kubernetes

This list is being updated on regular basis General info https://kubernetesreadme.com/ Comparison API comparison https://kube-api.ninja/ https://learnk8s.io/research https://docs.google.com/spreadsheets/d/1RPpyDOLFmcgxMCpABDzrsBYWpPYCIBuvAoUQLwOGoQw/edit#gid=907731238 Hosting kapsule https://www.scaleway.com/en/ free https://cloud.okteto.com/ Secrets External secrets management integration with k8s https://github.com/godaddy/kubernetes-external-secrets Integrate Kubernetes with 1Password https://github.com/1Password/onepassword-operator Kubernetes mutating webhook for secrets-init injection https://github.com/doitintl/kube-secrets-init AWS EKS Secrets store CSI driver https://aws.amazon.com/blogs/security/how-to-use-aws-secrets-configuration-provider-with-kubernetes-secrets-store-csi-driver/ RBAC RBAC practices and tooling https://rbac.dev/ Visualize RBAC https://github.com/team-soteria/rback RBAC Manager is designed to simplify authorization in Kubernetes https://github....

Keep the cloud provider platform secure Least privilege Secure traffic into cluster Run security test in development environments Mirror environments Cluster authentication & authorization Leverage OIDC for k8s authentication RBAC - define roles In cluster network/security/micro segmentation Prevent namespace-to-namespace communication Network policy Policy & Governance k8s admission controllers Read only Non-privileges ports Runtime security & monitoring...

VolSync is a Kubernetes operator that asynchronously replicates persistent volumes between clusters using rsync or rclone. It also supports creating backups of persistent volumes via restic. Key Features: Asynchronous replication between Kubernetes clusters Multiple replication methods: rsync, rclone, restic Disaster recovery and data protection Cross-cluster data migration Backup and restore capabilities Installation: Install VolSync via Helm: helm repo add backube https://backube.github.io/helm-charts/ helm install --create-namespace -n volsync-system volsync backube/volsync Migrating Data into Kubernetes:...

AWS Certificate Manager (ACM) now supports automated certificate management for Kubernetes workloads through AWS Controllers for Kubernetes (ACK). Previously, using ACM certificates in Kubernetes required manual steps: exporting certificates via API, creating Kubernetes Secrets, and manually updating them at renewal. With ACK, you can define certificates as Kubernetes resources, and the controller automates the complete lifecycle - requesting, exporting, creating Secrets, and auto-updating at renewal. This works for both public certificates (ACM exportable certificates) and private certificates (AWS Private CA), enabling automated certificate management for:...

Disclaimer: here you might not find something new if you know 12 factors app. The 12-factor app methodology 12factor.net, is a set of principles designed to enable applications to be built with portability and resilience when deployed to the web. These principles focus on declarative formats for automation, clean contracts with the operating system, and suitability for deployment on modern cloud platforms, thus minimizing divergence between development and production, enabling continuous deployment for maximum agility....

Reasons to upgrade to k8s 1.30 Container resource based autoscaling Container resource based autoscaling is now promoted to stable https://github.com/kubernetes/enhancements/issues/1610 Horizontal Pod Autoscaler examines the total resource usage of the entire pod i.e. sum of all containers and scale pods based on average CPU or memory usage. Container resource based autoscaling feature allows HPA to scale workloads based on the resource usage of individual containers within a pod, instead of the aggregated usage of all containers in the pod...

Kubernetes InPlacePodVerticalScaling feature Kubernetes v1.27 introduces InPlacePodVerticalScaling, allowing seamless pod resource resizing without restarts Enhanced Continuity: Eliminates the downtime and potential data loss caused by pod restart Cost Savings: Avoid overprovisioning and optimizing resource usage. InPlacePodVerticalScaling lets you allocate resources precisely as needed In this example for pod memory resources configuration, the resizePolicy indicates that changes to the memory allocation require a restart of the container, and for CPU resources the restart is not necessary during resizing....

After upgrading Kubernetes (k8s), you might encounter errors such as no matches for kind "Deployment" in version "apps/v1beta1". These errors typically indicate that certain resources have become deprecated. To resolve these issues without the need to delete your Helm chart, you can follow this simple solution: helm plugin install https://github.com/helm/helm-mapkubeapis helm mapkubeapis <releasename> helm upgrade <releasename> It’s important to note that you may still need to update your Helm chart templates, especially if there have been structural changes between versions....

Expose Amazon EKS pods through cross-account load balancer https://aws.amazon.com/blogs/containers/expose-amazon-eks-pods-through-cross-account-load-balancer/

Simplified EKS access https://aws.amazon.com/about-aws/whats-new/2023/12/amazon-eks-controls-iam-cluster-access-management/ https://aws.amazon.com/blogs/containers/a-deep-dive-into-simplified-amazon-eks-access-management-controls/ https://github.com/hashicorp/terraform-provider-aws/issues/34982