This list is being updated on regular basis
General info https://kubernetesreadme.com/ Comparison API comparison https://kube-api.ninja/ https://learnk8s.io/research https://docs.google.com/spreadsheets/d/1RPpyDOLFmcgxMCpABDzrsBYWpPYCIBuvAoUQLwOGoQw/edit#gid=907731238 Hosting kapsule https://www.scaleway.com/en/ free https://cloud.okteto.com/ Secrets External secrets management integration with k8s https://github.com/godaddy/kubernetes-external-secrets Integrate Kubernetes with 1Password https://github.com/1Password/onepassword-operator Kubernetes mutating webhook for secrets-init injection https://github.com/doitintl/kube-secrets-init AWS EKS Secrets store CSI driver https://aws.amazon.com/blogs/security/how-to-use-aws-secrets-configuration-provider-with-kubernetes-secrets-store-csi-driver/ RBAC RBAC practices and tooling https://rbac.dev/ Visualize RBAC https://github.com/team-soteria/rback RBAC Manager is designed to simplify authorization in Kubernetes https://github....
k8s security best practices
Keep the cloud provider platform secure
Least privilege Secure traffic into cluster Run security test in development environments
Mirror environments Cluster authentication & authorization
Leverage OIDC for k8s authentication RBAC - define roles In cluster network/security/micro segmentation
Prevent namespace-to-namespace communication Network policy Policy & Governance
k8s admission controllers
Read only Non-privileges ports Runtime security & monitoring...
k8s 1.30 version
Reasons to upgrade to k8s 1.30 Container resource based autoscaling Container resource based autoscaling is now promoted to stable https://github.com/kubernetes/enhancements/issues/1610 Horizontal Pod Autoscaler examines the total resource usage of the entire pod i.e. sum of all containers and scale pods based on average CPU or memory usage. Container resource based autoscaling feature allows HPA to scale workloads based on the resource usage of individual containers within a pod, instead of the aggregated usage of all containers in the pod...
k8s InPlacePodVerticalScaling
Kubernetes InPlacePodVerticalScaling feature
Kubernetes v1.27 introduces InPlacePodVerticalScaling, allowing seamless pod resource resizing without restarts
Enhanced Continuity: Eliminates the downtime and potential data loss caused by pod restart
Cost Savings: Avoid overprovisioning and optimizing resource usage. InPlacePodVerticalScaling lets you allocate resources precisely as needed
In this example for pod memory resources configuration, the resizePolicy indicates that changes to the memory allocation require a restart of the container, and for CPU resources the restart is not necessary during resizing....
Resolving Helm issues after kubernetes upgrade
After upgrading Kubernetes (k8s), you might encounter errors such as no matches for kind "Deployment" in version "apps/v1beta1". These errors typically indicate that certain resources have become deprecated. To resolve these issues without the need to delete your Helm chart, you can follow this simple solution:
helm plugin install https://github.com/helm/helm-mapkubeapis helm mapkubeapis <releasename> helm upgrade <releasename> It’s important to note that you may still need to update your Helm chart templates, especially if there have been structural changes between versions....
EKS expose pods through cross-account Load balancer
Expose Amazon EKS pods through cross-account load balancer
https://aws.amazon.com/blogs/containers/expose-amazon-eks-pods-through-cross-account-load-balancer/
Amazon Elastic Kubernetes Service (Amazon EKS) now supports using the Amazon EKS console, CLI, and API to install and manage CoreDNS and kube-proxy in addition to existing support for the Amazon VPC CNI networking plugin.
https://aws.amazon.com/about-aws/whats-new/2021/05/eks-add-ons-now-support-coredns-kube-proxy/
https://docs.aws.amazon.com/eks/latest/userguide/eks-add-ons.html
Kubecon2021
Full list of videos from KubeCon 2021 Europe
https://www.youtube.com/playlist?list=PLj6h78yzYM2MqBm19mRz9SYLsw4kfQBrC
AWS Secrets CSI for EKS
How to use AWS Secrets & Configuration Provider with your Kubernetes Secrets Store CSI driver. One more example of kubernetes secrets management among vault, external-secrets and 1password operator 😅
https://aws.amazon.com/blogs/security/how-to-use-aws-secrets-configuration-provider-with-kubernetes-secrets-store-csi-driver/