernetes manifests which can be applied to any Kubernetes cluster.
  • github.com/awslabs/cdk8s

AWS Cloud Development Kit (AWS CDK)

  • AWS: Introducing CDK for Kubernetes ๐ŸŒŸ
  • Traditionally, Kubernetes applications are defined with human-readable, static YAML data files which developers write and maintain. Building new applications requires writing a good amount of boilerplate config, copying code from other projects, and applying manual tweaks and customizations. As applications evolve and teams grow, these YAML files become harder to manage. Sharing best practices or making updates involves manual changes and complex migrations.
  • YAML is an excellent format for describing the desired state of your cluster, but it is does not have primitives for expressing logic and reusable abstractions. There are multiple tools in the Kubernetes ecosystem which attempt to address these gaps in various ways:
  • We realized this was exactly the same problem our customers had faced when defining their applications through CloudFormation templates, a problem solved by the AWS Cloud Development Kit (AWS CDK), and that we could apply the same design concepts from the AWS CDK to help all Kubernetes users.

SpringBoot with Docker

Docker in Docker

Serverless with OpenFaas and Knative

Serverless

Multi-Cluster Federation. Hybrid Cloud Setup Tools

KubeFed

KubeCarrier

Red Hat Operator Lifecycle Manager (OLM)

  • Red Hat OLM operator-lifecycle-manager is a management framework for extending Kubernetes with Operators. OLM extends Kubernetes to provide a declarative way to install, manage, and upgrade Operators and their dependencies in a cluster.

Crossplane

Istio Service Mesh

Kubernetes interview questions

Spanish Kubernetes Blogs

Container Ecosystem

Kubernetes components

Container Flowchart

Container flowchart

Kubernetes Scripts

Spot instances in Kubernetes

Pixie. Instantly troubleshoot applications on Kubernetes

Videos