awesome-kubernetes/docs/kubernetes.md

Kubernetes. "Kubernetes is not for application development but for platform development" (Kelsey Hightower)

[Kubernetes magic is in enterprise standardization, not app portability 🌟](https://www.techrepublic.com/article/kubernetes-magic-is-in-enterprise-standardization-not-app-portability/)

• Kubernetes Jobs Market
• Certified Kubernetes Offerings
• Channel based messaging platform
• The State of Cloud-Native Development. Details data on the use of Kubernetes, serverless computing and more
• Kubernetes Failure Stories
• Kubernetesbyexample
• Kubernetes README
• Kubernetes open-source container-orchestation
  • Kubernetes API
  • Kubernetes Releases
  • Namespaces
  • Kubernetes Best Practices and Tips
  • Disruptions
  • Cost Estimation Strategies
  • Kubernetes Node Size
    • kubecost
  • Kubernetes Resource and Capacity Management. Capacity Planning
  • Kubernetes Monitoring
    • Logging in Kubernetes
    • ECK Elastic Cloud on Kubernetes
  • Health Checks
  • Architecting Kubernetes clusters
  • Templating YAML in Kubernetes with real code. YQ YAML processor
  • Kubernetes Limits
  • Kube Scheduler
  • Kubernetes Knowledge Hubs
• Kubectl commands
  • Kubectl Cheat Sheets
  • Kubectl explain
  • Kubectl Autocomplete
  • List all resources and sub resources that you can constrain with RBAC
  • Copy a configMap in kubernetes between namespaces
  • Copy secrets in kubernetes between namespaces
  • Export resources with kubectl and python
  • Buildkit CLI for kubectl a drop in replacement for docker build
  • Kubectl Alternatives
    • Manage Kubernetes (K8s) objects with Ansible Kubernetes Module
    • Jenkins Kubernetes Plugins
• Self Service Kubernetes Namespaces
• Client Libraries for Kubernetes
• Helm Kubernetes Tool
• Kubernetes Development Tools. Kubernetes clients and dashboards
  • Okteto local kubernetes development
  • Lens Kubernetes IDE
  • Kubenav
  • Cloud Manager
  • Skaffold. Local Kubernetes Development
  • Kind
• Autoscaling
  • Cluster Autoscaler Kubernetes Tool
  • HPA and VPA
  • Cluster Autoscaler and Helm
  • Cluster Autoscaler and DockerHub
  • Cluster Autoscaler in GKE, EKS, AKS and DOKS
  • Cluster Autoscaler in OpenShift
  • Kubernetes Load Testing and High Load Tuning
• Extending Kubernetes
  • Adding Custom Resources. Extending Kubernetes API with Kubernetes Resource Definitions. CRD vs Aggregated API
  • Krew, a plugin manager for kubectl plugins
  • OpenKruise/Kruise
  • Crossplane, a Universal Control Plane API for Cloud Computing. Crossplane Workloads Definitions
• Kubernetes Community
  • Community Forums
  • Kubernetes Special Interest Groups (SIGs)
    • Kubernetes SIG's Repos
    • Kubectl Plugins
• Enforcing Policies and governance for kubernetes workloads with Conftest
• Kubernetes Backup and Migrations
  • Kubernetes Volume Snapshot
  • Backup with Trillio Cloud-Native Data Protection for Kubernetes, OpenStack and Virtualization
  • Backup with Kasten K10
  • Backup with Velero
  • Konveyor Open Source Migration Tool for Kubernetes
• Kubernetes Troubleshooting
  • Debugging Techniques and Strategies. Debugging with ephemeral containers
• Kubernetes Tutorials
  • Online Training
  • Famous Kubernetes resources of 2019
  • Famous Kubernetes resources of 2020
  • K8s Diagrams
• Kubernetes Patterns and Antipatterns. Service Discovery
• Books and e-Books
  • Famous Kubernetes resources of 2019
  • Kubernetes Patterns eBooks
• Kubernetes Operators and Controllers
  • Operator Capability Levels
  • Cluster Addons
  • K8Spin Operator. Kubernetes multi-tenant operator
  • Flux. The GitOps Operator for Kubernetes
  • K8s KPIs with Kuberhealthy Operator
  • Writing Kubernetes Operators and Controllers
• Kubernetes Networking
  • Gateway API
  • Multicloud communication for Kubernetes
  • Kubernetes Network Policy
    • Cilium
  • Kubernetes Ingress Specification
  • Xposer Kubernetes Controller To Manage Ingresses
  • Software-Defined IP Address Management (IPAM)
  • CNI Container Networking Interface
    • List of existing CNI Plugins (IPAM)
    • Project Calico
  • DNS Service with CoreDNS
  • Kubernetes Node Local DNS Cache
• Kubernetes Sidecars
• Kubernetes Security
  • Service Accounts
  • Kubernetes Secrets
  • Encrypting the certificate for Kubernetes. SSL certificates with Let's Encrypt in Kubernetes Ingress via cert-manager
  • RBAC
  • Admission Control
  • Security Best Practices Across Build, Deploy, and Runtime Phases
  • Kubernetes Authentication and Authorization
    • Kubernetes Authentication Methods
    • X.509 client certificates
    • Static HTTP Bearer Tokens
    • OpenID Connect
    • Implementing a custom Kubernetes authentication method
  • Pod Security Policies (SCCs - Security Context Constraints in OpenShift)
  • EKS Security
• Kubernetes Scheduling and Scheduling Profiles
  • Assigning Pods to Nodes. Pod Affinity and Anti-Affinity
  • Pod Topology Spread Constraints and PodTopologySpread Scheduling Plugin
• Kubernetes etcd
• Kubernetes Storage
  • Kubernetes Volumes Guide
  • ReadWriteMany PersistentVolumeClaims
• Non-production Kubernetes Local Installers. Kubernetes distributions for local environments
  • Telepresence local development for k8s and openshift microservices
• Managed Kubernetes in Public Cloud
  • GKE vs EKS vs AKS
  • Other Managed Kubernetes
  • AWS EKS (Hosted/Managed Kubernetes on AWS)
  • Kubesphere
  • Tools for multi-cloud Kubernetes management
• On-Premise Production Kubernetes Cluster Installers
  • Comparative Analysis of Kubernetes Deployment Tools
  • Deploying Kubernetes Cluster with Kops
  • Deploying Kubernetes Cluster with Kubeadm
  • Deploying Kubernetes Cluster with Ansible
  • kube-aws Kubernetes on AWS
  • Kubespray
  • Conjure up
  • WKSctl
  • Terraform (kubernetes the hard way)
  • Caravan
  • ClusterAPI
  • Microk8s
  • k8s-tew
  • Kubernetes Operating Systems
  • Kubernetes Distributions
    • Red Hat OpenShift
    • Rancher
    • Weave Kubernetes Platform
    • Ubuntu Charmed Kubernetes
    • VMware Kubernetes Tanzu and Project Pacific
      • KubeAcademy Pro (free training)
    • Kontena Pharos
    • Mirantis Docker Enterprise with Kubernetes and Docker Swarm
    • Mirantis k0s
    • K0s
• Cloud Development Kit (CDK) for Kubernetes
  • AWS Cloud Development Kit (AWS CDK)
• SpringBoot with Docker
• Docker in Docker
• Serverless with OpenFaas and Knative
• Multi-Cluster Federation. Hybrid Cloud Setup Tools
  • KubeFed
  • KubeCarrier
  • Red Hat Operator Lifecycle Manager (OLM)
  • Crossplane
  • Istio Service Mesh
• Kubernetes interview questions
• Kubernetes Blogs
• Spanish Kubernetes Blogs
• Container Ecosystem
• Container Flowchart
• Kubernetes Scripts
• Spot instances in Kubernetes
• Pixie. Instantly troubleshoot applications on Kubernetes
• Kubernetes Incident Report Plan IRP
• Videos

Kubernetes Jobs Market

• kube.careers: Kubernetes jobs market (Q2 2021) 🌟 We analyzed all the 113 Kubernetes jobs posted in the past 3 months (Apr-May-Jun 2021) and extracted metrics for:
  • Kubernetes salary ranges
  • Remote vs office offers
  • Popular cloud providers

Certified Kubernetes Offerings

• Certified Kubernetes offerings 🌟

Channel based messaging platform

• kubernetes.slack.com

The State of Cloud-Native Development. Details data on the use of Kubernetes, serverless computing and more

• Cloud-Native Development Survey Details Kubernetes, Serverless Data 🌟

Kubernetes Failure Stories

• k8s.af 🌟

Kubernetesbyexample

• kubernetesbyexample.com 🌟🌟🌟 A free learning platform covering the fundamentals of how to develop, deploy, manage, and automate containers in cloud-native environments.

