kubernetes tools

Kubernetes tools

This list is being updated on regular basis General info https://kubernetesreadme.com/ Comparison https://learnk8s.io/research https://docs.google.com/spreadsheets/d/1RPpyDOLFmcgxMCpABDzrsBYWpPYCIBuvAoUQLwOGoQw/edit#gid=907731238 Hosting kapsule https://www.scaleway.com/en/ free https://cloud.okteto.com/ Secrets External secrets management integration with k8s https://github.com/godaddy/kubernetes-external-secrets Integrate Kubernetes with 1Password https://github.com/1Password/onepassword-operator Kubernetes mutating webhook for secrets-init injection https://github.com/doitintl/kube-secrets-init AWS EKS Secrets store CSI driver https://aws.amazon.com/blogs/security/how-to-use-aws-secrets-configuration-provider-with-kubernetes-secrets-store-csi-driver/ RBAC RBAC practices and tooling https://rbac.dev/ Visualize RBAC https://github.com/team-soteria/rback RBAC Manager is designed to simplify authorization in Kubernetes https://github....

May 9, 2022 · 2 min · Oleksandr Kulbida

K8s Security Best Practices

Keep the cloud provider platform secure Least privilege Secure traffic into cluster Run security test in development environments Mirror environments Cluster authentication & authorization Leverage OIDC for k8s authentication RBAC - define roles In cluster network/security/micro segmentation Prevent namespace-to-namespace communication Network policy Policy & Governance k8s admission controllers Read only Non-privileges ports Runtime security & monitoring...

August 7, 2022 · 1 min · Oleksandr Kulbida

Loki S3 Dynamodb

While using Loki with S3 and Dynamodb it’s mandatory to add provision_config details as default might affect your budget https://grafana.com/docs/loki/latest/configuration/#provision_config [provisioned_write_throughput: <int> | default = 3000] # DynamoDB table default read throughput. # CLI flag: -<prefix>.read-throughput [provisioned_read_throughput: <int> | default = 300]

October 26, 2022 · 1 min · Oleksandr Kulbida

Terraform Best Practices

Essentials Use remote state and state locking Agree on naming convention Use tags As a common sense, it’s highly recommended to reuse some matured modules such as VPC https://registry.terraform.io/ Keep your providers, modules versioned properly Keep each module in a separate repo. Usually it depends on project size, and we can use monorepo or single modules repo as well. Use pre-commit https://pre-commit.com/#install https://github.com/antonbabenko/pre-commit-terraform Must have hooks:...

August 12, 2021 · 1 min · Oleksandr Kulbida

Bigdata comparison within AWS,Azure,GCP

July 21, 2021 · 0 min · Oleksandr Kulbida

Database comparison within AWS,Azure,GCP

July 21, 2021 · 0 min · Oleksandr Kulbida

Aws vs Elasticsearch licensing

Recent elasticsearch licensing change ensures that the Beats modules are sending data to an officially supported versions of Elasticsearch and Kibana where Elastic can attest to the quality and scale of the products. Does AWS have any plans to fork a version filebeat? https://www.elastic.co/guide/en/beats/libbeat/current/breaking-changes-7.13.html https://www.reddit.com/r/aws/comments/nn95aq/elastic_has_broken_filebeat_as_of_713_it_no/ What are the alternatives? Host elasticsearch on EC2 instances, why not? CloudWatch, slow… https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_ES_Stream.html Kubernetes options like ECK or helm chart deployments…tricky for production usage Loki?...

July 7, 2021 · 1 min · Oleksandr Kulbida

AWS removes NAT Gateway’s dependence on Internet Gateway for Private communications

You can now launch NAT Gateways in your VPC without associating an internet gateway to your VPC. Internet Gateway is required to provide internet access to the NAT Gateway. However, some customers use their NAT Gateways with Transit Gateway or virtual private gateway to communicate privately with other VPCs or on-premises environments and thus, do not need an internet gateway attached to their VPCs. More details: https://aws.amazon.com/about-aws/whats-new/2021/06/aws-removes-nat-gateways-dependence-on-internet-gateway-for-private-communications/

June 17, 2021 · 1 min · Oleksandr Kulbida

What’s new in Grafana v8.0

What’s new in Grafana v8.0 Grafana includes built-in support for Prometheus Alertmanager. Once you add it as a data source, you can use the Grafana alerting UI to manage silences, contact points as well as notification policies. A drop down option in these pages allows you to switch between Grafana and any configured Alertmanager data sources. https://grafana.com/docs/grafana/latest/datasources/alertmanager/ Prometheus metrics browser https://grafana.com/docs/grafana/latest/datasources/prometheus/#metrics-browser More details: https://grafana.com/docs/grafana/latest/whatsnew/whats-new-in-v8-0/

June 8, 2021 · 1 min · Oleksandr Kulbida

AWS Load Balancer Controller version 2.2 now available with support for NLB instance targeting

https://aws.amazon.com/about-aws/whats-new/2021/05/aws-load-balancer-controller-version-2-2-available-support-nlb-instance/

May 24, 2021 · 1 min · Oleksandr Kulbida