Kubernetes

Kubernetes is complex. Securing Kubernetes clusters is even more complex. Striking the right balance between granting developers and administrators access to Kubernetes clusters and services while taking care of security is a significant challenge. Overlay networks offer a solution by providing secure, controlled access to your clusters without compromising their protection. In this blog, we’ll explore the challenges of providing secure access to Kubernetes clusters, how overlay networks can address these issues, and a step-by-step tutorial on implementing this using NetBird, an open-source WireGuard-based overlay VPN. ...

I have written extensively about different Kubernetes concepts in my previous blogs, but I haven’t covered a proper, step-by-step hands-on guide for getting started with Kubernetes. In this article, my plan is to do exactly that. After all, there’s only so much you can learn by reading without trying things out yourself. We will take a simple microservice-based application, containerize it, and deploy it to a Kubernetes cluster. I will be using Google Cloud for this, but you can use any cloud provider to follow along. Without wasting any more words, let’s get started! ...

Rushing to a cloud provider and spinning up a remote cluster every time you want to try something out with Kubernetes isn’t always convenient - nor is it economical. minikube provides a way to run Kubernetes clusters locally so that you learn and play around with K8s. It is an excellent way to test things out before working with an actual cluster in the cloud. In this article, we’re going to launch a minikube cluster and see all the interesting features minikube has to offer. If you’re new to the Kubernetes world, I recommend checking out my Kubernetes for Beginners series before proceeding with this article. ...

Hey folks, in this post we’ll see how you can use Kyverno to enforce some best practices for your EKS cluster. For those not familiar, Kyverno is a Kubernetes native policy engine that aims to make your life easy when managing clusters. To know more you can read my previous post on Kyverno where we discuss the project and its internals in detail. With that out of the way, let’s get started! EKS best practices recommend the use of separate IAM roles for different use cases. For example, for dev and prod environments you should prefer to have separate IAM roles which can configure objects in those environments. Now the problem that arises with this is how do you make sure that the IAM role which has permission for the dev environment doesn’t accidentally create objects in the production environment? If you have the roles configured properly it would obviously not allow this to happen but with Kyverno not only can you fool-proof this but also make sure that if someone does try this, then it gets reported. ...

Kubernetes relies on Probes to determine the health of a Pod container. A probe can be understood simply as a periodical diagnostic performed by the kubelet on the container. In this short article, I’m going to show you a liveness probe in action. Liveness probes are used to check if a Pod is healthy (running as expected) or not. It simply acts as a check for Kubernetes to know when it should restart the container. ...