Kubernetes README

• kubernetesreadme.com 🌟 What to Read to Learn More About Kubernetes

Kubernetes open-source container-orchestation

• Wikipedia.org: Kubernetes
• kubernetes.io
• unofficial-kubernetes.readthedocs.io
• Awesome kubernetes 🌟
• https://www.reddit.com/r/kubernetes 🌟
• stackify.com: The Advantages of Using Kubernetes and Docker Together 🌟
• Ansible for devops: Kubernetes
• kubedex.com 🌟 Discover, Compare and Share Kubernetes Applications
  • kubedex.com: autoscaling 🌟
• medium.com: The Kubernetes Scheduler: this series aims to advance the understanding of Kubernetes and its underlying concepts
• opensource.com: How the Kubernetes scheduler works 🌟 Understand how the Kubernetes scheduler discovers new pods and assigns them to nodes.
• medium.com: A Year Of Running Kubernetes at MYOB, And The Importance Of Empathy
• blogs.mulesoft.com - K8s: 8 questions about Kubernetes
• labs.mwrinfosecurity.com: Attacking Kubernetes through Kubelet
• medium.com: Kubernetes Canary Deployment #1 Gitlab CI
• kubernetes-on-aws.readthedocs.io
• techbeacon.com: Why teams fail with Kubernetes—and what to do about it 🌟
• itnext.io: Kubernetes rolling updates, rollbacks and multi-environments 🌟
• learnk8s.io: Load balancing and scaling long-lived connections in Kubernetes 🌟
• itnext.io: Successful & Short Kubernetes Stories For DevOps Architects
• itnext.io: K8s Vertical Pod Autoscaling 🌟
• medium.com: kubernetes Pod Priority and Preemption
• returngis.net: Pruebas de vida de nuestros contenedores en Kubernetes
• itnext.io: K8s prevent queue worker Pod from being killed during deployment How to prevent a Kubernetes (like RabbitMQ) queue worker Pod from being killed during deployment while handling a message?
• youtube: deployment strategies in kubernetes | recreate | rolling update | blue/green | canary
• kodekloud.com: Kubernetes Features Every Beginner Must Know
• platform9.com: Kubernetes CI/CD Pipelines at Scale
• 4 trends for Kubernetes cloud-native teams to watch in 2020
• enterprisersproject.com: Kubernetes: Everything you need to know (2020) 🌟
• learnk8s.io: Provisioning cloud resources (AWS, GCP, Azure) in Kubernetes 🌟
• padok.fr: Kubernetes’ Architecture: Understanding the components and structure of clusters 🌟
• Allocatable memory and CPU in Kubernetes Nodes 🌟 Not all CPU and memory in your Kubernetes nodes can be used to run Pods. In this article, you will learn how managed Kubernetes Services such AKS, EKS and GKE reserve resources for workloads, operating systems, daemons and Kubernetes agent.
• 5 open source projects that make Kubernetes even better: Prometheus, Operator framework, Knative, Tekton, Kubeflow 🌟 Open source projects bring many additional capabilities to Kubernetes, such as performance monitoring, developer tools, serverless capabilities, and CI/CD workflows. Check out these five widely used options
• medium: How to Deploy a Web Application with Kubernetes 🌟 Learn how to create a Kubernetes cluster from scratch and deploy a web application (SPA+API) in two hours.
• blog.pipetail.io: 10 most common mistakes using kubernetes 🌟
• 4 trends for Kubernetes cloud-native teams to watch in 2020 🌟 Today's software architectural landscape seems to change like the weather. Stay ahead of the curve with these cloud-related trends, including GitOps and service meshes.
• opensource.com: A beginner's guide to Kubernetes container orchestration Understanding the building blocks of container orchestration makes it easier to get started with Kubernetes.
• thenewstack.io: 5 Best Practices for Configuring Kubernetes Pods Running in Production
• Creating a Kubernetes cloud provider, doesn't required boiling the ocean 🌟
• medium: How to configure and manage Pod in Kubernetes Cluster (K8s) There are two types of Pods: Single container pod & Multi container pod.
• opensource.com: 5 ways to boost your Kubernetes knowledge
• kinvolk.io: Investigating Kubernetes performance issues with BPF 🌟
• blog.container-solutions.com: 7 Cloud Native Trends to Watch in 2020 🌟
• snyk.io: Shipping Kubernetes-native applications with confidence
• medium: Delivering value on Kubernetes
• medium: 10 Most Common Mistakes When Using Kubernetes 🌟 Avoid your cluster from falling over in production by implementing these best practices
• dev.to: Open a command prompt in a Kubernetes cluster This starts up a pod (in the default namespace by default) and opens a command line in the given container. As I'm running as root, I can install anything I need for debugging and testing right in my cluster.
• medium: 5 Things We Overlooked When Deploying Our First App on Kubernetes 🌟
• opensource.com: Explaining Kubernetes in 10 minutes using an analogy
• itnext.io: Kubernetes is Hard!
• medium: The Kubernetes Cloud Controller Manager
• howtoforge.com: How to create Multi-Container Pods in Kubernetes
• blocksandfiles.com: Kubernetes is in a bit of state about state Kubernetes is “four to five years away” from being a stable distribution capable of running stateful apps, according to Redis Labs chief product officer Alvin Richards.
• 10 most common mistakes when using Kubernetes 🌟🌟
  • resources - requests and limits
  • liveness and readiness probes
  • LoadBalancer for every http service
  • non-kubernetes-aware cluster autoscaling
  • Not using the power of IAM/RBAC
• Architecting Kubernetes clusters — choosing a cluster size 🌟 This article discusses the pros and cons of having either many small clusters or few large clusters for running a given set of apps.d
• medium: Deploying Kubernetes — Deciding the size of your nodes 🌟
• medium: A Practical Step-by-Step Guide to Understanding Kubernetes Deploy a distributed application and understand key underlying concepts.
• medium: Kubernetes, a practical introduction
• medium: Kubernetes Deployment: Connect Your Front End to Your Back End With Nginx
• learnk8s.iod: Kubernetes production best practices 🌟🌟 A curated checklist of best practices designed to help you release to production.
• itnext.io: Automating System Updates for Kubernetes Clusters using Ansible
• medium: Starting with kubernetes
• Discovering Running Pods By Using DNS and Headless Services in Kubernetes When retrieving all service’s connected pods is desired
• itnext.io: Kubernetes is Hard! 🌟 But, where there’s Kubernetes, there’s a way!
• How we learned to improve Kubernetes CronJobs at Scale (Part 1 of 2)
  • How we learned to improve Kubernetes CronJobs at Scale (Part 2 of 2)
• thenewstack.io: Kubernetes Is the New Standard for Computing, Including the Edge
• enterprisersproject.com: Managing Kubernetes resources: 5 things to remember Kubernetes automates much of the work of managing containers at scale. But containerized applications commonly share pooled resources, so you need to allocate and manage them properly
• Kubernetes Tip: What Happens To Pods Running On Node That Become Unreachable?
• hackernoon.com: How To Deploy Code Faster Using Kubernetes
• How to handle environment variables with Kubernetes? 🌟
• Liveness and Readiness Probes for Kubernetes in Phoenix application
• Kubernetes Liveness and Readiness Probes
• learnk8s.io: Graceful shutdown and zero downtime deployments in Kubernetes 🌟🌟
• kubernetes.io: Introducing Hierarchical Namespaces
• medium: Kubernetes Pod Redundancy Strategies
• sbg.technology: Zero-Downtime Kubernetes Deployments
• medium: Then he asked me “Is Kubernetes right for us?”
• thenewstack.io: How does kubernetes work?
• elmanytas.es: Kubernetes para impostores III
• loft.sh: Kubernetes: Virtual Clusters For CI/CD & Testing
• medium: Mastering the KUBECONFIG file
• luminousmen.com: Kubernetes 101
• thenewstack.io: How do applications run on kubernetes? 🌟
• deepsource.io: Breaking down zero downtime deployments in Kubernetes 🌟 An in-depth analysis of deployments in Kubernetes
• ronaknathani.com: How a Kubernetes Pod Gets an IP Address 🌟
• eevans.co: Deconstructing Kubernetes Networking
• externalTrafficPolicy=local on kubernetes. How to preserve the source IP in kubernetes externalTrafficPolicy=local is an annotation on the Kubernetes service resource that can be set to preserve the client source IP. When it is set, the actual IP address of a client is propagated to the K8s service instead of the IP address of the node.
• medium: Single Sign-On in Kubernetes 🌟
• jfrog.com: Kubernetes in Production with Jessica Deen at swampUP 2020
• itnext.io: Writing a Kubernetes CLI in Go
• medium: Discovering Running Pods By Using DNS and Headless Services in Kubernetes 🌟 When retrieving all service’s connected pods is desired.
• semaphoreci.com: Continuous Blue-Green Deployments With Kubernetes 🌟
• iximiuz.com: Service proxy, pod, sidecar, oh my!
• medium: 3 Years of Kubernetes in Production–Here’s What We Learned 🌟
• linuxadvise.com: Kubernetes Node Selectors
• linuxadvise.com: Kubernetes Node Affinity
• linuxadvise.com: Kubernetes Daemon Sets
• linuxadvise.com: Kubernetes Static Pods
• linuxadvise.com: Kubernetes Config Maps
• linuxadvise.com: Kubernetes Rolling Updates and Rollbacks
• linuxadvise.com: Kubernetes Secrets
• linuxadvise.com: Kubernetes Pod Security Policy
• thenewstack.io: How do applications run on kubernetes?
• medium: Kubernetes — Learn Init Container Pattern Understanding Init Container Pattern With an Example Project.
• Get kubectl access to your private cluster from anywhere This tutorial shows you how to expose your private Kubernetes API server to the Internet, so that you can manage your cluster from anywhere, just like you would with a cloud offering.
• Zero-Downtime Kubernetes Deployments
• enterprisersproject.com: How to explain Kubernetes in plain English How do you explain Kubernetes and orchestration to non-technical people? Listen to the experts
• medium: How to setup Hetzner load balancer on a Kubernetes cluster
• revistacloudcomputing.com: Los mejores proveedores de Kubernetes
• Virtual Clusters for Kubernetes — Benefits and Use Cases Virtual Kubernetes clusters could be the next driver for Kubernetes adoption.
• medium: Kubernetes Tip: How Statefulsets Behave Differently Than Deployments When Node Fails? 🌟 What happens to the Pods when a node fails in Kubernetes?
• thenewstack.io: 4 ways to run kubernetes in production 🌟
• linuxtechi.com: How to Setup Private Docker Registry in Kubernetes (k8s)
• Hierarchical namespaces make it easier to share your Kubernetes cluster. For example, you can create additional namespaces under your team's namespace, even if you don't have cluster-level permission to create namespaces
• Our Journey to Zero Downtime Rolling Updates with Ambassador In this article you will cover: How Kubernetes lifecycle hooks can be used to shutdown applications gracefully. How pods are removed from the system and why it is necessary to understand and carefully handle the shutdown sequence appropriately.
• k21academy.com: Kubernetes Architecture. An Introduction to Kubernetes Components
• thenewstack.io: How do applications run on kubernetes
• blog.mayadata.io: Kubernetes storage basics: PV, PVC and StorageClass 🌟
• itnexst.io: Docker and Kubernetes — root vs. privileged
• medium: ConfigMaps in Kubernetes: how they work and what you should remember 🌟
• medium: Individual Kubernetes Clusters vs. Shared Kubernetes Clusters for Development
• medium: Kubernetes Multi-Tenancy — A Best Practices Guide 🌟
• medium: Better Debugging Environment for your Micro-Services
• Getting a shell on each node Learn how you can use a DaemonSet to expose an SSH shell on each node of your cluster (even if you don't have SSH installed)
• medium: Virtual Clusters for Kubernetes — Benefits and Use Cases Virtual Kubernetes clusters could be the next driver for Kubernetes adoption
• devcentral.f5.com: What is Kubernetes?
• docs.google.com: Kubernetes For Everyone 🌟🌟 A consolidated document on Kubernetes by: Pavan Belagatti
• blog.sighup.io: Hierarchical Namespace Controller (HNC): a look into the future of Kubernetes Multitenancy Hierarchical Namespace Controller (HNC) is bringing a better multi-tenancy model to Kubernetes. In this article we are exploring the current state of the project and useful use-cases.
• thenewstack.io: Who Needs a Dashboard? Why the Kubernetes Command Line Is Not Enough
• medium: Discovering Running Pods By Using DNS and Headless Services in Kubernetes
• itnext.io: Writing a Kubernetes CLI in Go
• medium: Create a Custom Annotation for the Kubernetes ingress-nginx Controller
• containerjournal.com: Overcoming Kubernetes Infrastructure Challenges
• gravitational.com: How to Set Up Kubernetes SSO with SAML
• redhat.com: Kubernetes basics for sysadmins Learn when Kubernetes can be effectively used and how the containers it manages might be better than virtual machines.
• blog.newrelic.com: Kubernetes Fundamentals 🌟
  • https://blog.newrelic.com/engineering/kubernetes-request-and-limits/
  • https://blog.newrelic.com/engineering/kubernetes-health-checks/
  • https://blog.newrelic.com/engineering/how-to-use-kubernetes-secrets/
  • https://blog.newrelic.com/engineering/how-to-organize-kubernetes-clusters/
  • https://blog.newrelic.com/engineering/how-to-use-kubernetes-volumes/
• erkanerol.github.io: I wish pods were fully restartable Why are Pod not fully restartable in Kubernetes? Why is Kubernetes not restarting the Pod in CrashLoopBackOff?
• loginradius.com: Understanding Basics of Kubernetes
• Kubernetes Horror Stories
• lambda.grofers.com: Learnings From Two Years of Kubernetes in Production 🌟
• devopsunlocked.com: Kubernetes: Learning Material 🌟
• magalix.com: Team Productivity: Resource Management 🌟 Resource Requests, Limits and Quota
• opensource.com: A beginner's guide to Kubernetes Jobs and CronJobs Use Jobs and CronJobs to control and manage Kubernetes pods and containers.
• learnsteps.com: How Kubernetes works on reconciler pattern 🌟
• redhat.com: Kubernetes Components - A sysadmin's guide to basic Kubernetes components 🌟 Kubernetes control plane nodes and worker nodes, their features, and how they interact.
• medium: How Rolling and Rollback Deployments work in Kubernetes
• medium: Installing cf-for-k8s on a Kubernetes Cluster Running on Digital Ocean If you want to install Cloud Foundry on Kubernetes on Digital Ocean, you might find this article relevant.
• itnext.io: Lessons learned from managing a Kubernetes cluster for side projects (GKE) 🌟
• projectcalico.org: Using Kubernetes to orchestrate VMs 🌟
• cncf.io: Kubernetes 101: An Introduction 🌟
• millionvisit.blogspot.com: Kubernetes for Developers #1: Kubernetes Architecture and Features 🌟
• lastweekinaws.com: Is ECS deprecated? Has Kubernetes won?
• redhat.com: Start learning Kubernetes from your local machine
• medium: Pratyush Mathur - Kubernetes Architecture
• medium: Deployment types in Kubernetes 🌟
• platform9.com: Difference Between multi-cluster, multi-master, multi-tenant & federated Kubernetes 🌟
• opensource.com: 8 Kubernetes insights for 2021 🌟 Review the top five Kubernetes articles of 2020, then preview three tools you should learn about in 2021.
• thoughtbot.com: Zero Downtime Rails Deployments with Kubernetes
• medium: Kubernetes Resources 🌟
• medium: Notes on Graceful Shutdown in Kubernetes 🌟
• loft.sh: Kubernetes Readiness Probes - Examples & Common Pitfalls 🌟
• srcco.de: Zalando - Many Kubernetes Clusters instead of 1 huge cluster 🌟 Running 80+ Kubernetes clusters in production? Yes, Zalando runs 100+ Kubernetes clusters on AWS.
  • Each cluster runs in its own AWS account.
  • They always create a pair of prod/non-prod clusters per "product community", i.e. only half of their clusters (50+) are marked as "production" and have full 24x7 on-call support.
  • They decided to go with "many" (that's relative) clusters for various reasons:
    • Kubernetes has no strong story for multi-tenancy, having "smaller" clusters mitigates part of this problem
    • Some infrastructure is shared per cluster, e.g. Prometheus and the Ingress proxy (Skipper) --- this requires appropriate (vertical) scaling of these components, smaller clusters make this easier to handle
    • The blast radius is limited --- anything going wrong in one cluster (outage, security incident, ..) does not necessarily affect the whole organization
    • Cost attribution is easier (every cluster belongs to a cost center)
    • The cluster (and its AWS account) serves as a natural trust boundary for access control (you can either deploy via CI/CD to a cluster or not)
• engineering.salesforce.com: Project Agumbe: Share Objects Across Namespaces in Kubernetes 🌟
• didil.medium.com: Building a Kubernetes Mutating Admission Webhook A “magic” way to inject a file into Pod Containers
• platform9.com: The Gorilla Guide to Kubernetes in the Enterprise 🌟 Discover key capabilities for Kubernetes at scale.
  • A complete Enterprise Kubernetes infrastructure needs proper DNS, load balancing, Ingress, stateful services, K8’s role-based access control (RBAC), integration with LDAP and authentication systems, and more. Once Kubernetes is deployed, day-2 operational challenges and life-cycle management comes into play: monitoring, alerting, troubleshooting, upgrades, security patching, compliance checking and much more.
  • The Gorilla guide to Kubernetes in the Enterprise is your resource to ensure the success of your Enterprise Kubernetes projects by thinking through critical decisions around deployment options, day-2 operational considerations, use cases, and choosing your Kubernetes implementation solutions.
• thenewstack.io: A Deep Dive into Architecting a Kubernetes Infrastructure 🌟
• thenewstack.io: Manage Multicluster Kubernetes with Operators
• kubernetes.io: Out of the Clouds onto the Ground: How to Make Kubernetes Production Grade Anywhere 🌟
• opensourcerers.org: How to go from Docker to Kubernetes the right way 🌟
• magalix.com: Influencing Kubernetes Scheduler Decisions To ensure maximum possible performance and availability given the infrastructure at hand, the scheduler uses complex algorithms to ensure the most efficient Pod placement. In this article, we discuss how the scheduler selects the best node to host the Pod and how we can influence its decision.
• openshift.com: The Hidden Dangers of Terminating Namespaces 🌟
• learndevops.substack.com: Hitting prometheus API with curl and jq 🌟 Determine offending pods that use more RAM than requested, causing OOM, with Prometheus and jq.
• nginx.com: Reduce Complexity with Production-Grade Kubernetes
• medium: Making Sense of Taints and Tolerations in Kubernetes
• ronaknathani.com: How a Kubernetes Pod Gets an IP Address
• medium: ConfigMaps in Kubernetes (K8s)
• devopscube.com: 10 Key Considerations for Kubernetes Cluster Design & Setup 🌟
• sysdig.com: Kubernetes admission controllers in 5 minutes
• blog.pixielabs.ai: Building Kubernetes Native SaaS applications: iterating quickly by deploying in-cluster data planes
• datacenterknowledge.com: The Pros and Cons of Kubernetes-Based Hybrid Cloud 🌟
• itnext.io: CKS Exam Series #9 RBAC v2 Kubernetes CKS Example Exam Question Series
• dzone: Scale to Zero With Kubernetes with KEDA and/or Knative 🌟 This article reviews how Kubernetes provides the platform capabilities for dynamic deployment, scaling, and management in Cloud-native applications.
• elastisys.com: What do I need to add on top of Kubernetes?
• infoq.com: Experts Discuss Top Kubernetes Trends and Production Challenges
• zhimin-wen.medium.com: Sticky Sessions in Kubernetes 🌟
• maximilianmichels.com: Kubernetes in a Nutshell: 10 Things You Need to Know
• vamsitalkstech.com: Introduction to Kubernetes Multi-tenancy..(1/2)
• vamsitalkstech.com: Kubernetes Multi-tenancy Best Practices & Architecture Model..(2/2)
• itnext.io: Breaking down and fixing etcd cluster
• brennerm.github.io: Kubernetes Overview Diagrams 🌟
• blog.appstack.one: How to run Ghost blog inside Kubernetes
• If you have a livenessProbe that takes over one second, it’ll fail when you update to kubernetes 1.20, because a long-standing bug with how the default was handled has been fixed. You must override the ExecProbeTimeout if your probe takes more than 1s
• thenewstack.io: Kubernetes Is Not Just About Containers — It’s About the API 🌟
• dzone refcard: Advanced kubernetes 🌟
• dzone refcard: Kubernetes Multi-Cluster Management and Governance 🌟
• tech2fun.net: Using Service Endpoints and Alias for accessing External Service in K8s
• learnk8s.io: Scaling Celery workers with RabbitMQ on Kubernetes 🌟 In this article, you will explore how to use Kubernetes and KEDA to scale Celery workers based on the number of messages in a RabbitMQ queue.
  1. Learn how to set up a metrics pipeline
  2. How you can drive autoscaling based on metrics from RabbitMQ.
  3. Why KEDA might be an alternative to prometheus+adapters
• cloudsavvyit.com: How Does Kubernetes Work?
• github.com/PacktPublishing: Kubernetes in Production Best Practices
• arabitnetwork.com: K8S – Enabling Auditing Logs | Step-by-Step
• thenewstack.io: Kubernetes Lifecycle Management! So Important! (Day 0, Day 1, Day 2) 🌟
• kruyt.org: Migrate from Docker to Containerd in Kubernetes
• lemoncode.net: Hola Kubernetes: Definiciones 🌟
• superuser.openstack.org: Run Your Kubernetes Cluster on OpenStack in Production
• medium: How to deploy StatefulSets in Kubernetes (K8s)?
• sandeepbaldawa.medium.com: K8s Labels & Selectors 🌟 In this post, we will look at What Kubernetes(K8s) Labels and Selectors are, Why do we need them, How to use them.
• developers.redhat.com: Using Dekorate to generate Kubernetes manifests for Java applications 🌟
  • dekorate.io 🌟
• thenucleargeeks.com: Introduction to Kubernetes Pods
• millionvisit.blogspot.com: Kubernetes for Developers Journey 🌟:
  • millionvisit.blogspot.com: Kubernetes for Developers #1: Kubernetes Architecture and Features
  • millionvisit.blogspot.com: Kubernetes for Developers #2: Kubernetes for Local Development
  • millionvisit.blogspot.com: Kubernetes for Developers #3: kubectl CLI
  • millionvisit.blogspot.com: Kubernetes for Developers #4: Enable kubectl bash autocompletion
  • millionvisit.blogspot.com: Kubernetes for Developers #5: Kubernetes Web UI Dashboard
  • millionvisit.blogspot.com: Kubernetes for Developers #6: Kubernetes Objects
  • millionvisit.blogspot.com: Kubernetes for Developers #7: Imperative vs. Declarative Kubernetes Objects
  • millionvisit.blogspot.com: Kubernetes for Developers #8: Kubernetes Object Name, Labels, Selectors and Namespace
  • millionvisit.blogspot.com: Kubernetes for Developers #9: Kubernetes Pod Lifecycle
  • millionvisit.blogspot.com: Kubernetes for Developers #10: Kubernetes Pod YAML manifest in-detail
  • millionvisit.blogspot.com: Kubernetes for Developers #11: Pod Organization using Labels
  • millionvisit.blogspot.com: Kubernetes for Developers #12: Effective way of using K8 Liveness Probe
  • millionvisit.blogspot.com: Kubernetes for Developers #13: Effective way of using K8 Readiness Probe
  • millionvisit.blogspot.com: Kubernetes for Developers #14: Kubernetes Deployment YAML manifest in-detail 🌟
• thenewstack.io: Scaling Microservices on Kubernetes 🌟
• andrewlock.net: Series: Deploying ASP.NET Core applications to Kubernetes 🌟
  • andrewlock.net: Deploying ASP.NET Core applications to Kubernetes - Part 6 - Adding health checks with Liveness, Readiness, and Startup probes 🌟
• infoq.com: The Evolution of Distributed Systems on Kubernetes 🌟 What Comes After Microservices:
  • Yet Microservices gives us the guiding principles on how to split a monolithic application into separate business domains.
  • After that came serverless and Function-as-a-Service (FaaS), where we said we could split those further by operations, giving us extreme scaling - because we can scale each operation individually.
  • The author argues that maybe FaaS is not the best model - as functions are not the best model for implementing reasonably complex services where you want multiple operations to reside together when they have to interact with the same dataset.
  • Probably, multi-runtime as the author calls it Mecha architecture, where you have your business logic in one container, and you have all the infrastructure-related concerns as a separate container.
  • They jointly represent a multi-runtime microservice. Maybe that's a more suitable model because it has better properties.
  • You get all the benefits of microservice. You still have all your domain, all the bounded contexts in one place.
  • You have all the infrastructure and distributed application needs in a separate container, and you combine them at runtime.
  • Probably, the closest thing that's getting to that right now is Dapr.
• cloud.ibm.com: Tutorial - Scalable webapp 🌟
• hackernoon.com: The Ultimate Beginners Guide To Kubernetes and Container Orchestration
• thenucleargeeks.com: Taints and Tolerations in Kubernetes
• fosstechnix.com: Rolling out and Rolling back updates with Zero Downtime on Kubernetes Cluster 🌟
• rcarrata.github.io: Regenerating Kubeconfig for system:admin user in OpenShift clusters 🌟 You missed your kubeconfig file of your OpenShift cluster? Your dog ate your kubeconfig file? No worries! Let’s regenerate it in a easy and automated way!
• medium: Kubernetes — Difference between Deployment and StatefulSet in K8s
• medium: Jobs & Cronjobs in Kubernetes Cluster
• devopscube.com: How To Create Kubernetes Jobs/Cron Jobs – Getting Started Guide
• speakerdeck.com: Kubernetes Pod internals with the fundamentals of Containers 🌟
• thenewstack.io: Avoiding the Pitfalls of Multitenancy in Kubernetes
• zhimin-wen.medium.com: Sticky Sessions in Kubernetes
• medium: Graceful shutdown of fpm and nginx in Kubernetes
• medium: Kubernetes Fundamentals For Absolute Beginners: Architecture & Components
• bsucaciu.com: What is a Sidecar?
• thenewstack.io: Scaling Microservices on Kubernetes 🌟
• fairwinds.com: Over-Provisioned and Over-Permissioned Containers & Kubernetes
• learn.hashicorp.com: Integrate a Kubernetes Cluster with an External Vault 🌟
• kubernetes.io: PodSecurityPolicy Deprecation: Past, Present, and Future 🌟
• betterprogramming.pub: How to Implement Your Distributed Filesystem With GlusterFS And Kubernetes Learn the advantages of using GlusterFS and how can it help in achieving a highly-scalable, distributed filesystem.
• compliantkubernetes.io: Compliant Kubernetes is a Certified Kubernetes distribution, that complies with: HIPAA, GDPR, PCI DSS, FFFS 2014:7, ISO 27001, etc. 🌟
• blog.gopaddle.io: Strange things you never knew about Kubernetes ConfigMaps on day one 🌟🌟
• medium: Scaling Kubernetes with Assurance at Pinterest
• platform9.com: Kubernetes Cluster Sizing – How Large Should a Kubernetes Cluster Be? 🌟
• learnsteps.com: What is a control plane? Basics on Kubernetes
• infoworld.com: No one wants to manage Kubernetes anymore 🌟 The availability of solid and varied managed kubernetes options has seen more and more companies shy away from managing their own clusters.
• dzone: Introduction To Kubernetes 🌟 An orchestration tool takes care of provisioning and deployment, allocation of resources, load balancing, and many other important aspects of any system.
• fairwinds.com: Never Should You Ever In Kubernetes: #1 Do K8S The Hard Way
• blog.flant.com: How we enjoyed upgrading a bunch of Kubernetes clusters from v1.16 to v1.19
• eximiaco.tech: when to choose Kubernetes? 🌟
• kubernetes.io: Three Tenancy Models For Kubernetes 🌟 What are your tenancy options with Kubernetes? This post calls out three: by namespace, by cluster, by control plane.
• thenewstack.io: Living with Kubernetes: Cluster Upgrades 🌟
• openshift.com: Topology Aware Scheduling in Kubernetes Part 1: The High Level Business Case
  • openshift.com: Topology Awareness in Kubernetes Part 2: Don’t we already have a Topology Manager?
• Kubernetes setup with CRI-O Runtime Example to build Kubernetes Clusters using CRI-O runtime instead of Docker
• kubernetes.io: Graceful Node Shutdown Goes Beta 🌟
• blog.min.io: Kubernetes, Consistency and Commoditization - The Way of the Cloud
• hjrocha.medium.com: Add a Custom Host to Kubernetes
• rancher.com: The Three Pillars of Kubernetes Container Orchestration 🌟
• qwinix.io: What Is Kubernetes? K8s Uses, Benefits, & More
• thenewstack.io: Governance, Risk and Compliance with Kubernetes
• itnext.io: Kubernetes Probes: Startup, Liveness, Readiness 🌟
• containerjournal.com: Best of 2020: How Docker and Kubernetes Work Together
• zhimin-wen.medium.com: Custom Notifications with Alert Manager’s Webhook Receiver in Kubernetes
• harness.io: Introducing Recommendations API: Find Potential Cost Savings Programmatically
• blog.harbur.io: Demystifying stateful apps on Kubernetes by deploying an etcd cluster In this tutorial you will learn how to deploy an etcd cluster in Kubernetes
• blog.kintone.io: Rebooting a LOT of Kubernetes nodes in a declarative way
• ithands-on.com: Kubernetes 101 : Performing tasks in kubernetes - Jobs
• ithands-on.com: Kubernetes 101 : Deployments, replicaSets, services, pods and endpoints
• ithands-on.com: Kubernetes 101 : Changing a Pod's label on the fly
• ithands-on.com: Kubernetes 101 : An overview of StatefulSets and Deployments
• ithands-on.com: Kubernetes 101 : Resource Quotas (ResourceQuota) and Limit Ranges (LimitRange)
• ithands-on.com: Kubernetes 101 : Deployments and Rolling updates - maxSurge, maxUnavailable
• ithands-on.com: Kubernetes 101 : The externalName service
• infoworld.com: How Kubernetes works If you want to understand containers, microservices architecture, modern application development, and cloud native computing, you need to understand Kubernetes.
• infoq.com: Cloud Native and Kubernetes Observability: Expert Panel
• kubernetes.io: Don't Panic: Kubernetes and Docker
• thenewstack.io: Exploring the New Kubernetes Maturity Model
• blog.bandowski.eu: Tools that should be used in every Kubernetes cluster 🌟
  • ArgoCD for deploying your resources the GitOps way
  • MetalLB in case you need a load balancer when running Kubernetes on-prem and not in a cloud
  • external-secrets to easily sync the secrets of your external secret manager with your Kubernetes cluster
  • cert-manager 🌟 to easily retrieve and/or generate new certificates on the fly
    • github.com/cert-manager
    • github.com/cert-manager: Policy Approver Policy Approver is a cert-manager approver that is responsible for Approving or Denying CertificateRequests.
  • external-dns to manage your DNS entries automatically
• redhat.com: Building containers by hand: The PID namespace The PID namespace is an important one when it comes to building isolated environments. Find out why and how to use it.
• cncf.io: Simplifying multi-clusters in Kubernetes
• infoq.com: The Kubernetes Effect
• dustinspecker.com: iptables: How Kubernetes Services Direct Traffic to Pods
• dustinspecker.com: Scaling Kubernetes Pods using Prometheus Metrics 🌟 one of Kubernetes many features is auto-scaling workloads. Typically, Horizontal Pod Autoscalers scale pods based on CPU or memory usage. During other times we could better scale by using custom metrics that Prometheus is already scraping. Fortunately, Horizontal Pod Autoscalers can support using custom metrics. I’m a fan of the kube-prometheus project, but it wasn’t apparent how to set up a Horizontal Pod Autoscaler using custom metrics. This post walks through:
  • Deploying kube-prometheus (Prometheus operator, Prometheus adapter, Grafana, and more)
  • Creating a custom metrics APIService
  • Configuring Prometheus adapter to support our custom metrics
  • Deploying a Horizontal Pod Autoscaler for Grafana using a custom metric
• dustinspecker.com: IPVS: How Kubernetes Services Direct Traffic to Pods
• dev.to: How to switch container runtime in a Kubernetes cluster
• digizoo.com.au: How to Master Admission Webhooks In Kubernetes (GKE) (Part One) Admission webhooks are HTTP callbacks that receive admission requests (for resources in a K8s cluster) and do something with them. You can define two types of admission webhooks, validating admission webhook and mutating admission webhook.
• asonisg.medium.com: Multi-tenancy with Kubernetes (Part-1) 🌟
• itnext.io: Breaking down and fixing etcd cluster
• learnsteps.com: Basics on Kubernetes: What exactly is a deployment?
• itnext.io: Kubernetes: what are Endpoints
• medium.com: Using kubernetes custom resources to manage our ephemeral environments Building a Kubernetes operator with kubebuilder to manage ephemeral environments.
• medium: Running Apache Flink on Kubernetes
• learnsteps.com: How exactly kube-proxy works: Basics on Kubernetes
• kubernetes.io: Annotating Kubernetes Services for Humans 🌟 A Convention for annotations in Kubernetes.
• medium.com: Connect services across Kubernetes clusters using Teleproxy Teleproxy is a shell script that lets you quickly replace a Kubernetes deployment by a single pod that forwards incoming traffic to another pod running in a destination Kubernetes cluster.
• medium: Kubernetes DNS for Services and Pods
• edgehog.blog: Getting Started with K8s: Core Concepts
• itnext.io: Working with kubernetes configmaps, part 1: volume mounts
  • itnext.io: Working with kubernetes configmaps, part 2: Watchers
• talos-systems.com: Is Vanilla Kubernetes Really Too Heavy For The Raspberry Pi?
• infoq.com: Kubernetes Workloads in the Serverless Era: Architecture, Platforms, and Trends
• blog.kintone.io: Tolerating failures in container image registries This article will show you several ways to ensure your Kubernetes clusters can always pull images even while an upstream registry is failing.
• blog.px.dev: How etcd works and 6 tips to keep in mind
• containerjournal.com: Kubernetes’ True Superpower is its Control Plane
• itnext.io: Kubernetes Readiness Probes — Examples & Common Pitfalls 🌟
• k21academy.com: Kubernetes ConfigMaps and Secrets: Guide to Create and Update 🌟
• dev.to: A Deep Dive Into Kubernetes Schema Validation
• tremolosecurity.com: Pipelines and Kubernetes Authentication The Right Way To Authenticate to Your Clusters From Your CI/CD Pipelines:
  • Don't use ServiceAccount tokens outside of your cluster
  • Create service accounts inside of your authentication identity provider, assign RBAC privileges
  • Easy with Okta and OpenUnison
• usepine.com: Improving cert-manager HTTP01 self-check speed This post describes how to improve cert-manager self-check speed, by pointing the cluster to Google nameservers, and disabling DNS caching
• talkingquickly.co.uk: Kubernetes Single Sign On - A detailed guide 🌟
• datree.io: A Deep Dive Into Kubernetes Schema Validation 🌟 Great overview of different schema validation tools, incl. server-side ,dry-run“. But I think with tools like kind in CI it’s actually less of a burden to spin up K8s and do proper server-side validation (which catches all issues as mentioned in the post).
• community.suse.com: Stupid Simple Kubernetes — Deployments, Services and Ingresses Explained
• elastisys.com: PCI DSS compliance in Kubernetes-based platforms
• infracloud.io: Avoiding Kubernetes Cluster Outages with Synthetic Monitoring Synthetic monitoring consists of pre-defined checks to proactively monitor the critical elements in your infrastructure. These checks simulate the functionality of the elements. We can also simulate the communication between the elements to ensure end-to-end connectivity. Continuous monitoring of these checks also helps to measure overall performance in terms of availability and response times.
• linkedin.com/pulse: What are Kubernetes Persistent Volumes?
• talos-systems.com: Is Vanilla Kubernetes Really Too Heavy For The Raspberry Pi?
• towardsdatascience.com: Kubernetes 101: Cluster Architecture They say a picture is worth a thousand (or a million) words
• blog.kintone.io: Tolerating failures in container image registries 🌟
• thenucleargeeks.com: Taints and Tolerations in Kubernetes
• humanitec.com: Benchmark your Kubernetes setup against 500+ other teams and find out how well (or not) you are doing
• devopshubproject/cka-lab This repo contains set of practice questions which will help you to get ready for the cka exam.
• medium: Run Kubernetes Production Environment on EC2 Spot Instances With Zero Downtime: A Complete Guide
• geekflare.com: Diez mejores prácticas de Kubernetes para una mejor orquestación de contenedores
• medium: One CKA/CKAD/CKS requirement: Mastering Kubectl
• shayn-71079.medium.com: Scaling Kubernetes Clusters The below figure presents a schematic diagram of how cluster auto-scaling is done in AWS EKS clusters.
• itnext.io: Kubernetes Essential Tools: 2021 🌟
• medium: Fully automated canary deployments in Kubernetes 🌟
• medium: Kubernetes Namespaces vs. Virtual Clusters
• thenewstack.io: Living with Kubernetes: Multicluster Management
• tigera.io: Comparing kube-proxy modes: iptables or IPVS?
• cloud.google.com: What is Kubernetes? 🌟
• fairwinds.com: K8s Clinic: How to Run Kubernetes Securely and Efficiently 🌟
  • With the adoption of containers, software packaging is increasingly shifting left, which means (depending on your organization) that developers are taking on responsibility for the containerization of applications. Developers may also be responsible for some parts of Kubernetes configuration. As that process shifts left, developers need support to make the right decisions for the organization in order to run Kubernetes securely and efficiently.
  • Many companies are adopting cloud native technologies to deliver speed to market. For businesses seeking to compete in today's marketplace, it’s important to ship new features and meet customer needs where they are — and increasingly those needs are being met through software.
• weave.works: Production Ready Checklists for Kubernetes 🌟
• containerjournal.com: The Rise of the KubeMaster 🌟
  • It wasn’t obvious while it was happening, probably because everyone was focused on dealing with a global pandemic, but your IT environment became more complex. Cloud technology continued to evolve, and while that was happening, cloud use grew. Hybrid cloud use, already growing before the pandemic, became much more established with a year-over-year annual growth rate of 17.8%, according to Quince Market Insights. And with more distinct technology advances from each of the major cloud service providers, multi-cloud use also became more established.
  • This more complex environment encouraged the use of containers, and Kubernetes became the preferred means of managing them. Unfortunately, the great irony of Kubernetes is that the technology created to make the management of modern cloud applications easier is, itself, incredibly difficult to manage. Just to deploy and manage a single application in your own data center requires working familiarity with a Kubernetes distribution and working integrations with a number of supporting systems and enterprise software including code registries, CI/CD, secrets management, storage management, networking, logging and monitoring, service mesh, backup and disaster recovery (DR). That’s just for one environment. In a hybrid infrastructure, perhaps using one of the leading cloud service providers such as AWS, Azure or GCP, you could double this overhead.
  • This rapid growth combined with immense complexity means not every Kubernetes implementation has been successful, and in the worst cases, misconfigurations have led to security breaches and significant application downtime. Overwhelmed teams with insufficient training only make the problem worse, putting these implementations farther behind as Kubernetes management becomes increasingly difficult. As such, I believe the time is now for a new role to emerge in the enterprise—Kubernetes Manager. This is a job function that more and more companies will need to hire as operating and managing Kubernetes becomes a significantly larger part of the engineering operation than ever before. Let me explain.
• css-tricks.com: Kubernetes Explained Simply: Containers, Pods and Images
• okteto.com: Run your Pull Request Preview Environments on Kubernetes
• allanjohn909.medium.com: Kubernetes Ingress with Traefik, CertManager, LetsEncrypt and HAProxy
• asishmm.medium.com: Discussion on Horizontal Pod Autoscaler with a demo on local k8s cluster
• piotrminkowski.com: Kubernetes Multicluster with Kind and Submariner
• auth0.com: Kubernetes Tutorial - Step by Step Introduction to Basic Concepts Learn about the basic Kubernetes concepts while deploying a sample application on a real cluster.
• civo.com: Get up and running with Kubeflow on Civo Kubernetes
• medium: Kubernetes — Learn Sidecar Container Pattern Understanding Sidecar Container Pattern With an Example Project
• cloudhero.io: Creating Users for your Kubernetes Cluster
• blog.nillsf.com: How to run your own admission controller on Kubernetes
• Kubernetes Hierarchical Namespace Controller (slides from Kubernetes Multitenancy Working Group) 🌟
• blog.flant.com: Failure stories #2. How to destroy Elasticsearch while migrating it within Kubernetes
• dbafromthecold.com: Adjusting pod eviction time in Kubernetes
• thenewstack.io: Why developers should learn kubernetes
• doordash.engineering: Gradual Code Releases Using an In-House Kubernetes Canary Controller Gradual code releases with canary deployments and a custom Kubernetes controller
• itnext.io: How to deploy a cross-cloud Kubernetes cluster with built-in disaster recovery 🌟
• educative.io: A deep dive into Kubernetes Deployment strategies 🌟
• kubernetes.io: PodSecurityPolicy Deprecation: Past, Present, and Future 🌟
• loft.sh: Kubernetes Multi-Tenancy: Why Virtual Clusters Are The Best Solution
• getambassador.io: Getting Started with Kubernetes for JavaScript Developers
• blog.cloudflare.com: Automatic Remediation of Kubernetes Nodes
• pulumi.com: Kubernetes Fundamentals Part One - Python instead of YAML 🌟
• ubuntu.com: How to test the latest Kubernetes 1.22 release candidate with MicroK8s
• thenewstack.io: 10 Steps to a Successful Kubernetes Technical Transformation 🌟
• bsucaciu.com: What is a Sidecar?
• thenewstack.io: This Week in Programming: Kubernetes from Day One? 🌟
• ably.com: No, we don’t use Kubernetes
• kubermatic.com: Keeping the State of Apps Part 3: Introduction to ConfigMaps 🌟
• mirantis.com: Introduction to YAML: Creating a Kubernetes deployment
• auth0.com: Deployment Strategies In Kubernetes 🌟 Learn what are the different deployment strategies available in Kubernetes and how to use them.
• medium: Kubernetes Scaling & Replicas 🌟 Whenever we talk about “Scaling”, we need to discuss the states of the application. There are two types: Stateful and Stateless Applications.
  • Stateful: A stateful application can remember at least some of the things(from the past) about its state when it runs each time. For example: It stores our preferences, keeps track of window size and location, and remembers what files they have opened recently. Their Attributes are:
    • persistence Storage
    • gracefully deployment and scaling
    • gracefully deletion and termination
    • Automated rolling updates
  • Stateless: A stateless application requests are self-contained, i.e. everything is contained within the request, and handled in two distinct phases - a “request” and a “response.” Their Attributes are:
    • Scaling can be done independently
    • Mortal (Kubernetes Pods are mortal. They are born and when they die, they are not resurrected)
    • No persistence Storage
    • Client Cookies can be used to make service stateless
• cncf.io: Advanced Kubernetes pod to node scheduling
• medium: Kubernetes Deployment — Rolling Updates and Rollbacks Explained 🌟 Learn how to update the application once created a Deployment in the Kubernetes cluster and how to rollback.
• medium: Create A Pod In Kubernetes Cluster Learn what is Pod and how to create a Pod in the Kubernetes cluster.
• cloudsavvyit.com: How to Scale Docker Containers Across Servers Using Kubernetes
• Kubernetes. Label and Selector. Important Topic. Identify object in cluster. CKA Exam Tips
• thenewstack.io: Cloud Foundry Summit: Kubernetes Must Do Better by Developers
• nextplatform.com: KUBERNETES EXPANDS FROM CONTAINERS TO INFRASTRUCTURE MANAGEMENT 🌟 More and more in the middleware layer, not in the hardware
• itnext.io: How to create Kubernetes home lab on an old laptop with K3s
• itnext.io: How to deploy a single Kubernetes cluster across multiple clouds using k3s and WireGuard
• ithands-on.com: Kubernetes 101 : Extending the container's functionalities - Sidecar containers
• itnext.io: How to Add MySql & MongoDB to a Kubernetes .Net Core Microservice Architecture How to add a MySQL DB and a MongoDB replica set in K8S on Docker desktop using persistent volumes and access the databases from ASP.NET Core, C# and Angular
• medium: Replication Controller Vs ReplicaSets in Kubernetes Learn why we need replication and how replication works in Kubernetes. Scale the application using the kubectl scale command.
• thenewstack.io: Monolithic Development Practices Kill Powerful Kubernetes Benefits 🌟🌟 "It’s not about the economy of data, it’s about speed and nimbleness of data. The benefits of using Kubernetes and microservices is incredible — just make sure you know how to fully wield its power!"
• itnext.io: Expose Open Policy Agent/Gatekeeper Constraint Violations for Kubernetes Applications with Prometheus and Grafana
• thenewstack.io: How Airbnb and Twitter Cut Back on Microservice Complexities
• Some useful and promising Kubernetes projects to follow:
  • submarinerio multicluster direct networking
  • shipwrightio building container images
  • microcksio testing API and messaging
  • telepresenceio development tool
  • k0sproject new Kubernetes distro
• cloudhero.io Creating Users for your Kubernetes Cluster. Learn how to use x509 certificates to authenticate users in your cluster.
• auth0.com: Deployment Strategies In Kubernetes 🌟 Learn what are the different deployment strategies available in Kubernetes and how to use them.
• loft.sh: Docker Compose to Kubernetes: Step-by-Step Migration 🌟
• medium: Kubernetes Deployment Explained Learn what is Deployment in the Kubernetes cluster and learn the advantages of the Deployment object.
• redhat.com: 10 considerations for Kubernetes deployments - Checklist
• redkubes.com: DIY Kubernetes-based platform building – part 3
• weave.works: Tools for Automating and Implementing Cloud Native Patterns 🌟
• hobby-kube/guide 🌟🌟 Kubernetes clusters for the hobbyist. This guide answers the question of how to setup and operate a fully functional, secure Kubernetes cluster on a cloud provider such as Hetzner Cloud, DigitalOcean or Scaleway. It explains how to overcome the lack of external ingress controllers, fully isolated secure private networking and persistent distributed block storage.

[](https://www.padok.fr/en/blog/kubernetes-architecture-clusters)

{: style="width:60%"}

{: style="width:80%"}

{: style="width:70%"}

Can you change an application without changing any code in Kubernetes?

You can when you use multiple containers in a single Pod.

Here’s a visual recap of @EmanuelMEvans ’s article on extending apps on Kubernetes with multi-container pods https://t.co/afS3pPj4zb pic.twitter.com/LS5zOZErbE

— Daniele Polencic (@danielepolencic) March 1, 2021

<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>

Kubernetes API

• kubernetes.io: Kubernetes API 🌟
• thenewstack.io: Living with Kubernetes: API Lifecycles and You
• blog.tilt.dev: Kubernetes is so Simple You Can Explore it with Curl

Kubernetes Releases

• sysdig.com: What’s new in Kubernetes 1.20?
• magalix: What You Should Know about Kubernetes 1.20
• towardsdatascience.com: Kubernetes is deprecating Docker in the upcoming release Kubernetes and Docker will part ways; what does that mean to you?
• zdnet.com: Kubernetes dropping Docker is not that big of a deal Chill, people. Your Docker skills haven't suddenly become useless. Here's what's really going on.
• thenewstack.io: Kubernetes 1.20 Lands with 44 Enhancements
• thenewstack.io: Kubernetes 1.20 Enhances the Operator Experience and Brings New Features to the Container Runtime
• openshift.com: Kubernetes is Removing Docker Support, Kubernetes is Not Removing Docker Support
• sysdig.com: What’s new in Kubernetes 1.21?
• devopscube.com: Kubernetes v1.21 Released: Here is What you should know
• thenewstack.io: Kubernetes 1.21 Brings a New Memory Manager, More Flexible Scheduling
• kubernetes.io: kubernetes 1.21: CronJob Reaches GA
• kubernetes.io: Kubernetes 1.21: Power to the Community
• devclass.com: Kubernetes 1.21 unloads pod security, adds dual IPv4/IPv6 networking, and shuts down gracefully
• kubernetes.io: Introducing Suspended Jobs in Kubernetes 1.21
• analyticsindiamag.com: Kubernetes v1.21 Released: Major Updates & Latest Features
• openshift.com: Kubernetes 1.21 Grows Innovative New Features
• Kubernetes v1.16 API deprecation testing Examples of how to test the impact of the v1.16 API deprecations and ways to debug early!
• kubernetes.io: Kubernetes 1.21: Metrics Stability hits GA
• blog.gopaddle.io: Strange things you never knew about Kubernetes ConfigMaps on day one 🌟🌟
• sysdig.com: Kubernetes 1.22 – What’s new?
• kubernetes.io: Kubernetes API and Feature Removals In 1.22: Here’s What You Need To Know In this version, multiple beta APIs will be removed. Not deprecated, removed. Specifically, the following:
  • Ingress
  • CustomResourceDefinition
  • ValidatingWebhookConfiguration
  • MutatingWebhookConfiguration
  • CertificateSigningRequest
  • etc
• kubernetes.io: Kubernetes 1.22: Reaching New Peaks Kubernetes' default backend storage, etcd, has a new release: 3.5.0. The new release comes with improvements to the security, performance, monitoring, and developer experience.
• thenewstack.io: Less Is More with Kubernetes 1.22

Namespaces

• qvault.io: How to Restart All Pods in a Kubernetes Namespace 🌟
• medium: How to create Namespaces in Kubernetes? 🌟
• starwindsoftware.com: Remove a Kubernetes namespace blocked with Terminating status
• opensource.com: Configure multi-tenancy with Kubernetes namespaces 🌟 Namespaces provide basic building blocks of access control for applications, users, or groups of users.

Kubernetes Best Practices and Tips

• Optimize Kubernetes cluster management with these 5 tips 🌟 Effective Kubernetes cluster management requires operations teams to balance pod and node deployments with performance and availability needs.
• techradar.com: Three tips to implement Kubernetes with open standards
• geekflare.com: 10 Kubernetes Best Practices for Better Container Orchestration 🌟
• wideops.com: Kubernetes best practices: Setting up health checks with readiness and liveness probes
• containerjournal.com: 10 Best Practices Worth Implementing to Adopt Kubernetes
• medium: Kubernetes Tip: How Does OOMKilled Work?
• cloud.google.com: Kubernetes Best Practices 🌟 A collection of blog posts aimed at guide you through the Kubernetes best practices
• releasehub.com: Kubernetes Health Checks - 2 Ways to Improve Stability in Your Production Applications
• stackpulse.com: Kubernetes and SRE: 5 Best Practices for K8s Reliability in Production 🌟
• fairwinds.com: Never Should You Ever In Kubernetes: #1 Do K8S The Hard Way
• fairwinds.com: Never Should You Ever In Kubernetes Part 2: Kubernetes Security Mistakes
• fairwinds.com: Never Should You Ever In Kubernetes Part 3: 6 K8s Reliability Mistakes
• fairwinds.com: Never Should You Ever In Kubernetes Part 4: Three K8s Efficiency Mistakes
• stackpulse.com: Challenges of Running Services With K8s Reliably
• blog.lukechannings.com: Mistakes made and lessons learned with Kubernetes and GitOps 🌟
• fairwinds.com: An Intro to Kubernetes Best Practices: Start Your K8s Right 🌟
• itnext.io: Lifecycle of Kubernetes Network Policies and Best Practices 🌟 In this blog post, you'll learn the lifecycle of Kubernetes Network Policies (e.g. creation, editing, governance, debugging)

Disruptions

• thenewstack.io: Kubernetes: Use PodDisruptionBudgets for Application Maintenance and Upgrades

Cost Estimation Strategies

• cncf.io: 5 Problems with Kubernetes Cost Estimation Strategies
• loft.sh: How To Reduce Your Kubernetes Cost
• harness.io: Getting Started with Cloud Cost Optimization
• rancher.com: Gain Better Visibility into Kubernetes Cost Allocation
• loft.sh: Kubernetes Cost Savings By Reducing The Number Of Clusters
• thenewstack.io: 5 Essential Tips to Manage Kubernetes Costs 🌟
• opensource.com: 3 ways Kubernetes optimizes your IT budget 🌟 Automation is not only good for IT, it's also beneficial to your company's bottom line.
• thenewstack.io: 5 Expensive Kubernetes Cost Traps and How to Deal with Them
• KubeSurvival 🌟 Significantly reduce Kubernetes costs by finding the cheapest machine types that can run your workloads

Kubernetes Node Size

• learnk8s.io: Allocatable memory and CPU in Kubernetes Nodes 🌟🌟
• docs.google.com - learnk8s.io: Research on the trade offs when choosing an instance type for a kubernetes cluster 🌟🌟

kubecost

• How to track costs in multi-tenant Amazon EKS clusters using Kubecost 🌟
• infracloud.io: Kubernetes Cost Reporting using Kubecost 🌟
• github.com/kubecost: kubecost-exporter - Running Kubecost as a Prometheus metric exporter 🌟
• blog.kubecost.com: Kubecost raises $5.5 million to help teams monitor and reduce their Kubernetes spend
• kubectl-cost 🌟 is a kubectl plugin that provides easy CLI access to Kubernetes cost allocation metrics via the kubecost APIs. It allows developers, devops, and others to quickly determine the cost & efficiency for any Kubernetes workload
• blog.kubecost.com: AKS Cost Monitoring and Governance With Kubecost
• thenewstack.io: KubeCost: Monitor Kubernetes Costs with kubectl

Kubernetes Resource and Capacity Management. Capacity Planning

• itnext.io: Kubernetes Resource Management in Production 🌟 Requests, Limits, Overcommitment, Slack/Waste, Throttling
• medium: Ultimate Kubernetes Resource Planning Guide 🌟
• learnk8s.io: Setting the right requests and limits in Kubernetes 🌟🌟 By far the best read on requests and limits in Kubernetes.
• openshift.com: Sizing Applications in Kubernetes 🌟
• magalix.com: Capacity Planning 🌟 When we have multiple Pods with different Priority Class values, the admission controller starts by sorting Pods according to their priority. What happens when there are no nodes with available resources to schedule a high-priority pods?
• sysdig.com: Kubernetes capacity planning: How to rightsize the requests of your cluster 🌟

Kubernetes instance calculator update!

After talking to Chris the scope was adjusted a bit and the tool does just one thing (hopefully well).

I have all the logic done, now I need to populate the list of instances from the cloud providers

It's looking great! 🤩 pic.twitter.com/3jU2MhtcE6

— Daniele Polencic (@danielepolencic) July 27, 2021

<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>

Kubernetes Monitoring

• kube-prometheus 🌟 Use Prometheus to monitor Kubernetes and applications running on Kubernetes
• medium: Kubernetes Monitoring: Kube-State-Metrics
• Kubernetes Monitoring 101 — Core pipeline & Services Pipeline 🌟
• medium: Utilizing and monitoring kubernetes cluster resources more effectively
• sysdig.com: Seven Kubernetes monitoring best practices every monitoring solution should enable
• magalix.com: Best Practices And Tools For Monitoring Your Kubernetes Cluster
• sysdig.com: Monitoring Kubernetes in Production
• sysdig.com: How to monitor Kubernetes control plane 🌟
• thenewstack.io: 12 Critical Kubernetes Health Conditions You Need to Monitor 🌟
• devopscurry.com: Best Open-Source Monitoring Tools for Kubernetes in 2021 🌟
• circonus.com: 12 Critical Kubernetes Health Conditions You Need to Monitor and Why
• circonus.com: Guide to Kubernetes Monitoring: Part 1
  • circonus.com: Guide to Monitoring Kubernetes, Part 2: Which Metrics and Health Conditions You Should be Monitoring
• infracloud.io: Monitoring Kubernetes cert-manager Certificates with BotKube 🌟 - botkube.io 🌟
• kube-state-metrics 🌟 Add-on agent to generate and expose cluster-level metrics. kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. (See examples in the Metrics section below.) It is not focused on the health of the individual Kubernetes components, but rather on the health of the various objects inside, such as deployments, nodes and pods.
• itnext.io: Monitoring Kubernetes Jobs
• cncf.io: Avoiding Kubernetes cluster outages with synthetic monitoring
• medium: Replication Controller & Replica sets in Kubernetes

Logging in Kubernetes

• cncf.io: Logging in Kubernetes: EFK vs PLG Stack 🌟
• medium: How to Deploy an EFK stack to Kubernetes
• digitalocean.com: How To Set Up an Elasticsearch, Fluentd and Kibana (EFK) Logging Stack on Kubernetes
• portworx.com: How to backup and restore Elasticsearch on Kubernetes
• elastic.co: Elastic Stack Monitoring with Elastic Cloud on Kubernetes (ECK - official operator) 🌟 In this blog post, we'll explore how the official ElasticCloud on Kubernetes operator can be used to easily deploy and manage ElasticStack Monitoring using the new Beat CRD.

• papertrail.com: Quick and Easy Way to Implement Kubernetes Logging The SolarWinds® Papertrail™ team is excited to announce SolarWinds rKubeLog, an open-source project designed to streamline Kubernetes logging. rKubeLog allows you to forward logs to Papertrail from within a Kubernetes cluster without using a daemon or setting up application-level logging or a logging sidecar.
• qlinh.com: Leveraging Kubernetes audit logs for threat detection 🌟 Kubernetes audit logs can provide great visibility into the operation and inner workings of your cluster. Learn how to leverage Kubernetes audit logs for threat detection

ECK Elastic Cloud on Kubernetes

• elastic.co: How to configure Elastic Cloud on Kubernetes with SAML and hot-warm-cold architecture Elastic Cloud on Kubernetes (ECK) is an easy way to get the Elastic Stack up and running on top of Kubernetes. That’s because ECK automates the deployment, provisioning, management, and setup of Elasticsearch, Kibana, Beats, and more.

Health Checks

• medium: How to Perform Health checks in Kubernetes (K8s)
• youtube: Kubernetes 101: Get Better Uptime with K8s Health Checks

Architecting Kubernetes clusters

• learnk8s.io: Architecting Kubernetes clusters — how many should you have?
• learnk8s.io: Architecting Kubernetes clusters — choosing a worker node size
• itnext.io: Architecting Kubernetes clusters — choosing a worker node size

Templating YAML in Kubernetes with real code. YQ YAML processor

• Templating YAML in Kubernetes with real code
  • TL;DR: You should use tools such as yq and kustomize to template YAML resources instead of relying on tools that interpolate strings such as Helm.
  • If you're working on large scale projects, you should consider using real code — you can find hands-on examples on how to programmatically generate Kubernetes resources in Java, Go, Javascript, C# and Python in this repository.

Kubernetes Limits

• kubernetes.io Policy Limit Ranges
• sysdig.com: Understanding Kubernetes limits and requests by example 🌟
• dev.to/aurelievache: Understanding Kubernetes: part 22 – LimitRange
• dzone: Dive Deep Into Resource Requests and Limits in Kubernetes This article will be helpful for you to understand how Kubernetes requests and limits work, and why they can work in an expected way.
• sysdig.com: How to rightsize the Kubernetes resource limits
• medium: Understanding resource limits in kubernetes: cpu time

Kube Scheduler

• All you need to know to get started with the Kube Scheduler

Kubernetes Knowledge Hubs

• k8sref.io 🌟 Kubernetes Reference
• Kubernetes Research. Research documents on node instance types, managed services, ingress controllers, CNIs, etc. 🌟 A research hub to collect all knowledge around Kubernetes. Those are in-depth reports and comparisons designed to drive your decisions. Should you use GKE, AKS, EKS? How many nodes? What instance type?

Kubectl commands

• itnext.io: Boosting your kubectl productivity
• medium: 4 Simple Kubernetes Terminal Customizations to Boost Your Productivity
• medium: Ready-to-use commands and tips for kubectl
• medium: Be fast with Kubectl 1.19 CKAD/CKA 🌟 Collection of the fastest ways to create k8s resources using kubectl ≥ 1.18
• developers.redhat.com: Kubectl: Developer tips for the Kubernetes command line 🌟
• ibm.com: 8 Kubernetes Tips and Tricks 🌟 Most of the tips given below are using kubectl, a powerful command-line tool that allows you to execute commands against Kubernetes clusters.
  • Set default namespaces
  • Helpful aliases to save time
  • YAML editing with vi
  • Create YAML from kubectl commands
  • Switching between Kubernetes namespaces
  • Shell auto-completion
  • Viewing resource utilization
  • Extend kubectl and create your own commands using raw outputs
• pixelstech.net: Update & Delete Kubernetes resources in one-line command
• opensource.com: 5 useful ways to manage Kubernetes with kubectl Learn kubectl to enhance how you interact with Kubernetes.
• hackerxone.com: How to Manage Single & Multiple Kubernetes Clusters using kubectl & kubectx in Linux

Kubectl Cheat Sheets

• Kubectl Cheat Sheets

Kubectl explain

• kubectl explain
• itnext.io: Using ‘kubectl explain’ for Custom Resources Goal: Explore if ‘kubectl explain’ can be used to discover static information about Custom Resources

for r in $(kubectl api-resources|grep -v ^N|awk '{print $1}');do kubectl explain $r --recursive;done

Kubectl Autocomplete

• Kubectl Autocomplete
• kubectl Shell Autocomplete
• Kubernetes productivity tips and tricks 🌟
• complete-alias Automagical shell alias completion.

source <(kubectl completion bash) # setup autocomplete in bash into the current shell, bash-completion package should be installed first.
echo "source <(kubectl completion bash)" >> ~/.bashrc # add autocomplete permanently to your bash shell.

You can also use a shorthand alias for kubectl that also works with completion:

alias k=kubectl
complete -F __start_kubectl k

List all resources and sub resources that you can constrain with RBAC

• kind of a handy way to see all thing things you can affect with Kubernetes RBAC. This will list all resources and sub resources that you can constrain with RBAC. If you want to see just subresources append "| grep {name}/":

kubectl get --raw /openapi/v2  | jq '.paths | keys[]'

Copy a configMap in kubernetes between namespaces

• Copy a configMap in kubernetes between namespaces with deprecated "--export" flag:

kubectl get configmap --namespace=<source> <configmap> --export -o yaml | sed "s/<source>/<dest>/" | kubectl apply --namespace=<dest> -f -

• Flag export deprecated in kubernetes 1.14. Instead following command can be used:

kubectl get configmap <configmap-name> --namespace=<source-namespace> -o yaml | sed ‘s/namespace: <from-namespace>/namespace: <to-namespace>/’ | kubectl create -f

• Reference: Copy a configMap in kubernetes between namespaces

Copy secrets in kubernetes between namespaces

• Copy secrets between namespaces:

kubectl get secret <secret-name> --namespace=<source> -o yaml | sed ‘s/namespace: <from-namespace>/namespace: <to-namespace>/’ | kubectl create -f

Export resources with kubectl and python

• Export resources with zoidbergwill/export.sh, by zoidbergwill

Buildkit CLI for kubectl a drop in replacement for docker build

• container-registry.com: Lifting Developers’ Productivity 🌟 With BuildKit CLI for kubectl a drop in replacement for docker build. In this post, you will learn how to build container images with BuildKit CLI for kubectl (a replacement for the docker build command)
• vmware-tanzu/buildkit-cli-for-kubectl (kubectl plugin) BuildKit CLI for kubectl is a tool for building container images with your Kubernetes cluster.

Kubectl Alternatives

• Helm and Kubernetes
• Kubectl plugins and tools

Manage Kubernetes (K8s) objects with Ansible Kubernetes Module

• Manage Kubernetes (K8s) objects
• ansibleforkubernetes.com 🌟

Jenkins Kubernetes Plugins

• Jenkins Kubernetes Plugin
• Kubernetes Continuous Deploy

Self Service Kubernetes Namespaces

• Self-Service Kubernetes Namespaces Are A Game-Changer 🌟

Client Libraries for Kubernetes

• Client Libraries for Kubernetes

Helm Kubernetes Tool

• Helm

Kubernetes Development Tools. Kubernetes clients and dashboards

• ordina-jworks.github.io: A comparison of Kubernetes clients and dashboards
• loft.sh: Kubernetes Development Environments – A Comparison
• yitaek.medium.com: Useful Tools for Better Kubernetes Development 🌟 Lens, Polaris, kube-hunter, kube-bench, Trivy, Goldilocks, Kyverno, kube-ps1, kubectx + kubens , krew, kubectl-neat, kube-no-trouble, helm-mapkubeapis, kube-diff + helm-diff , kube forwarder, kubecost, kubespy.
• kccncna20.sched.com: A Walk Through the Kubernetes UI Landscape Working with Kubernetes clusters and workloads can be overwhelming, both for operators, as well as application developers. While kubectl is the de-facto standard interface to interact with Kubernetes' API, a graphical user interface can provide a better experience for newcomers and advanced users alike. This talk will look at the current landscape of Open Source Kubernetes web and desktop UIs, including Kubernetes Dashboard, Lens, Octant, Kubernetes Web View, and Headlamp. Particularly, how different dashboards are built, for what purpose they can be used, and how they compare in terms of functionality, so attendees can get the most out of the vast landscape of Kubernetes UIs.
  • PDF
• tilt.dev 🌟 You can use Tilt to easily build and run your application on Kubernetes. In comparison with similar tools, it provides UI for managing the process and cloud platform to share data with your team.
• microcks.io 🌟 K8s-based API mock/test tool.
  • microcks.io: Podman Compose support in Microcks
• kinvolk.io: Shining a light on the Kubernetes User Experience with Headlamp
• kubevious
• cncf.io: Tools to develop apps on Kubernetes 🌟
• blog.usejournal.com: Useful Tools for Better Kubernetes Development
• loft.sh: Kubernetes Dashboards: Headlamp - Headlamp Dashboard
• blog.tekspace.io: Deploying Kubernetes Dashboard in K3S Cluster
• williamlam.com: Useful Interactive Terminal and Graphical UI Tools for Kubernetes

Okteto local kubernetes development

• okteto.com: How to Develop and Debug Java Applications on Kubernetes
• codefresh.io: Tutorial - Local Kubernetes Development with Okteto 🌟

Lens Kubernetes IDE

• Lens Kubernetes IDE 🌟 Lens is the only IDE you’ll ever need to take control of your Kubernetes clusters. It's open source and free. Download it today!
• medium: Lens 5 Released

Kubenav

• kubenav is the navigator for your Kubernetes clusters right in your pocket. kubenav is a mobile, desktop and web app to manage Kubernetes clusters and to get an overview of the status of your resources.

Cloud Manager

• thenewstack.io: Cloud Manager: A New Multicloud PaaS Platform Built on Kubernetes
• medium: Do It All Kubernetes Dashboard

Skaffold. Local Kubernetes Development

• Skaffold 🌟
• infracloud.io: Build and deploy Kubernetes apps with Skaffold
• testingclouds.wordpress.com: Migrating from Docker Compose to Skaffold 🌟

Kind

• Kind is a tool for running local Kubernetes clusters using Docker container “nodes”. kind was primarily designed for testing Kubernetes itself, but may be used for local development or CI.

Autoscaling

• levelup.gitconnected.com: Effects of Docker Image Size on AutoScaling w.r.t Single and Multi-Node Kube Cluster
• infracloud.io: 3 Autoscaling Projects to Optimise Kubernetes Costs Three autoscaling use cases:
  • Autoscaling Event-driven workloads
  • Autoscaling real-time workloads
  • Autoscaling Nodes/Infrastructure
• blog.scaleway.com: Understanding Kubernetes Autoscaling
• infracloud.io: Kubernetes Autoscaling with Custom Metrics (updated) 🌟
• sysdig.com: Kubernetes pod autoscaler using custom metrics
• learnk8s.io: Architecting Kubernetes clusters — choosing the best autoscaling strategy 🌟 How to configure multiple autoscalers in Kubernetes to minimise scaling time and found out that 4 factors affect scaling:
  1. HPA reaction time.
  2. CA reaction time.
  3. Node provisioning time.
  4. Pod creation time.
• thenewstack.io: Reduce Kubernetes Costs Using Autoscaling Mechanisms
• cast.ai: Guide to Kubernetes autoscaling for cloud cost optimization 🌟

Cluster Autoscaler Kubernetes Tool

• kubernetes.io: Cluster Management - Resizing a cluster
• github.com/kubernetes: Kubernetes Cluster Autoscaler
• Kubernetes Autoscaling in Production: Best Practices for Cluster Autoscaler, HPA and VPA In this article we will take a deep dive into Kubernetes autoscaling tools including the cluster autoscaler, the horizontal pod autoscaler and the vertical pod autoscaler. We will also identify best practices that developers, DevOps and Kubernetes administrators should follow when configuring these tools.
• gitconnected.com: Kubernetes Autoscaling 101: Cluster Autoscaler, Horizontal Pod Autoscaler, and Vertical Pod Autoscaler
• packet.com: Kubernetes Cluster Autoscaler
• itnext.io: Kubernetes Cluster Autoscaler: More than scaling out
• cloud.ibm.com: Containers Troubleshoot Cluster Autoscaler
• platform9.com: Kubernetes Autoscaling Options: Horizontal Pod Autoscaler, Vertical Pod Autoscaler and Cluster Autoscaler
• banzaicloud.com: Autoscaling Kubernetes clusters
• tech.deliveryhero.com: Dynamically overscaling a Kubernetes cluster with cluster-autoscaler and Pod Priority
• medium: Build Kubernetes Autoscaling for Cluster Nodes and Application Pods 🌟
• Auto-Scaling Your Kubernetes Workloads (K8s) 🌟
• medium: Cluster Autoscaler in Kubernetes
• itnext.io: Kubernetes Resources and Autoscaling — From Basics to Greatness 🌟

HPA and VPA

• HPA: Horizontal Pod Autoscaler
• VPA: Vertical Pod Autoscaler
• returngis.net: Escalado vertical de tus pods en Kubernetes con VerticalPodAutoscaler
• partlycloudy.blog: Horizontal Autoscaling in Kubernetes #3 – KEDA
  • thenewstack.io: CNCF KEDA 2.0 Scales up Event-Driven Programming on Kubernetes
• medium: Build Kubernetes Autoscaling for Cluster Nodes and Application Pods Via the Cluster Autoscaler, Horizontal Pod Autoscaler, and Vertical Pod Autoscaler
• itnext.io: Horizontal Pod Autoscaling with Custom Metric from Different Namespace
• Kubernetes autoscaling with Istio metrics 🌟 Scaling based on traffic is not something new to Kubernetes, an ingress controllers such as NGINX can expose Prometheus metrics for HPA. The difference in using Istio is that you can autoscale backend services as well, apps that are accessible only from inside the mesh.
• medium: 1/3 Autoscaling in Kubernetes: A Primer on Autoscaling
  • medium: 2/3 Autoscaling in Kubernetes: Options, Features, and Use Cases
  • medium: 3/3 Autoscaling in Kubernetes: Why doesn’t the Horizontal Pod Autoscaler work for me?
• around25.com: Horizontal Pod Autoscaler in Kubernetes 🌟
• superawesome.com: Scaling pods with HPA using custom metrics. How we scale our kid-safe technology using Kubernetes 🌟
• velotio.com: Autoscaling in Kubernetes using HPA and VPA
• kubectl-vpa Tool to manage VPAs (vertical-pod-autoscaler) resources in a kubernetes-cluster

Cluster Autoscaler and Helm

• hub.helm.sh: cluster-autoscaler The cluster autoscaler scales worker nodes within an AWS autoscaling group (ASG) or Spotinst Elastigroup.

Cluster Autoscaler and DockerHub

• bitnami/cluster-autoscaler

Cluster Autoscaler in GKE, EKS, AKS and DOKS

• Amazon Web Services: EKS Cluster Autoscaler
  • eksworkshop.com: Configure Cluster Autoscaler (CA)
• Azure: AKS Cluster Autoscaler
• Google Cloud Platform: GKE Cluster Autoscaler
• DigitalOcean Kubernetes: DOKS Cluster Autoscaler

Cluster Autoscaler in OpenShift

• OpenShift 3.11: Configuring the cluster auto-scaler in AWS
• OpenShift 4.4: Applying autoscaling to an OpenShift Container Platform cluster

Kubernetes Load Testing and High Load Tuning

• itnext.io: Kubernetes: load-testing and high-load tuning — problems and solutions
• engineering.zalando.com: Building an End to End load test automation system on top of Kubernetes Learn how we built an end-to-end load test automation system to make load tests a routine task.

Extending Kubernetes

Adding Custom Resources. Extending Kubernetes API with Kubernetes Resource Definitions. CRD vs Aggregated API

• Custom Resources
• itnext.io: CRD is just a table in Kubernetes
• Use a custom resource (CRD or Aggregated API) if most of the following apply:
  • You want to use Kubernetes client libraries and CLIs to create and update the new resource.
  • You want top-level support from kubectl; for example, kubectl get my-object object-name.
  • You want to build new automation that watches for updates on the new object, and then CRUD other objects, or vice versa.
  • You want to write automation that handles updates to the object.
  • You want to use Kubernetes API conventions like .spec, .status, and .metadata.
  • You want the object to be an abstraction over a collection of controlled resources, or a summarization of other resources.
• Kubernetes provides two ways to add custom resources to your cluster:
  • CRDs are simple and can be created without any programming.
  • API Aggregation requires programming, but allows more control over API behaviors like how data is stored and conversion between API versions.
• Kubernetes provides these two options to meet the needs of different users, so that neither ease of use nor flexibility is compromised.
• Aggregated APIs are subordinate API servers that sit behind the primary API server, which acts as a proxy. This arrangement is called API Aggregation (AA). To users, it simply appears that the Kubernetes API is extended.
• CRDs allow users to create new types of resources without adding another API server. You do not need to understand API Aggregation to use CRDs.
• Regardless of how they are installed, the new resources are referred to as Custom Resources to distinguish them from built-in Kubernetes resources (like pods).

Krew, a plugin manager for kubectl plugins

• Krew 🌟 is the plugin manager for kubectl command-line tool.

• itnext.io: Extending Kubernetes Cluster; Kubectl Plugins and Krew

• darumatic.com: Improve Kubectl Command with Krew 🌟 Krew is a tool that aims to ease plugin discovery, installation, upgrade, and removal on multiple operating systems. This article will show you how easy it is to grab and experiment with existing plugins.

• kubectl trace is now on the krew index!! Go install it now!

  kubectl krew install trace
  

  And then just try to snoop into all the file openings:

  kubectl trace run -a  <yournode>  -e 'kprobe:do_sys_open { printf("%s: %s\n", comm, str(arg1)) }'
  

OpenKruise/Kruise

• openkruise.io
• OpenKruise/Kruise
• thenewstack.io: Introducing CloneSet: A Production-Grade Kubernetes Deployment CRD

Crossplane, a Universal Control Plane API for Cloud Computing. Crossplane Workloads Definitions

• crossplane.io 🌟 Crossplane is an open source Kubernetes add-on that supercharges your Kubernetes clusters enabling you to provision and manage infrastructure, services, and applications from kubectl.
• Crossplane, a Universal Control Plane API for Cloud Computing
• Crossplane as an OpenShift Operator to manage and provision cloud-native services
• Crossplane: A Kubernetes Control Plane to Roll Your Own PaaS

Kubernetes Community

Community Forums

• Community Forums 🌟🌟

Kubernetes Special Interest Groups (SIGs)

• Kubernetes Special Interest Groups (SIGs) have been around to support the community of developers and operators since around the 1.0 release. People organized around networking, storage, scaling and other operational areas.
• SIG Apps: build apps for and operate them in Kubernetes

Kubernetes SIG's Repos

• Kubernetes SIGs 🌟 Org for Kubernetes SIG-related work.
• ExternalDNS: Configure external DNS servers (AWS Route53, Google CloudDNS and others) for Kubernetes Ingresses and Services
• Kubernetes-Secrets-Store-CSI-Driver: Secrets Store CSI driver for Kubernetes secrets Integrates secrets stores with Kubernetes via a CSI volume.
• kustomize Customization of kubernetes YAML configurations.

Kubectl Plugins

• Available kubectl plugins 🌟
• Awesome Kubectl plugins 🌟
• Extend kubectl with plugins
• youtube: Welcome to the world of kubectl plugins
• padok.fr: Getting started with kubectl plugins 🌟 5 useful kubectl plugins:
  • whoami
  • access-matrix
  • neat
  • tree
  • node-shell
• kubectl-trace 🌟 kubectl trace is a kubectl plugin that allows you to schedule the execution of bpftrace programs in your Kubernetes cluster.
• pixelstech.net: Build a Kubectl Plugin from Scratch
• k8scr 🌟 A kubectl plugin for pushing OCI images through the Kubernetes API server.

Enforcing Policies and governance for kubernetes workloads with Conftest

• Accelerated Feedback Loops when Developing for Kubernetes with Conftest Learn how to validate Kubernetes resources with Conftest for faster feedback loops
  • open-policy-agent/conftest
  • Enforcing policies and governance for Kubernetes workloads 🌟
• Deprek8ion is a set of rego policies to monitor Kubernetes APIs deprecations and designed to work with conftest.
• k8s-worker-pod-autoscaler scales the replicas in a deployment based on observed queue length.
• kubectl-prune / kubectl-reap 🌟 is a kubectl plugin that prunes unused Kubernetes resources.
• kconnect - The Kubernetes Connection Manager CLI 🌟 kconnect is a CLI utility that can be used to discover and securely access Kubernetes clusters across multiple operating environments. Based on the authentication mechanism chosen the CLI will discover Kubernetes clusters you are allowed to access in a target hosting environment (i.e. EKS, AKS, Rancher) and generate a kubeconfig for a chosen cluster.
• konstraint is a CLI tool to assist with the creation and management of templates and constraints when using Gatekeeper.
• Draino 🌟 Draino automatically drains Kubernetes nodes based on labels and node conditions. Nodes that match all of the supplied labels and any of the supplied node conditions will be cordoned immediately and drained after a configurable drain-buffer time.

Kubernetes Backup and Migrations

• kube-backup: Kubernetes resource state sync to git
• Stash If you are running production workloads in Kubernetes, you might want to take backup of your disks, databases etc. Stash is a cloud native data backup and recovery solution for Kubernetes workloads
• thenewstack.io: Cloud Native Backups, Disaster Recovery and Migrations on Kubernetes
• rancher.com: The No. 1 Rule of Disaster Recovery
• rancher.com: Disaster Recovery Preparedness for Your Kubernetes Clusters 🌟
• k8s-snapshots: Automatic Volume Snapshots on Kubernetes is an operator that creates and expires snapshots according to annotations to your PersistentVolume or PersistentVolumeClaim resources.
• infracloud.io: Protecting Kubernetes applications data using Kanister
  • kanister.io 🌟 An extensible open-source framework for application-level data management on Kubernetes. KANISTER allows domain experts to capture application specific data management tasks in blueprints which can be easily shared and extended. The framework takes care of the tedious details around execution on Kubernetes and presents a homogeneous operational experience across applications at scale.
  • blog.kasten.io: Move Fast and Test in Kubernetes without Breaking Things with kanister and CI/CD 🌟
    • When using data mobility to improve your CI/CD pipeline, it’s important to consider the data at different layers in your application stack. In many instances, you must perform operations on multiple layers of your application at once, as well as interact with Kubernetes itself. Kasten by Veeam developed Kanister to address these data mobility challenges and enable organizations to test safely with real data.
    • Kanister, an open source project, provides a Kubernetes-native framework for application-level data management that supports complex data management workflows. Domain experts can capture application-specific data management tasks in blueprints, which can be easily shared and extended, eliminating many of the tedious details around execution on Kubernetes.
    • Kanister is easy to integrate with your CI/CD pipeline, because it uses Kubernetes API extensions called custom resources. You can easily extend Kanister to work with custom applications as well as several common cloud native databases, simplifying and streamlining testing operations while reducing risk.
• thenewstack.io: DevSecOps Teams Need Application-Consistent Backups for Kubernetes Workloads
• percona.com: Using Volume Snapshot/Clone in Kubernetes (GKE & Percona Kubernetes Operator for XtraDB Cluster)
• kasten.io: Kubernetes Application Mobility Reliable and Powerful Migration of Complete Applications Across Kubernetes Clusters.
• longhorn issue: Move replica to a different server
• aithority.com: Bacula Systems Announces World’s First Enterprise-Class Backup and Recovery Solution for Red Hat OpenShift
• cloudify.co: Migrating Pods With Containerized Applications Between Nodes In The Same Kubernetes Cluster Using Cloudify 🌟
• thenewstack.io: Red Hat Brings Backup, Snapshots to OpenShift Container Storage
• thenewstack.io: 5 Best Practices to Back up Kubernetes
• Bacula Enterprise for OpenShift and Kubernetes 🌟
• dani-izquierdo95.medium.com: Batch processing using Cron Jobs. MySQL automated backup on Openshift/K8s
• itnext.io: Backup and Restore of Kubernetes Stateful Application Data with CSI Volume Snapshots
• youtube: Kubernetes.. ETCD Backup and Restore... Very Easy Steps... CKA Exam Tips..
• dev.to: Kubernetes Backup & Restore made easy! 🌟
• blog.kasten.io: 10 Key Takeaways from Kubernetes Backup & Recovery For Dummies
• k8up.io Kubernetes Backup Operator distributed via a Helm chart, compatible with OpenShift and plain Kubernetes.

Kubernetes Volume Snapshot

• kubernetes.io: Kubernetes 1.20: Kubernetes Volume Snapshot Moves to GA
• itnext.io: Backup and Restore of Kubernetes Stateful Application Data with CSI Volume Snapshots
• blocksandfiles.com: Red Hat OpenShift now does container storage backup 🌟 Red Hat has teamed up with three container backup suppliers to integrate their services with the company’s OpenShift Kubernetes distribution. The Red Hat-certified backup products for OpenShift container storage are parent company IBM’s Spectrum Protect Plus; TrilioVault for Kubernetes; and Veeam-owned Kasten’s K10.

Backup with Trillio Cloud-Native Data Protection for Kubernetes, OpenStack and Virtualization

• Trillio
• TrillioVault for Kubernetes
• redhat.com: OpenShift Backup and Cluster failover with Triliovault 🌟

Backup with Kasten K10

• Kasten
• redhat.com: OpenShift Backup and Recovery with Kasten K10

Backup with Velero

• akomljen.com: Kubernetes Backup and Restore with Velero 🌟
• wecloudpro.com: Kubernetes Disaster Recovery with Velero 🌟
• medium: Backup,Restore & Migrate Kubernetes cluster with Velero
• medium: Velero backup/restore for K8s Stateful Applications managed by Operators

Konveyor Open Source Migration Tool for Kubernetes

• github.com/konveyor 🌟 - konveyor.io A community to build tools and document best practices to modernize workloads and bring them to Kubernetes.
• containerjournal.com: Red Hat, IBM Launch Konveyor to Aggregate Kubernetes Tools
• engineering.konveyor.io: Konveyor Engineering Knowledgebase Engineers working on Konveyor have started putting their own kbase articles here.
• github.com/konveyor/crane: Crane 2.0 🌟 Crane 2, a tool for rehosting cloud workloads for Kubernetes.
  • youtube: Crane 2 Preview: Introduction and Demo Migrating workloads across clusters, from one k8s distro to another, will be the focus of open-source tool Crane 2.0. (A tool that's part of the Konveyor community.)

Kubernetes Troubleshooting

• Kubernetes troubleshooting diagram 🌟
• Understanding Kubernetes cluster events 🌟
• nigelpoulton.com: Troubleshooting kubernetes service discovery - Part 1
• medium: 5 tips for troubleshooting apps on Kubernetes
• managedkube.com: Troubleshooting a Kubernetes ingress
• medium.com: Kubernetes Tip: How To Disambiguate A Pod Crash To Application Or To Kubernetes Platform? (CrashLoopBackOff)
• veducate.co.uk: How to fix in Kubernetes – Deleting a PVC stuck in status “Terminating”
• thenewstack.io: 5 Best Practices to Back up Kubernetes
• tennexas.com: Kubernetes Troubleshooting Examples
• levelup.gitconnected.com: 5 tips for troubleshooting apps on Kubernetes
• medium: Common Kubernetes Errors Made by Beginners [2021] 🌟🌟

Debugging Techniques and Strategies. Debugging with ephemeral containers

• kubectl-debug
• kubesandclouds.com: Debugging with ephemeral containers in K8s (v1.18+)
• How to quarantine pods 🌟
• KDBG: Small Kubernetes debugging container KDBG (Kubernetes Debuger) is a small docker container based on lastest Alpine Linux image, used for debugging Kubernetes clusters from inside a pod.
• inspektor-gadget Collection of gadgets for debugging and introspecting Kubernetes applications using BPF
  • kinvolk.io
• learnk8s.io: A visual guide on troubleshooting Kubernetes deployments 🌟
• StatusBay 🌟 is a tool that provides the missing visibility into the K8S deployment process. The main goal is to ease the experience of troubleshooting and debugging services in K8S and provide confidence while making changes.
• medium: Better Debugging Environment for your Micro-Services
• codefresh.io: Using Telepresence 2 for Kubernetes debugging and local development
• towardsdatascience.com: The Easiest Way to Debug Kubernetes Workloads The fastest and easiest way to debug and troubleshoot any application running on Kubernetes
• tetrate.io: How to debug microservices in Kubernetes with proxy, sidecar or service mesh?
• rookout.com: The Definitive Guide To Kubernetes Application Debugging 🌟
• thorsten-hans.com: Debugging apps in Kubernetes with Bridge 🌟 Bridge to Kubernetes simplifies and streamlines the process of debugging applications running in Kubernetes. Debug any language using the tools you prefer and love.
  • marketplace.visualstudio.com: Bridge to Kubernetes (VSCode)
  • marketplace.visualstudio.com: Bridge to Kubernetes (Visual Studio) Bridge to Kubernetes for Visual Studio 2019

[{: style="width:30%"}](https://learnk8s.io/troubleshooting-deployments)

THREAD: How to quarantine a Pod in Kubernetes.

This technique helps you with debugging running Pods in production.

The Pod is detached from the Service (no traffic), and you can troubleshoot it live.

Let's get started! pic.twitter.com/E7AUh2ylM7

— Daniele Polencic (@danielepolencic) June 24, 2020

<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>

THREAD: How to gracefully shut down Pods without dropping production traffic in Kubernetes

If you've ever noticed dropped connection after a rolling upgrade, this thread digs into the details.

Let's start: 𝘸𝘩𝘢𝘵 𝘩𝘢𝘱𝘱𝘦𝘯𝘴 𝘸𝘩𝘦𝘯 𝘢 𝘗𝘰𝘥 𝘪𝘴 𝘥𝘦𝘭𝘦𝘵𝘦𝘥? pic.twitter.com/jS5litVUlw

— Daniele Polencic (@danielepolencic) July 6, 2020

<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>

THREAD: How does the scheduler work in Kubernetes?

The scheduler is in charge of deciding where your pods are deployed in the cluster.

It might sound like an easy job, but it's rather complicated!

Let's dive into it. pic.twitter.com/iC1vnargc4

— Daniele Polencic (@danielepolencic) September 24, 2020

<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>

Kubernetes Tutorials

• kubernetes.io: Kubernetes Tutorials 🌟 Official documentation from Kubernetes. One can go through this official documentation and can learn much more about Kubernetes.
• devopscube.com: Kubernetes Tutorials For Beginners: Getting Started Guide 🌟
• Intoduction to Kubernetes (slides, beginners and advanced) 🌟
• medium.com: Kubernetes 101: Pods, Nodes, Containers, and Clusters
• medium.com: Learn Kubernetes in Under 3 Hours: A Detailed Guide to Orchestrating Containers
• kubernetestutorials.com: Install and Deploy Kubernetes on CentOs 7
• medium.com: Simplifying orchestration with Kubernetes
• aquasec.com: 70 Best Kubernetes Tutorials 🌟 Valuable Kubernetes tutorials from multiple sources, classified into the following categories: Kubernetes AWS and Azure tutorials, networking tutorials, clustering and federation tutorials and more.
• cloud.google.com: kubernetes comic 🌟 Learn about kubernetes and how you can use it for continuous integration and delivery.
• magalix.com: Kubernetes 101 - Concepts and Why It Matters
• Google Play: Learning Solution - Learn Kubernetes 🌟
• Google Play: TomApp - Learn Kubernetes
  • apkplz.net: Learn Kubernetes 1 APK
  • Google Play Search
• Dzone refcard: Getting Started with Kubernetes
• dzone: The complete kubernetes collection tutorials and tools 🌟
• dzone: kubernetes in 10 minutes a complete guide to look
• magalix.com: The Best Kubernetes Tutorials 🌟
• 35 Advanced Tutorials to Learn Kubernetes 🌟
• geekflare.com: 14 Kubernetes Tutorials for Beginner to Master
• freecodecamp.org: The Kubernetes Handbook 🌟
• youtube: Kubernetes Pods and ReplicaSets explained 🌟
• medium: DraftKings Kubernetes Workshop: Hands-on Learning in K8s (with Video Walkthrough)
• 100 Days Of Kubernetes: 100daysofkubernetes.io 🌟 100 Days of Kubernetes is the challenge in which we aim to learn something new related to Kubernetes each day across 100 Days!!!
• youtube playlist: Thetips4you - Kubernetes Tutorial for Beginners 🌟 HPA, Deployments, YAML, Jenkins, etc.
• youtube playlist: DevNation Lessons: Kubernetes Fundamentals 🌟
• amazee.io: Master the Fundamentals of K8s: Kubernetes 101 video series with Jeff Geerling 🌟

THREAD: What happens when you create a Pod in Kubernetes?

Spoiler: a surprisingly simple task reveals a complicated workflow that touches several components in the cluster. pic.twitter.com/SNEufo0lBe

— Daniele Polencic (@danielepolencic) August 6, 2020

<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>

Online Training

• katacoda.com 🌟 Interactive Learning and Training Platform for Software Engineers
• kubernetesbyexample.com 🌟
• Play with Kubernetes 🌟 A simple, interactive and fun playground to learn Kubernetes
• udemy.com: Learn DevOps: The Complete Kubernetes Course 🌟
  • wardviaene/kubernetes-course 🌟
• udemy.com: Learn DevOps: Advanced Kubernetes Usage 🌟
  • wardviaene/advanced-kubernetes-course 🌟
• Certified Kubernetes Administrator CKA course notes — diagrams for each subject area and use as reference for future refresher 🌟
• javarevisited.blogspot.com: Top 5 Free Courses to Learn Kubernetes for Developers and DevOps Engineers

Famous Kubernetes resources of 2019

• Kubernetes for developers
• Kubernetes for the Absolute Beginners
• Kubernetes: Getting Started (Free)
• Kubernetes Tutorial: Learn the Basics
• Complete Kubernetes Course
• Getting started with Kubernetes

Famous Kubernetes resources of 2020

• javarevisited.blogspot.com: Top 5 courses to Learn Docker and Kubernetes in 2020 - Best of Lot
• medium.com: Top 15 Online Courses to Learn Docker, Kubernetes, and AWS for Fullstack Developers and DevOps Engineers
• medium.com: 7 Free Online Courses to Learn Kubernetes in 2020
• skillslane.com: 10 Best Kubernetes Courses [2020]: Beginner to Advanced Courses

K8s Diagrams

• k8s-diagrams 🌟 A collection of diagrams explaining kubernetes by cloudogu, written in PlantUML.

Kubernetes Patterns and Antipatterns. Service Discovery

• github.com/k8spatterns/examples 🌟 Examples for "Kubernetes Patterns - Reusable Elements for Designing Cloud-Native Applications"
• kubernetes.io: container design patterns
• magalix.com: Kubernetes Patterns - The Service Discovery Pattern 🌟
• gardener.cloud: Kubernetes Antipatterns
• dzone.com: Performance Patterns in Microservices-Based Integrations 🌟
• developers.redhat.com: Top 10 must-know Kubernetes design patterns
• medium: 10 Anti-Patterns for Kubernetes Deployments 🌟 Common practices in Kubernetes deployments that have better solutions
• learnsteps.com: How Kubernetes works on reconciler pattern
• learncloudnative.com: Sidecar Container Pattern
• towardsdatascience.com: Kubernetes pattern for applications with external environment configuration 🌟 Learn how to decouple configuration from the application using git-sync, Kubernetes init-containers, ConfigMaps and volumes.
• codefresh.io: Kubernetes Deployment Antipatterns – part 1 🌟
• codefresh.io: Kubernetes Deployment Antipatterns – part 2 🌟
• iximiuz.com: Service discovery in Kubernetes - combining the best of two worlds 🌟
• github.com/sharadbhat/KubernetesPatterns: YAML and Golang implementations of common Kubernetes patterns
• developers.redhat.com: Kubernetes configuration patterns, Part 1: Patterns for Kubernetes primitives 🌟
  • developers.redhat.com: Kubernetes configuration patterns, Part 2: Patterns for Kubernetes controllers 🌟
• learnk8s.io: Extending applications on Kubernetes with multi-container pods 🌟 Can you change an application without changing any code in Kubernetes? You can when you use multiple containers in a single Pod. Developing and deploying new apps in Kubernetes is easy. But what about legacy apps? In Kubernetes, you can use multiple containers in a Pod to change how your application works.
• dev.to: Kubernetes Deployment Antipatterns – part 1 🌟🌟
• ishantgaurav.in: Kubernetes – Sidecar Container Pattern

Books and e-Books

• developers.redhat.com: Kubernetes Operators 🌟
• Kubernetes 101
• learnk8s.io/first-steps
• ubuntuask.com: Best New Kubernetes Books

Famous Kubernetes resources of 2019

• Kubernetes essentials E-book 🌟
• Cloud-Native DevOps With Kubernetes O'Reilly book (Free) 🌟
• Kubernetes: Up and Running, 2nd Edition🌟 Dive into the Future of Infrastructure. By Brendan Burns, Kelsey Hightower, Joe Beda
• Container Security
  • Don't make this container security mistake
• digitalocean.com: From Containers to Kubernetes with Node.js eBook

[](http://shop.oreilly.com/product/0636920223788.do)

Kubernetes Patterns eBooks

• k8spatterns.io: Free Kubernetes Patterns e-book 🌟 , ref
• magalix.com: Free Kubernetes Application Architecture Patterns eBook 🌟

Kubernetes Operators and Controllers

• kruschecompany.com: What is a Kubernetes Operator and Where it Can be Used?
• kruschecompany.com: Prometheus Operator – Installing Prometheus Monitoring Within The Kubernetes Environment
• redhat.com: Kubernetes operators - Embedding operational expertise side by side with containerized applications
• hashicorp.com: Creating Workspaces with the HashiCorp Terraform Operator for Kubernetes
• banzaicloud.com: Kafka rolling upgrade made easy with Supertubes
• devops.com: Day 2 for the Operator Ecosystem 🌟
  • KUDO: The Kubernetes Universal Declarative Operator 🌟 KUDO is a toolkit that makes it easy to build Kubernetes Operators, in most cases just using YAML.
• itnext.io: Operator Lifecycle Manager (OLM) 🌟
• kube-fluentd-operator 🌟 is a sane, no-brainer Kubernetes+Helm distribution of Fluentd with batteries included, config validation, no needs to restart, with sensible defaults and best practices built-in. You can use Kubernetes labels to filter/route logs!
• Domain-harvester is an operator that collects domains from all Ingress resources in a Kubernetes cluster and provides its expiry information
• Cass Operator The DataStax Kubernetes Operator for Apache Cassandra®
• Kotal operator is cloud agnostic blockchain deployer that make it easy to deploy highly available, self-managing, self-healing blockchain infrastructure (networks, nodes, storage clusters ...) on any cloud.
• Speculator: Redis Operator A Golang based redis operator that will make/oversee Redis standalone/cluster mode setup on top of the Kubernetes. It can create a redis cluster setup with best practices on Cloud as well as the Bare metal environment. Also, it provides an in-built monitoring capability using redis-exporter.
• github.com/carlosedp/lbconfig-operator: External Load Balancer Operator 🌟 a Kubernetes/openshift Operator to dynamically configure external load-balancers distributing the traffic to the cluster nodes. It's not 100% (will it ever be?) but already configures the F5 BigIP. The idea is to have multiple LB backends soon.
• Sentry Operator A Kubernetes operator for automating the provisioning and management of Sentry resources via Kubernetes CRDs.
• thenewstack.io: When to Use, and When to Avoid, the Operator Pattern 🌟
• infoq.com: Kubernetes Operators in Depth
• DB Operator 🌟 is a Kubernetes Operator for the management of cloud databases, primarily Google Cloud SQL(GCSQL). It is designed to support the on demand creation of test environments in CI/CD pipelines.
• cncf.io: Kubernetes Operators 101
• container-solutions.com: Kubernetes Operators Explained
• kubeload - load testing is a Kubernetes operator that lets you configure your load-test initial load, max load, interval and hatch-rate. You can use CRD to define all the parameters and repeat your load testing experiments.
• contentful.com: Open-sourcing kube-secret-syncer: A Kubernetes operator to sync secrets from AWS Secrets Manager
  • contentful-labs/kube-secret-syncer 🌟
• registry-creds is a Kubernetes operator that can be used to propagate a single ImagePullSecret to all namespaces within your cluster. The primary reason for creating this operator is to make it easier to consume images from Docker Hub.
• gemini is a Kubernetes CRD and operator for managing VolumeSnapshots. This allows you to back up your PersistentVolumes on a regular schedule, retire old backups, and restore backups with minimal downtime.
• Kdo: deployless development on Kubernetes 🌟 Kdo is a command line tool that enables developers to run, develop and test code changes in a realistic deployed setting without having to deal with the complexity of Kubernetes deployment and configuration.
• HostPort Operator is a Kubernetes Operator to allocate host ports
• iximiuz.com: Exploring Kubernetes Operator Pattern 🌟
• isaaguilar/terraform-operator: Terraform Operator A Kubernetes CRD and Controller to handle Terraform operations by generating k8s jobs catered to perform Terraform workflows
• hashicorp/terraform-k8s: Terraform Cloud Operator for Kubernetes The Terraform Cloud Operator for Kubernetes provides first-class integration between Kubernetes and Terraform Cloud by extending the Kubernetes control plane to enable lifecycle management of cloud and on-prem infrastructure.
• didil/autobucket-operator The autobucket operator is a Kubernetes operator that automatically creates and manages Cloud Buckets (Object Storage) for k8s Deployments.
• openshift.com: Is your Operator Air-Gap Friendly?
• kuberhealthy 🌟 An operator for synthetic monitoring on Kubernetes. Write your own tests in your own container and Kuberhealthy will manage everything else. Automatically creates and sends metrics to Prometheus and InfluxDB. Included simple JSON status page. Supplements other solutions like Prometheus very nicely!
• Bare Metal Operator The Bare Metal Operator implements a Kubernetes API for managing bare metal hosts. It maintains an inventory of available hosts as Custom Resource Definitions.
• Meerkat Meerkat is a Kubernetes Operator that facilitates the deployment of OpenVPN in a Kubernetes cluster. By leveraging Hashicorp Vault, Meerkat securely manages the underlying PKI.
• Logging Operator A golang based CRD operator to setup and manage logging stack (Elasticsearch, Fluentd, and Kibana) in the Kubernetes cluster. It helps to setup each component of the EFK stack separately.
• gst-pipeline-operator: A Kubernetes operator for running audio/video processing pipelines
• uptimerobot-operator A Kubernetes operator that creates UptimeRobot monitors for your ingresses
• medium.com: Getting Started With Kubernetes Operators (Helm Based) - Part 1
  • medium.com: Getting Started With Kubernetes Operators (Ansible Based) — Part 2
  • velotio.com: Getting Started With Kubernetes Operators (Golang Based) - Part 3
• IngressMonitorController (Deprecated) A Kubernetes controller to watch ingresses and create liveness alerts for your apps/microservices in UptimeRobot, StatusCake, Pingdom, etc.
• RBAC Manager 🌟 A Kubernetes operator that simplifies the management of Role Bindings and Service Accounts. RBAC Manager is designed to simplify authorization in Kubernetes. This is an operator that supports declarative configuration for RBAC with new custom resources. Instead of managing role bindings or service accounts directly, you can specify a desired state and RBAC Manager will make the necessary changes to achieve that state.
• KubePlus - Kubernetes Operator to deliver Helm charts as-a-service 🌟
• kubernetes.io: Writing a Controller for Pod Labels
• kubermatic.com: Why Implementing Kubernetes Operators Is a Good Idea! 🌟

Operator Capability Levels

• Operator Capability Levels Operators come in different maturity levels in regards to their lifecycle management capabilities for the application or workload they deliver. The capability models aims to provide guidance in terminology to express what features users can expect from an Operator.

Cluster Addons

• Cluster Addons 🌟 With cluster addon operators, we are exploring a kubernetes-native way of managing addons using CRDs(Custom Resource Definitions) and controllers where the controllers encode how best to manage the addon. Installing and managing an addon could be as simple as creating a custom resource.

K8Spin Operator. Kubernetes multi-tenant operator

• K8Spin Operator 🌟 Kubernetes multi-tenant operator. Enables multi-tenant capabilities in your Kubernetes Cluster. We defined some small features to implement. If you know python & Kubernetes and want to contribute to this project, ping us!
• thenewstack.io: K8Spin Provides Multitenant Isolation for Kubernetes
• Discover K8Spin open source software

Flux. The GitOps Operator for Kubernetes

• Flux 🌟 The GitOps operator for Kubernetes
• docs.fluxcd.io
• github: Flux CD
• dzone: Developing Applications on Multi-tenant Clusters With Flux and Kustomize Take a look at how multiple teams can use the resources of a single cluster to develop an application.
• alicegg.tech: Managing a Kubernetes cluster with Helm and FluxCD

K8s KPIs with Kuberhealthy Operator

• K8s KPIs with Kuberhealthy 🌟 transforming Kuberhealthy into a Kubernetes operator for synthetic monitoring. This new ability granted developers the means to create their own Kuberhealthy check containers to synthetically monitor their applications and clusters. Additionally, we created a guide on how to easily install and use Kuberhealthy in order to capture some helpful synthetic KPIs.

Writing Kubernetes Operators and Controllers

• Kubernetes.io: Operator pattern
• opensource.com: Build a Kubernetes Operator in 10 minutes with Operator SDK
• itnext.io: Testing the Operator SDK and making a prefetch mechanism for Kubernetes
• magalix.com: Creating Custom Kubernetes Operators
• medium.com: Writing Your First Kubernetes Operator
• bmc.com: What Is a Kubernetes Operator?
• Writing a Kubernetes Operator in Java Cheat Sheet
• linuxera.org: Writing Operators using the Operator Framework SDK
• openshift.com: 7 Best Practices for Writing Kubernetes Operators: An SRE Perspective
• medium: From Zero to Kubernetes Operator In this post you will learn how to build a simple Kubernetes Operator. The article starts with the main concepts and then continues with hands-on labs where you will create a Kubernetes Operator from the ground up.
• openshift.com: Build Your Kubernetes Operator With the Right Tool 🌟 Go-based operators are by far the most popular. That is why Go is probably the first option to consider. The other good choice is Helm, especially if you already have a Helm chart for your software or you want to build your operator quickly and you don't need any complex capability levels. I'd leave Operator Frameworks or Bare Programming Language implementations only for the cases when keeping a single programming language in your organization is a priority.
• codilime.com: How to create a custom resource with Kubernetes Operator Implementing DaemonJob from scratch learn how to create a custom resource with the Kubernetes Operator Framework.
• rookout.com: Lessons Learned When Building A Kubernetes Operator
• pavel.cool: Oxidizing the Kubernetes operator
• brennerm.github.io: Kubernetes operators with Python #1: Creating CRDs
• vivilearns2code.github.io: Writing Controllers For Kubernetes Resources
• cloudark.medium.com: Writing Kubernetes Custom Controllers

Kubernetes Networking

• kubernetes.io: The Kubernetes network model. How to implement the Kubernetes networking model
• ovh.com - getting external traffic into kubernetes: clusterip, nodeport, loadbalancer and ingress
• stackrox.com: Kubernetes Networking Demystified: A Brief Guide
• medium.com: Fighting Service Latency in Microservices With Kubernetes
• medium.com: Kubernetes NodePort vs LoadBalancer vs Ingress? When should I use what? 🌟
• blog.alexellis.io: Get a LoadBalancer for your private Kubernetes cluster
• dustinspecker.com: How Do Kubernetes and Docker Create IP Addresses?!
• youtube: Kubernetes Ingress Explained Completely For Beginners
• AWS and Kubernetes Networking Options and Trade-Offs (part 1)
• AWS and Kubernetes Networking Options and Trade-Offs (part 2)
• AWS and Kubernetes Networking Options and Trade-Offs (part 3)
• medium: Service Types in Kubernetes? 🌟 A Service enables network access to a set of Pods in Kubernetes.
• containo.us: Kubernetes Ingress & Service API Demystified
• speakerdeck.com: Kubernetes and networks. Why is this so dan hard? 🌟
• opensource.com: Why I use Ingress Controllers to expose Kubernetes services Kubernetes ingress controllers will make or break your cloud architecture.
• blog.nody.cc: Verify your Kubernetes Cluster Network Policies: From Faith to Proof
• infoq.com: Kubernetes Ingress Is Now Generally Available
• Learnk8s: Comparison of Kubernetes Ingress Controllers 🌟🌟 How do you choose the right Kubernetes Ingress controller when: Not all Ingress controllers support UDP, Only Kong has a free LDAP integration, Nginx Ingress and HAProxy are the only two ingress without CRDs.
• blog.alexellis.io: Get kubectl access to your private cluster from anywhere
• jmrobles.medium.com: How to setup Hetzner load balancer on a Kubernetes cluster
• kubernetes.io: Scaling Kubernetes Networking With EndpointSlices EndpointSlices are a new Kubernetes API that provides a scalable and extensible alternative to the Endpoints API.
• haproxy.com: Announcing HAProxy Kubernetes Ingress Controller 1.5 🌟
• devclass.com: HAProxy Ingress Controller 1.5 introduces mTLS support, gives load balancing experts more power
• thenewstack.io: HAProxy Kubernetes Ingress Controller Moves Outside the Cluster
• suse.com: NGINX Guest Blog: NGINX Kubernetes Ingress Controller 🌟
• dustinspecker.com: iptables: How Kubernetes Services Direct Traffic to Pods In this article you will learn how Kubernetes's kube-proxy uses iptables to direct traffic to pods randomly. You'll focus on the ClusterIP type of Kubernetes services.
• blog.cloudflare.com: Moving k8s communication to gRPC
• tech2fun.net: K8s Nginx Ingress Handling TLS Traffic and Using Pod Readiness Probes
• K8GB - Kubernetes Global Balancer - openshift.com: K8GB - Kubernetes Global Balancer
• altoros.com: Kubernetes Networking: How to Write Your Own CNI Plug-in with Bash
• Network Node Manager network-node-manager is a kubernetes controller that controls the network configuration of a node to resolve network issues of kubernetes. By simply deploying and configuring network-node-manager, you can solve kubernetes network issues that cannot be resolved by kubernetes or resolved by the higher kubernetes Version. Below is a list of kubernetes's issues to be resolved by network-node-manager. network-node-manager is based on kubebuilder v2.3.1.
• getenroute.io: Drive API Security At Kubernetes Ingress Using Helm And Envoy 🌟
• ithands-on.com: Kubernetes 101 : External services - ExternalName, DNS and Endpoints
• ibm.com: Multizone Kubernetes and VPC Load Balancer Setup Securely expose your Kubernetes app by setting up a Load Balancer for VPC in a different zone.
• opensource.googleblog.com: Kubernetes: Efficient Multi-Zone Networking with Topology Aware Routing
• nbailey.ca: Domesticated Kubernetes Networking
• sookocheff.com: A Guide to the Kubernetes Networking Model 🌟
• build.thebeat.co: A curious case of AWS NLB timeouts in Kubernetes A debugging adventure that allowed us to solve the tail latencies our Kubernetes applications were experiencing when talking with our AWS NLB.
• dzone: Multizone Kubernetes and VPC Load Balancer Setup Securely expose your Kubernetes app by setting up a Load Balancer for VPC in a different zone.
• ingressbuilder.jetstack.io 🌟🌟 Ingress Builder allows users to select any annotation from the list of available controllers, to add to the ingress manifest.
• itnext.io: Generating Kubernetes Network Policies Automatically By Sniffing Network Traffic 🌟 This blog post is about an experiment to automate creation of Kubernetes Network Policies based on actual network traffic captured from applications running on a Kubernetes cluster - code
• medium: Using nginx-ingress controller to restrict access by IP (ip whitelisting) for a service deployed to a Kubernetes (AKS) cluster
• openshift.com: gRPC or HTTP/2 Ingress Connectivity in OpenShift 🌟
• inlets.dev: Fixing Ingress for short-lived local Kubernetes clusters
• nginx.com: How to Simplify Kubernetes Ingress and Egress Traffic Management
• blog.teamhephy.info: Running Workflow Without Any LoadBalancer
• blog.alexellis.io: Get a public LoadBalancer for your private Kubernetes cluster 🌟
• searchitoperations.techtarget.com: Differences between Kubernetes Ingress vs. load balancer To manage Kubernetes cluster traffic, admins have a few choices. Compare Kubernetes Ingress vs. load balancers, as well as the NodePort and ClusterIP service types.
• monzo.com: Controlling outbound traffic from Kubernetes
• medium: Access Application Externally In Kubernetes Cluster using Load Balancer Service Learn how to create a Pod and how to create a Load Balancer service using Kubernetes cluster. And access the application from outside.
• itnext.io: Why and How of Kubernetes Ingress (and Networking) 🌟
• techdozo.dev: gRPC load balancing on Kubernetes (using Headless Service)
• thenewstack.io: ZeroLB, a New Decentralized Pattern for Load Balancing
• ungleich.ch: Making kubernetes kube-dns publicly reachable
• ungleich.ch: Building Ingress-less Kubernetes Clusters

Gateway API

• gateway-api.sigs.k8s.io 🌟 Gateway API is an open source project managed by the SIG-NETWORK community. It's is a collection of resources that model service networking in Kubernetes. These resources - GatewayClass,Gateway, HTTPRoute, TCPRoute, Service, etc - aim to evolve Kubernetes service networking through expressive, extensible, and role-oriented interfaces that are implemented by many vendors and have broad industry support.
• kubernetes.io: Evolving Kubernetes networking with the Gateway API
• thenewstack.io: Unifying Kubernetes Service Networking (Again) with the Gateway API 🌟 The Gateway API, formerly known as the Services API and before that Ingress V2, was first discussed in detail — and in-person — at Kubecon 2019 in San Diego. There were already many well-known and well-documented limitations of Ingress and Kubernetes networking APIs. The Gateway API was intended as a redo of these APIs, built on the lessons from Services, Ingress and the service mesh community.

Multicloud communication for Kubernetes

• developers.redhat.com: Use Skupper to connect multiple Kubernetes clusters 🌟 - skupper.io Multicloud communication for Kubernetes. Skupper is a layer 7 service interconnect. It enables secure communication across Kubernetes clusters with no VPNs or special firewall rules. With Skupper, your application can span multiple cloud providers, data centers, and regions.

Kubernetes Network Policy

• howtoforge.com: Network Policy in Kubernetes 🌟 By default, pods accept traffic from any source. A network policy helps to specify how a group of pods can communicate with each other and other network endpoints.
• medium: How to Provision Network Policies in Kubernetes | AWS 🌟
• learncloudnative.com: Kubernetes Network Policy
• bionconsulting.com: Kubernetes Network Policies
  • bionconsulting.com: Kubernetes Network Policies - Part 2
• thenewstack.io: The Kubernetes Network Security Effect 🌟 Kubernetes has a built-in object for managing network security: NetworkPolicy. While it allows the user to define the relationship between pods with ingress and egress policies, it is basic and requires very precise IP mapping of a solution — which changes constantly, so most users I’ve talked to are not using it.
• faun.pub: Control traffic flow to and from Kubernetes pods with Network Policies
• openshift.com: Network Policies: Controlling Cross-Project Communication on OpenShift

Cilium

• cilium.io 🌟 eBPF-based Networking, Observability, and Security
• cilium.io: NetworkPolicy Editor: Create, Visualize, and Share Kubernetes NetworkPolicies 🌟
• editor.cilium.io 🌟 Learn how to create Network Policies for Kubernetes using an interactive playground
• buoyant.io: Kubernetes network policies with Cilium and Linkerd

<script async class="speakerdeck-embed" data-id="9251193501114da199d70b2a679c552f" data-ratio="1.77777777777778" src="//speakerdeck.com/assets/embed.js"></script>

Kubernetes Ingress Specification

• Supporting the Evolving Ingress Specification in Kubernetes 1.18
• medium: Ingress service types in Kubernetes 🌟

Xposer Kubernetes Controller To Manage Ingresses

• Xposer 🌟 A Kubernetes controller to manage (create/update/delete) Kubernetes Ingresses based on the Service
  • Problem: We would like to watch for services running in our cluster; and create Ingresses and generate TLS certificates automatically (optional)
  • Solution: Xposer can watch for all the services running in our cluster; Creates, Updates, Deletes Ingresses and uses certmanager to generate TLS certificates automatically based on some annotations.

Software-Defined IP Address Management (IPAM)

• IP Address Management (IPAM)
• fusionlayer.com: Software-Defined IP Address Management (IPAM)
  • Cloud computing and service automation are changing the way in which applications and data are being delivered and consumed. The existing 30-year-old networking model is failing to keep up with the automated service architectures and the Internet of Things (IoT) based on end-to-end automation.
  • To facilitate the migration to cloud-era computing, service providers and data centers must add networking into the automated service workflows. This requires agility and elasticity that traditional networking products are not designed to provide. As IT environments of tomorrow involve a plethora of orchestrators and controllers spinning up services and applications inside shared networks, they all must be managed and provisioned by a unified solution authoritative for all network-related information.

CNI Container Networking Interface

• Kubernetes.io: Network Plugins
• rancher.com: Container Network Interface (CNI) Providers
• github.com/containernetworking 🌟
  • CNI
• dzone: How to Understand and Set Up Kubernetes Networking 🌟 Take a look at this tutorial that goes through and explains the inner workings of Kubernetes networking, including working with multiple networks.
• medium: Container Networking Interface aka CNI
• itnext.io: Benchmark results of Kubernetes network plugins (CNI) over 10Gbit/s network (Updated: August 2020)

List of existing CNI Plugins (IPAM)

• Kubernetes Networking
• Overlay Network plugins:
  • Flannel
  • Weave-net
• Routed Network Plugins:
  • AWS-VPC
  • kube-router
  • Calico
  • Canal
  • VMware-tanzu Antrea
• IPAM modules:
  • dhcp
  • host-local
• Multi CNI plugins:
  • Damn
  • Multus
  • CNI-Genie

[](https://thenewstack.io/tigera-aims-ease-connectivity-pain-kubernetes/)

Project Calico

• tigera.io
• Project Calico 🌟 Secure networking for the cloud native era
• medium: Calico for Kubernetes networking: the basics & examples
• thenewstack.io: Tigera's Calico Aims to Ease Connectivity Pain with Kubernetes
• projectcalico.org: Advertising Kubernetes Service IPs with Calico and BGP
• mhmxs.blogspot.com: Autoscaling Calico Route Reflector topology in Kubernetes

DNS Service with CoreDNS

• medium: How to Autoscale the DNS Service in a Kubernetes Cluster
• thenewstack.io: Supercharge CoreDNS with Cluster Addons 🌟
• sysdig.com: How to monitor coreDNS 🌟 The most common problems and outages in a Kubernetes cluster come from coreDNS, so learning how to monitor coreDNS is crucial.

Kubernetes Node Local DNS Cache

• NodeLocal DNSCache
• Kubernetes Node Local DNS Cache

Kubernetes Sidecars

• banzaicloud.com: Sidecar container lifecycle changes in Kubernetes 1.18 🌟
• medium: Delaying application start until sidecar is ready Taking advantage of a peculiar Kubernetes implementation detail to block containers from starting before another container starts.

Kubernetes Security

• cilium.io
• Dzone - devops security at scale
• Dzone - Kubernetes Policy Management with Kyverno
  • github Kyverno - Kubernetes Native Policy Management
  • nirmata.com: Auto-labeling Kubernetes resources with Kyverno
• Dzone - OAuth 2.0
• Kubernetes Security Best Practices 🌟
• jeffgeerling.com: Everyone might be a cluster-admin in your Kubernetes cluster
• Microsoft.com: Attack matrix for Kubernetes 🌟
• codeburst.io: 7 Kubernetes Security Best Practices You Must Follow
• thenewstack.io: Laying the Groundwork for Kubernetes Security, Across Workloads, Pods and Users
• horovits.wordpress.com: Kubernetes Security Best Practices
• containerjournal.com: How to Secure Your Kubernetes Cluster 🌟
• medium: How to Harden Your Kubernetes Cluster for Production 🌟
• kubernetes.io: Cloud native security for your clusters
• tldrsec.com: Risk8s Business: Risk Analysis of Kubernetes Clusters 🌟 A zero-to-hero guide for assessing the security risk of your Kubernetes cluster and hardening it.
• microsoft.com: Threat matrix for Kubernetes 🌟
• labs.bishopfox.com: Bad Pods: Kubernetes Pod Privilege Escalation 🌟 What are the risks associated with overly permissive pod creation in Kubernetes? The answer varies based on which of the host’s namespaces and security contexts are allowed. In this post, I will describe eight insecure pod configurations and the corresponding methods to perform privilege escalation. This article and the accompanying repository were created to help penetration testers and administrators better understand common misconfiguration scenarios.
• sysdig.com: Kubernetes Security Guide 🌟 Best practices, guidance and steps for implementing Kubernetes security.
• resources.whitesourcesoftware.com: Kubernetes Security Best Practices 🌟
• sysdig.com: Getting started with Kubernetes audit logs and Falco 🌟
• thenewstack.io: Jetstack Secure Promises to Ease Kubernetes TLS Security
• thenewstack.io: Best Practices for Securely Setting up a Kubernetes Cluster
• stackrox/Kubernetes_Security_Specialist_Study_Guide 🌟
• thenewstack.io: A Security Comparison of Docker, CRI-O and Containerd 🌟
• github.com/stackrox: Certified Kubernetes Security Specialist Study Guide 🌟
• youtube: Kubernetes Security: Attacking and Defending K8s Clusters - by Magno Logan
• cncf.io: Kubernetes Security 🌟
• microsoft.com: Secure containerized environments with updated threat matrix for Kubernetes
• kyverno.io 🌟 Kubernetes Native Policy Management. Open Policy Agent? That’s old school. Securely manage workloads on your kubernetesio clusters with this handy new tool, Kyverno.Kyverno is a policy engine designed for Kubernetes. With Kyverno, policies are managed as Kubernetes resources and no new language is required to write policies. This allows using familiar tools such as kubectl, git, and kustomize to manage policies. Kyverno policies can validate, mutate, and generate Kubernetes resources. The Kyverno CLI can be used to test policies and validate resources as part of a CI/CD pipeline. youtube: The Way of the Future | Kubernetes Policy Management with Kyverno - youtube: Securing and Automating Kubernetes with Kyverno
  • kyverno.io/policies 🌟 K8s policies available in the community repository
• cyberark.com: Attacking Kubernetes Clusters Through Your Network Plumbing: Part 1
• redkubes.com: 10 Kubernetes Security Risks & Best Practices
• thenewstack.io: Defend the Core: Kubernetes Security at Every Layer
• techmanyu.com: Kubernetes Security with Kube-bench and Kube-hunter 🌟
  • kube-bench 🌟 Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
  • kube-hunter 🌟 Hunt for security weaknesses in Kubernetes clusters
  • k21academy.com: Secure and Harden Kubernetes, AKS and EKS Cluster with kube-bench, kube-hunter and CIS Benchmarks 🌟
• Analyze Kubernetes Audit logs using Falco 🌟 Detect intrusions that happened in your Kubernetes cluster through audit logs using Falco
• blog.kasten.io: Kubernetes Ransomware Protection with Kasten K10 v4.0
• helpnetsecurity.com: Kubestriker: A security auditing tool for Kubernetes clusters 🌟 Kubestriker is an open-source, platform-agnostic tool for identifying security misconfigurations in Kubernetes clusters.
• Kubernetes Goat 🌟 is designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.
• itnext.io: How-To: Kubernetes Cluster Network Security 🌟
• gist.github.com: How to protect your ~/.kube/ configuration
• levelup.gitconnected.com: Enforce Audit Policy in Kubernetes (k8s)
• snyk.io: 10 Kubernetes Security Context settings you should understand
• magalix.com: Top 8 Kubernetes Security Best Practices 🌟
• redhat.com: The State of Kubernetes Security
• igorzhivilo.com: Network policy and Calico CNI to Secure a Kubernetes cluster
• fairwinds.com: Discover the Top 5 Kubernetes Security Mistakes You're (Probably) Making
• tigera.io: Kubernetes security policy design: 10 critical best practices 🌟
• empresas.blogthinkbig.com: Descubierta una vulnerabilidad en Kubernetes que permite acceso a redes restringidas (CVE-2020-8562)
• thenewstack.io: Kubernetes: An Examination of Major Attacks 🌟 Constant vigilance is required to ensure that cloud infrastructure is locked down and that DevSecOps teams have the right tools for the job.
• nsa.gov: NSA, CISA release Kubernetes Hardening Guidance 🌟🌟
  • Kubernetes Hardening Guidance 🌟🌟
  • thenewstack.io: The NSA Can Help Secure Your Kubernetes Clusters
  • therecord.media: NSA, CISA publish Kubernetes hardening guide 🌟🌟
    • Scan containers and Pods for vulnerabilities or misconfigurations.
    • Run containers and Pods with the least privileges possible.
    • Use network separation to control the amount of damage a compromise can cause.
    • Use firewalls to limit unneeded network connectivity and encryption to protect confidentiality.
    • Use strong authentication and authorization to limit user and administrator access as well as to limit the attack surface.
    • Use log auditing so that administrators can monitor activity and be alerted to potential malicious activity.
    • Periodically review all Kubernetes settings and use vulnerability scans to help ensure risks are appropriately accounted for and security patches are applied.
  • cloud.redhat.com: OpenShift and the NSA-CISA ‘Kubernetes Hardening Guidance’ Red Hat OpenShift is the quickest path to meeting the NSA’s Kubernetes hardening guidance
  • Kubescape 🌟 kubescape is the first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by to NSA and CISA. Tests are configured with YAML files, making this tool easy to update as test specifications evolve.

[](https://www.blackhat.com/)

Service Accounts

• Service account is an important concept in terms of Kubernetes security. You can relate it to AWS instance roles and google cloud instance service account if you have a cloud background. By default, every pod gets assigned a default service account if you don't specify a custom service account. Service account allows pods to make calls to the API server to manage the cluster resources using ClusterRoles or resources scoped to a namespace using Roles. Also, you can use the Service account token from external applications to make API calls to the kubernetes API server.
  • devopscube.com: How To Create Kubernetes Service Account For API Access
  • devopscube.com: How to Create kubernetes Role for Service Account
  • github.com/scriptcamp/kubernetes-serviceaccount-example Example Kubernetes manifests to create service account mapped to Rolebinding.
• medium: Working with Service Account In Kubernetes 🌟 How to configure a service account in Kubernetes and manage it?
• github.com/dvob/k8s-s2s-auth: Kubernetes Service Accounts 🌟 Service accounts are well known in Kubernetes to access the Kubernets API from within the cluster. This is often used for infrastructure components like operators and controllers. But we can also use service accounts to implement authentication in our own applications. This README tries to give an overview on how service accounts work and and shows a couple of variants how you can use them for authentication. Further this repository contains an example Go service which shows how to implement the authentication in an application.
• sandeepbaldawa.medium.com: Service Accounts in K8s (Kubernetes)

Kubernetes Secrets

• cncf.io: Revealing the secrets of Kubernetes secrets 🌟 In this article you will learn how to protect Secrets in your Kubernetes cluster
• Hands on your first Kubernetes secrets 🌟
• dev.to: Store your Kubernetes Secrets in Git thanks to Kubeseal. Hello SealedSecret! 🌟
• blog.doit-intl.com: Kubernetes and Secrets Management in the Cloud
• itnext.io: Effective Secrets with Vault and Kubernetes
• kubernetes.io: Encrypting Secret Data at Rest 🌟
• "Kubernetes base64 encodes secrets because that makes arbitrary data play nice with JSON. It had nothing to do with the security model (or lack thereof). It did not occur to us at the time that people could mistake base64 for some form of encryption"
  • "I've always wondered how folks expect a system would be able to protect data at rest like that. If the public key and private key are local on the machine - nothing is secure no matter what algorithm is used"
  • "The issue is not new or unique to k8s. There is a general confusion between encoding and encryption. Ask any web dev about base64, and there is a good chance they'll tell you it's encryption"
  • "The test is clearly wrong if that is the word used, literally everything is encoded somehow. If they meant encrypted instead, then it's half true, secrets are encrypted in transit but only at rest if a KMS plugin is used"
  • "The semantics are important. Easy to grant an RBAC policy like "read only except secrets"
  • "I just meant that base64 prevents you from logging a secret in plain text by accident… but many more layers are required to keep your secrets secret"
  • "You need to configure how the key is managed and ideally opt into something like KMS plugin (which depends on how the cluster is hosted) to make it good"
• redhat.com: Managing secrets for Kubernetes pods
• enterprisersproject.com: How to explain Kubernetes Secrets in plain English 🌟 What is a Kubernetes secret? How does this type of Kubernetes object increase security? How do you create a Kubernetes secret? What are some best practices? Experts break it down
• millionvisit.blogspot.com: Kubernetes for Developers #19: Manage app credentials using Kubernetes Secrets 🌟

Kubernetes base64 encodes secrets because that makes arbitrary data play nice with JSON. It had nothing to do with the security model (or lack thereof). It did not occur to us at the time that people could mistake base64 for some form of encryption.

— Daniel Smith (@originalavalamp) July 4, 2021

<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>

Encrypting the certificate for Kubernetes. SSL certificates with Let's Encrypt in Kubernetes Ingress via cert-manager

• Kubernetes Certs
• Using SSL certificates from Let’s Encrypt in your Kubernetes Ingress via cert-manager 🌟
• medium: Encrypting the certificate for Kubernetes (Let’s Encrypt) 🌟
• rejupillai.com: Let’s Encrypt the Web (for free)
• betterprogramming.pub: Kubernetes and SSL Certificate Management 🌟 Manage SSL certificate orders in K8s with Helm and Let’s Encrypt.

#OAuth has 4 Flows for retrieving an Access Token.

If you have worked with it, you know how difficult is it to remember what is what.

A Zine says a lot, seriously a lot. Check this out.
Idea credits @b0rk #IAM #security #infosec #webdev #web #webcomic #webcomics
RT if useful pic.twitter.com/fbrls0V08K

— Rohit (@sec_r0) January 8, 2021

<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>

RBAC

• Configure RBAC in Kubernetes Like a Boss 🌟 Learn how to configure RBAC in kubernetes. In this post, you will configure RBAC both with kubectl and yaml definitions.
• infracloud.io: How to setup Role based access (RBAC) to Kubernetes Cluster 🌟
• Kubernetes RBAC Permission Manager 🌟
• Krane 🌟 is a Kubernetes RBAC static analysis tool. It identifies potential security risks in K8s RBAC design and makes suggestions on how to mitigate them. Krane dashboard presents current RBAC security posture and lets you navigate through its definition.
• rbac.dev 🌟🌟🌟 advocacy site for Kubernetes RBAC. A site dedicated to good practices and tooling around Kubernetes RBAC. Both pull requests and issues are welcome.
  • For recipes, tips and tricks around RBAC see recipes.rbac.dev 🌟
• github.com/clvx/k8s-rbac-model: Kubernetes RBAC Model This is a implementation of a RBAC model for a multi project multi tenant Kubernetes cluster.

Admission Control

• blog.styra.com: Why RBAC is not enough for kubernetes security 🌟🌟

Security Best Practices Across Build, Deploy, and Runtime Phases

• Kubernetes Security 101: Risks and 29 Best Practices 🌟
• Build Phase:
  1. Use minimal base images
  2. Don’t add unnecessary components
  3. Use up-to-date images only
  4. Use an image scanner to identify known vulnerabilities
  5. Integrate security into your CI/CD pipeline
  6. Label non-fixable vulnerabilities
• Deploy Phase:
  1. Use namespaces to isolate sensitive workloads
  2. Use Kubernetes network policies to control traffic between pods and clusters
  3. Prevent overly permissive access to secrets
  4. Assess the privileges used by containers
  5. Assess image provenance, including registries
  6. Extend your image scanning to deploy phase
  7. Use labels and annotations appropriately
  8. Enable Kubernetes role-based access control (RBAC)
• Runtime Phase:
  1. Leverage contextual information in Kubernetes
  2. Extend vulnerability scanning to running deployments
  3. Use Kubernetes built-in controls when available to tighten security
  4. Monitor network traffic to limit unnecessary or insecure communication
  5. Leverage process whitelisting
  6. Compare and analyze different runtime activity in pods of the same deployments
  7. If breached, scale suspicious pods to zero

[](https://www.stackrox.com/post/2020/05/kubernetes-security-101/)

Kubernetes Authentication and Authorization

• kubernetes.io: Authenticating
• kubernetes.io: Access Clusters Using the Kubernetes API
• kubernetes.io: Accesing Clusters
• magalix.com: kubernetes authentication 🌟
• magalix.com: kubernetes authorization 🌟
• kubernetes login
• learnk8s.io: Authentication between microservices using Kubernetes identities 🌟

Kubernetes Authentication Methods

Kubernetes supports several authentication methods out-of-the-box, such as X.509 client certificates, static HTTP bearer tokens, and OpenID Connect.

X.509 client certificates

• Kubernetes Authentication and Authorization with X509 client certificates

Static HTTP Bearer Tokens

• kubernetes.io: Access Clusters Using the Kubernetes API
• stackoverflow: Accessing the Kubernetes REST end points using bearer token

OpenID Connect

• OpenID Connect

Implementing a custom Kubernetes authentication method

• Implementing a custom Kubernetes authentication method

Pod Security Policies (SCCs - Security Context Constraints in OpenShift)

• Pod Security Policy (SCC in OpenShift) 🌟
• rancher.com: Enhancing Kubernetes Security with Pod Security Policies, Part 1
  • rancher.com: Enhancing Kubernetes Security with Pod Security Policies, Part 2
• developer.squareup.com: Kubernetes Pod Security Policies (PSP) an example with exception management
• itnext.io: Implementing a Secure-First Pod Security Policy Architecture
• Neon Mirrors: Kubernetes Policy Comparison: OPA/Gatekeeper vs Kyverno

EKS Security

• Security Group Rules EKS
• EC2 ENI and IP Limit
• Calico in EKS
• Amazon EKS Best Practices Guide for Security 🌟
  • EKS Best Practices Guide for Security 🌟
• medium.com: Securing Kubernetes Dashboard on EKS with Pomerium

Kubernetes Scheduling and Scheduling Profiles

• Kubernetes Scheduling
• Scheduling Profiles

Assigning Pods to Nodes. Pod Affinity and Anti-Affinity

• Affinity and anti-affinity

Pod Topology Spread Constraints and PodTopologySpread Scheduling Plugin

• Pod Topology Spread Constraints
• Introducing PodTopologySpread plugin

Kubernetes etcd

• medium: How to modify etcd data of your Kubernetes directly (without K8s API)
• medium: Getting Started with Kubernetes etcd
• sysdig.com: How to monitor etcd 🌟 Learning how to monitor etcd is of vital importance when running Kubernetes in production. Monitoring etcd will let you validate that things work as expected, while detecting and troubleshooting issues that could take your entire infrastructure down.
• learnk8s.io: How etcd works with and without Kubernetes 🌟

Kubernetes Storage

• Cloud Native Storage

• itnext.io: Kubernetes: PersistentVolume and PersistentVolumeClaim — an overview with examples
• thenewstack.io: How Kubernetes provides networking and storage to applications
• medium: Kubernetes Storage Explained 🌟 kubernetes/volumes/claims

Kubernetes Volumes Guide

• Filesystem vs Volume vs Persistent Volume 🌟
• This is a guide that covers:
  • How to set up and use volumes in Kubernetes
  • What are persistent volumes, and how to use them
  • How to use an NFS volume
  • Shared data and volumes between pods

ReadWriteMany PersistentVolumeClaims

• Create ReadWriteMany PersistentVolumeClaims on your Kubernetes Cluster 🌟 Kubernetes allows us to provision our PersistentVolumes dynamically using PersistentVolumeClaims. Pods treat these claims as volumes. The access mode of the PVC determines how many nodes can establish a connection to it. We can refer to the resource provider’s docs for their supported access modes.
• Digital Ocean: Kuberntes PVC ReadWriteMany access mode alternative

Non-production Kubernetes Local Installers. Kubernetes distributions for local environments

• Minikube A tool that makes it easy to run Kubernetes locally inside a Linux VM. It's aimed on users who want to just test it out or use it for development. It cannot spin up a production cluster, it's a one node machine with no high availability.
  • murchie85.github.io: Installling minikube
  • itnext.io: How to experiment locally on Kubernetes with minikube and your local Dockerfiles
• kind Kubernetes IN Docker - local clusters for testing Kubernetes
  • kubernetes-development-environment-in-a-box This project is geared toward running multiple isolated KinD cluster on a single instance. This project produces an AMI image that can run an instance that has Docker and multiple isolated Kubernetes clusters running in it using KinD. The main use case is to setup one node that can run multiple fully isolated Kubernetes cluster on it for development purposes.
• store.docker.com: Docker Community Edition EDGE with kubernetes. Installing Kubernetes using the Docker Client Currently only available in Edge edition.
• medium.com: Local Kubernetes for Linux — MiniKube vs MicroK8s
• itnext.io: Run Kubernetes On Your Machine Several options to start playing with K8s in no time
• padok.fr: MiniKube, Kubeadm, Kind, K3S, how to get started on Kubernetes?
• loft.sh: Kubernetes Development Environments – A Comparison
• opensource.com: 4 ways to run Kubernetes locally Set up a local development environment or just try out the container orchestration platform with these tools.
• dex.dev: Local Development Clusters
• itnext.io: Kubernetes local playground alternatives
• dex.dev: Local Development Clusters
• blog.radwell.codes: What’s the best Kubernetes distribution for local environments? 🌟
• Metal Kubes Create OnPrem Kubernetes Cluster. Install Kubernetes Cluster on Bare Metal Machines

Telepresence local development for k8s and openshift microservices

• telepresence.io 🌟 Fast, local development for kubernetes and openshift microservices.
• telepresence.io: Debug a Kubernetes service locally 🌟 Imagine you have a service running in a cluster, and someone reports a bug. You want to run the service locally but how? Enter Telepresence
• betterprogramming.pub: Do Faster Development and Testing on Kubernetes Apps With Telepresence Use Telepresence to instantly deploy your code change to a Kubernetes cluster
• telepresence.io: Intercept a service in your own environment 🌟 Today, I needed to intercept traffic sent to the application running on Kubernetes and forward it to the local dev instance.

Managed Kubernetes in Public Cloud

• infoworld.com: 6 reasons to switch to managed Kubernetes Managed Kubernetes services have matured to the point where many enterprises are handing over the keys to their clusters. Here we identify some of the main drivers behind that trend.

GKE vs EKS vs AKS

• medium.com: Kubernetes Cloud Services: Comparing GKE, EKS and AKS
• stackrox.com: EKS vs GKE vs AKS - Evaluating Kubernetes in the Cloud
• youtube: Kubernetes Comparison A beautiful comparison of Kubernetes Services from GCP, AWS and Azure by learnk8s.
  • learnk8s.io/research: Comparison of Kubernetes managed services 🌟
• medium: State of Managed Kubernetes 2020 EKS vs. AKS vs. GKE from a Developer’s Perspective
• medium: Managed Kubernetes Services Compared: GKE vs. EKS vs. AKS Comparing the three most popular managed Kubernetes platforms in features and overall experience.
• acloudguru.com: AKS vs EKS vs GKE: Managed Kubernetes services compared

Other Managed Kubernetes

• thenewstack.io: Otomi Container Platform Offers an Integrated Kubernetes Bundle If you want to enjoy the benefits of Kubernetes, configuring and installing the software itself can be just the first of many deeply technical and oftentimes confusing steps. To simplify this, many major cloud providers offer managed Kubernetes services, but even then you may need to install secondary services to handle tasks such as tracing, logging, monitoring, identity access management, and so on. The Otomi Container Platform looks to address this complexity by bundling together more than 30 different Kubernetes add-ons, as well as providing what it calls an “OSX like interface,” and today the project has open sourced a community edition under the Apache 2.0 license.
  • otomi.io 🌟
  • github: Otomi

AWS EKS (Hosted/Managed Kubernetes on AWS)

• dzone: kops vs EKS
• udemy.com: amazon eks starter kubernetes on aws
• eksctl: EKS installer
• medium: Implementing Kubernetes Cluster using AWS EKS (AWS Managed Kubernetes)
• Amazon EKS Security Best Practices
• thenewstack.io: Install and Configure OpenEBS on Amazon Elastic Kubernetes Service
• cloudonaut.io: Scaling Container Clusters on AWS: ECS and EKS 🌟
• magalix.com: Deploying Kubernetes Cluster With EKS 🌟 Fargate Deployment vs. Linux Workload
• Deploying Infrastructure (FrontEnd + BackEnd) on AWS using Amazon EKS
• EKS Service Accounts Explained In AWS you can assign IAM permissions to pods in your cluster. This article explains how it works.
• medium: Building the CI/CD of the Future, Creating the EKS Cluster 🌟
• Announcing the AWS Controllers for Kubernetes Preview
• daveops.xyz: Administrar usuarios en EKS
• aws.github.io: AWS Controllers for Kubernetes
• stacksimplify.com: AWS ALB Ingress Service - Basics 🌟
• Kubernetes PVCs with EFS provisioner
• Using Helm with Amazon EKS without kubeconfigs
• Running spot instances effectively with Amazon EKS
• medium: Designing a Kubernetes Cluster with Amazon EKS From Scratch 🌟
• en.sokube.ch: AWS + Kubernetes = AWS Elastic Kubernetes Service (EKS) 🌟
• aws.amazon.com: Operating a multi-regional stateless application using Amazon EKS
• clickittech.com: Amazon ECS vs EKS : The Best Container Orchestration Platform 🌟
• POKE - Provision Opinionated Kubernetes on EKS Poke is infrastructure as software to provision EKS cluster in an opinianated way. Code is written in nodejs utilising pulumi framework. It is opinionated in such a way to improve security and simplicity.Consider this similar to terraform module. This package can be used to provision eks clusters declaratively with immutability and repeatability.
• clickittech.com: Kubernetes Multi tenancy with Amazon EKS: Best practices and considerations
• automateinfra.com: Getting Started with Amazon Elastic kubernetes Service (AWS EKS)
• medium: Run Kubernetes Production Environment on EC2 Spot Instances With Zero Downtime: A Complete Guide
• releaseops.io: Scaling Kubernetes Deployments in AWS with Container Insights Metrics
• medium: Create Kubernetes Cluster On AWS EKS Setup AWS credentials and install kubectl, eksctl on Ubuntu. Create Kubernetes cluster using eksctl.

Kubesphere

• kubesphere.io The Kubernetes platform tailored for hybrid multicloud. KubeSphere is a distributed operating system managing cloud native applications with Kubernetes as its kernel, and provides plug-and-play architecture for the seamless integration of third-party applications to boost its ecosystem.
• kubekey The Next-gen Installer: Installing Kubernetes and KubeSphere v3.0.0 fastly, flexibly and easily
• kubesphere.io: Scaling a Kubernetes Cluster: One of the Best Practices for Using KubeKey
• itnext.io: Adding Master Nodes to Achieve HA: One of the Best Practices for Using KubeKey
• youtube: Create a Jenkins Pipeline on Kubernetes with CI/CD Pipeline Template in KubeSphere Two built-in Jenkins pipeline templates are available in KubeSphere 3.1. DevOps team can generate CICD or customize the workflow as you need by simple drag-and-drop.

Tools for multi-cloud Kubernetes management

• Banzai Cloud 🌟
  • Kubernetes node pool upgrades with Banzai Pipeline
• Compare tools for multi-cloud Kubernetes management 🌟
  • NetApp Kubernetes Service -- formerly StackPointCloud
  • Cloudify
  • Terraform
  • Rancher
  • Platform9 Managed Kubernetes
  • Red Hat OpenShift
  • Juke, from HTBase, now owned by Juniper Networks.

On-Premise Production Kubernetes Cluster Installers

Comparative Analysis of Kubernetes Deployment Tools

• A Comparative Analysis of Kubernetes Deployment Tools: Kubespray, kops, and conjure-up
• wecloudpro.com: Deploy HA kubernetes cluster in AWS in less than 5 minutes

Deploying Kubernetes Cluster with Kops

• GitHub: Kubernetes Cluster with Kops
• Kubernetes.io: Installing Kubernetes with kops
• Minikube and docker client are great for local setups, but not for real clusters. Kops and kubeadm are tools to spin up a production cluster. You don't need both tools, just one of them.
• On AWS, the best tool is kops. Since AWS EKS (hosted kubernetes) is currently available, this is the preferred option (you don't need to maintain the masters).
• For other installs, or if you can't get kops to work, you can use kubeadm.
• Setup kops in your windows with virtualbox.org and vagrantup.com . Once downloaded, to type a new linux VM, just spin up ubuntu via vagrant in cmd/powershell and run kops installer:
• blog.ivnilv.com: Rotating Kops Etcd Certificates

C:\ubuntu> vagrant init ubuntu/xenial64
C:\ubuntu> vagrant up
C:\ubuntu> vagrant ssh-config
C:\ubuntu> vagrant ssh

$ curl -LO https://github.com/kubernetes/kops/releases/download/$(curl -s https://api.github.com/repos/kubernetes/kops/releases/latest | grep tag_name | cut -d '"' -f 4)/kops-linux-amd64
$ chmod +x kops-linux-amd64
$ sudo mv kops-linux-amd64 /usr/local/bin/kops

Deploying Kubernetes Cluster with Kubeadm

• Kubernetes Cluster with Kubeadm It works on any deb / rpm compatible Linux OS, for example Ubuntu, Debian, RedHat or CentOS. This is the main advantage of kubeadm. The tool itself is still in beta (Q1 2018), but is expected to become stable somewhere this year. It's very easy to use and lets you spin kubernetes cluster in just a couple of minutes.
• medium.com: Demystifying High Availability in Kubernetes Using Kubeadm
• Setting Up a Kubernetes Cluster on Ubuntu 18.04
• itnext.io: Up and running out of the cloud — How to setup the Masters using kubeadm bootstrap In this article, you’ll see how to make use of kubeadm bootstrap to set up and join 3 master instances as members of our cluster.
• Set up a Bare Metal Kubernetes cluster with
• blog.tobias-huebner.org: Low-budget self-hosted Kubernetes 🌟
• mirantis.com: How to install Kubernetes with Kubeadm: A quick and dirty guide
• kosyfrances.com: Using kubeadm to create a Kubernetes 1.20 cluster on VirtualBox with Ubuntu
• blog.radwell.codes: Provisioning Single-node Kubernetes Cluster using kubeadm on Ubuntu 20.04

Deploying Kubernetes Cluster with Ansible

• Ansible Role - Kubernetes (Jeff Geerling)
• krd offers a reference for deploying a Kubernetes cluster. Its ansible playbooks allow to provision a deployment on Bare-metal or Virtual Machines
• Kubeinit 🌟 KubeInit provides Ansible playbooks and roles for the deployment and configuration of multiple Kubernetes distributions. KubeInit's mission is to have a fully automated way to deploy in a single command a curated list of prescribed architectures.
  • youtube: OpenShift Commons En Vivo - KubeInit con Maria Bracho, Scott McCarty, and Carlos Camacho (Red Hat, Spanish) 🌟

kube-aws Kubernetes on AWS

• Kubernetes on AWS (kube-aws) A command-line tool to declaratively manage Kubernetes clusters on AWS

Kubespray

• Kubespray
• redhat.com: An introduction to Kubespray By combining Ansible and Kubernetes, Kubespray can deploy Kubernetes clusters on multiple machines.

Conjure up

• Conjure up

WKSctl

• Weave Kubernetes System Control - wksctl Open Source Weaveworks Kubernetes System
• WKSctl - A New OSS Kubernetes Manager using GitOps
• WKSctl: a Tool for Kubernetes Cluster Management Using GitOps

Terraform (kubernetes the hard way)

• Kelsey Hightower: kubernetes the hard way
• napo.io: Kubernetes The (real) Hard Way on AWS
• napo.io: Terraform Kubernetes Multi-Cloud (ACK, AKS, DOK, EKS, GKE, OKE)
• medium: Upgrading Kubernetes The Hard Way
• Monzo: we learned a lot from self-hosting Kubernetes, but we wouldn't do it again Don't need to do it the hard way anymore
• medium: Kubernetes the hard way on Docker
• Autoscalable Kubernetes cluster at Exoscale, using Packer and Terraform
• Kubernetes the Hard Way: Azure Edition teaches you how to deploy Kubernetes from scratch on Azure based on the legendary Kubernetes the Hard Way.
• Kubernetes The Hard Way: AWS Edition AWS version of Kelsey's kubernetes-the-hard-way

Caravan

• linecorp.com: Building Large Kubernetes Clusters with Caravan

ClusterAPI

• ClusterAPI
• itnext.io: Multi-Cloud and Multi-Cluster Declarative Kubernetes Cluster Creation and Management with Cluster API (CAPI — v1alpha3)
• medium: ClusterOps: 1-Line Commit to Upgrade Your Kubernetes Clusters 🌟
• cncf.io webinar: Deploying Kubernetes to bare metal using cluster API
• itnext.io: Multi-Cloud and Multi-Cluster Declarative Kubernetes Cluster Creation and Management with Cluster API (CAPI — v1alpha3)
• github.com: Cluster API Helm Chart - youtube: Cluster API & FluxCD - the power of GitOps A Helm chart to install Cluster API manifests
• weave.works: Manage Thousands of Clusters with GitOps and the Cluster API
• thenewstack.io: Cluster API Offers a Way to Manage Multiple Kubernetes Deployments

Microk8s

• Microk8s
• Kata Containers on MicroK8s This repository encompasses a fully scripted Github workflow to test the transparent use of the runtime for Kata Containers (Katas) on MicroK8s
• MicroK8s & Kubernetes security benchmark from CIS
• cloudsavvyit.com: How to run your own kubernetes cluster with Microk8s

k8s-tew

• k8s-tew Kubernetes is a fairly complex project. For a newbie it is hard to understand and also to use. While Kelsey Hightower’s Kubernetes The Hard Way, on which this project is based, helps a lot to understand Kubernetes, it is optimized for the use with Google Cloud Platform.

Kubernetes Operating Systems

• kubedex.com: Kubernetes Operating Systems 🌟

Kubernetes Distributions

• acloudguru.com: Which Kubernetes distribution is right for you?

Red Hat OpenShift

• Openshift Container Platform
• OKD The Community Distribution of Kubernetes that powers Red Hat OpenShift
• itprotoday.com: Who's Winning in the Container Software Market 🌟 Thanks to its container customer training, the $1 billion container software market is Red Hat’s to lose. Where do the other players stand?

Rancher

• Rancher: Enterprise management for Kubernetes

Weave Kubernetes Platform

• weave.works: Weave Kubernetes Platform Automate Enterprise Kubernetes the GitOps way
• github: Weave Net - Weaving Containers into Applications

Ubuntu Charmed Kubernetes

• Charmed Kubernetes
• Kubernetes GitOps with Azure Arc and Charmed Kubernetes

VMware Kubernetes Tanzu and Project Pacific

• blogs.vmware.com: Introducing Project Pacific (vSphere with Kubernetes)
• VMware vSphere 7 with Kubernetes - Project Pacific
• VMware Kubernetes Tanzu
• cormachogan.com: A first look at vSphere with Kubernetes in action
• cormachogan.com: Building a TKG Cluster in vSphere with Kubernetes
• blogs.vmware.com: VMware Tanzu Service Mesh, built on VMware NSX is Now Available!
• tanzu.vmware.com: VMware Tanzu SQL: MySQL at Scale Made Easy for Kubernetes
• VMware hands-on Labs 🌟

KubeAcademy Pro (free training)

• tanzu.vmware.com: Introducing KubeAcademy Pro: In-Depth Kubernetes Training, Totally Free
• kube.academy/pro 🌟

Kontena Pharos

• Pharos 🌟 Kubernetes Distribution
• Stateful Kubernetes-In-a-Box with Kontena Pharos

Mirantis Docker Enterprise with Kubernetes and Docker Swarm

• Mirantis Docker Enterprise 3.1+ with Kubernetes
• Docker Enterprise 3.1 announced. Features:
  • Istio is now built into Docker Enterprise 3.1!
  • Comes with Kubernetes 1.17. Kubernetes on Windows capability.
  • Enable Istio Ingress for a Kubernetes cluster with the click of a button
  • Intelligent defaults to get started quickly
  • Virtual services supported out of the box
  • Inbuilt support for GPU Orchestration
  • Launchpad CLI for Docker Enterprise deployment & upgrades

Mirantis k0s

• k0s
• infoq.com: Mirantis Announces k0s, a New Kubernetes Distribution

K0s

• K0s - Zero Friction Kubernetes k0s is an all-inclusive Kubernetes distribution with all the required bells and whistles preconfigured to make building a Kubernetes clusters a matter of just copying an executable to every host and running it.
• medium: k0s Ready for Production
• medium: k0s Optimizes Start Time, Adds Cluster Level Backup/Restore and More

Cloud Development Kit (CDK) for Kubernetes

• cdk8s.io 🌟 Define Kubernetes apps and components using familiar languages. cdk8s is an open-source software development framework for defining Kubernetes applications and reusable abstractions using familiar programming languages and rich object-oriented APIs. cdk8s apps synthesize into standard Kubernetes manifests which can be applied to any Kubernetes cluster.
• github.com/awslabs/cdk8s

AWS Cloud Development Kit (AWS CDK)

• AWS: Introducing CDK for Kubernetes 🌟
• Traditionally, Kubernetes applications are defined with human-readable, static YAML data files which developers write and maintain. Building new applications requires writing a good amount of boilerplate config, copying code from other projects, and applying manual tweaks and customizations. As applications evolve and teams grow, these YAML files become harder to manage. Sharing best practices or making updates involves manual changes and complex migrations.
• YAML is an excellent format for describing the desired state of your cluster, but it is does not have primitives for expressing logic and reusable abstractions. There are multiple tools in the Kubernetes ecosystem which attempt to address these gaps in various ways:
  • kustomize Customization of kubernetes YAML configurations
  • jsonnet data templating language
    • jsonnet.org
  • jkcfg Configuration as Code with ECMAScript
    • jkcfg.github.io
  • kubecfg A tool for managing complex enterprise Kubernetes environments as code.
  • kubegen Simple way to describe Kubernetes resources in a structured way, but without new syntax or magic
  • Pulumi
• We realized this was exactly the same problem our customers had faced when defining their applications through CloudFormation templates, a problem solved by the AWS Cloud Development Kit (AWS CDK), and that we could apply the same design concepts from the AWS CDK to help all Kubernetes users.

SpringBoot with Docker

• spring.io: spring boot with docker
• spring.io: Creating Docker images with Spring Boot 2.3.0.M1
• learnk8s.io: Developing and deploying Spring Boot microservices on Kubernetes

Docker in Docker

• Building Docker images when running Jenkins in Kubernetes
  • pushbuildtestdeploy.com: jenkins on kubernetes building docker images 🌟
  • ref2
• itnext.io: docker in docker
• code-maze.com: ci jenkins docker
• medium: quickstart ci with jenkins and docker in docker
• getintodevops.com: the simplest way to run docker in docker
• Docker in Docker on EKS:
  • ref1: docker build --network=host
  • ref2

Serverless with OpenFaas and Knative

• Serverless Architectures

[](https://www.xenonstack.com/blog/serverless-openfaas-java/)

Multi-Cluster Federation. Hybrid Cloud Setup Tools

KubeFed

• KubeFed: Kubernetes Cluster Federation

KubeCarrier

• KubeCarrier

Red Hat Operator Lifecycle Manager (OLM)

• Red Hat OLM operator-lifecycle-manager is a management framework for extending Kubernetes with Operators. OLM extends Kubernetes to provide a declarative way to install, manage, and upgrade Operators and their dependencies in a cluster.

Crossplane

• Crossplane

Istio Service Mesh

• Istio

Kubernetes interview questions

• Kubernetes Interview Questions and Answers 2019 2020
• intellipaat.com: Top Kubernetes Interview Questions and Answers
• automationreinvented.blogspot.com: Top 11 Kubernetes interview question and answers for SDET Devops QA SET-01?
• devsecops.co.in: Kubernetes Interview Questions and Answers
• ymmt2005.hatenablog.com: 47 things that you should know to be a Kubernetes experts (questions + answers)

Kubernetes Blogs

• kubermatic.com

Spanish Kubernetes Blogs

• returngis.net by @0GiS0
• returngis.net: Organizar los pods en Kubernetes usando taints y tolerations

Container Ecosystem

• Author: github.com/rootsongjc

Container Flowchart

• Assess managed Kubernetes services for your workloads. Managed services from cloud providers can simplify Kubernetes deployment but create some snags in a multi-cloud model. Follow three steps to see if these services can benefit you.

[](https://searchcloudcomputing.techtarget.com/tip/Weigh-the-pros-and-cons-of-managed-Kubernetes-services)

MEGATHREAD

Learn Kubernetes one Twitter thread at the time!

Below you can find a collection of threads about Kubernetes and Kubernetes-related tech!

I regularly add more, so you can follow me or @learnk8s for more updates! pic.twitter.com/0ingxHn9vx

— Daniele Polencic (@danielepolencic) August 26, 2020

<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>

THREAD

Running new apps in Kubernetes is straightforward.

But what happens when you have legacy apps that:

- Log to file instead of stdout?
- Has no support Prometheus?
- Has no support for HTTPS

Read on → pic.twitter.com/m79f69Huqw

— Daniele Polencic (@danielepolencic) February 22, 2021

<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>

I'm often asked why I prefer zonal Kubernetes clusters over regional clusters. @gctaylor does a great job explaining how @reddit leverages zonal clusters to limit the blast radius of config changes and reduce cross AZ network traffic. https://t.co/3pW5awTtdQ

— Kelsey Hightower (@kelseyhightower) March 18, 2021

<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>

THREAD

How do you scale background jobs in Kubernetes?

With Python, Celery, RabbitMQ and KEDA! pic.twitter.com/BOtwiSjIKW

— Daniele Polencic (@danielepolencic) March 29, 2021

<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>

Kubernetes Scripts

• Kubernetes Scripts 🌟

Spot instances in Kubernetes

• itnext.io: Embracing failures and cutting infrastructure costs: Spot instances in Kubernetes

Pixie. Instantly troubleshoot applications on Kubernetes

• Pixie 🌟 Instantly debug your applications on Kubernetes
• open source PxL scripts

Kubernetes Incident Report Plan IRP

• cynet.com: Incident Report Plan (IRP)
• kubermatic.com: A Framework for Kubernetes Incident Response

Videos