Kubernetes

Kubernetes - the API for the modern data-center! At least why I find it so exciting.

General

• Kubernetes: Main Kubernetes page. Docs are fairly good and in depth.
• Kubernetes Production Check List: Good list of best practices when running kubernetes in production
• Ambassador K8S Initializer: Opinionated monitoring/Gitops stack generator.
• 47 Things To Become a Kubernetes Expert - Really good detailed items for k8s foundational work
• 100 Days of Kubernetes - Source
• Why you should build on Kubernetes from day one
• Beginners Guide to Kubernetes

Components

• CRI: Container Runtimes
• CNI: Network Plugins
  • CNI Comparison services that are potentially needed with running kuberntes in production. I don’t run the full production runtime, but I have used a majority of these services successfully.
• CSI: Storage Plugins
  • Kubernetes Storage Comparisons
• ServiceMesh
  • Istio: The granddaddy of ServiceMesh - but not a full CNCF project…
  • OpenServiceMesh - CNCF Sandbox Project, leveraging Envoy to implemment the ServiceMesh Interface
  • Gloo API gateway that supports several ServiceMesh technologies

Monitoring

• 5 Tricks to be a Prometheus God

Deployment

• Kustomize
• FluxCD
• ArgoCD
  • Using Kustomize to Post-Render Helm Charts in ArgoCD
• Deploy Docker Register in K8S
• Kubernetes Anti-Patterns,k8s Anti-Patterns #2, and k8s Anti-Patterns #3

Development/Testing

• Container Structure Test: Simple testing framework for Docker containers
• Draft: Quickly “draft” out Dockerfile/Kubernetes manifests in a development repo.
• Dive: Analyze Docker image layers
• Docker Best Practices
• Filebrowser as a sidecar: Interesting idea to allow for easy edits on files within a container
• Hadolint: Linter for Docker Files
• Kubernetes API with Curl
• Kubernetes YAML Validation Tools
• KUTTL: Kubernetes Test TooL. A declaritive testing framework.
• MinT(oolkit): Tool for minimizing and scanning Docker containers
• Reduce 502 errors by caring about PID-1 in Kubernetes

Security

• Clair: Container security analysis
• Kyverno: Native k8s Policy Management
• Kubescape
• Rate Limited with Nginx-Ingress Controller

Tools

• KubeCampus: Kubernetes training
• Kubie
• KubeShark: Wireshark/TCPDump for Kubernetes
• k9s
• node-shell

Alternative Perspective

• De-cloud and de-k8s — bringing our apps back home

  • Personally I’m more in line with a lot of the comments on hackernews. They replicated a lot of Kubernetes architecture to build their own, which introduces this custom bespoke container orchestration and infra buildout system. Most enjoyable was this comment, quoted below:

    We are talking about 37Signals here. This is the company that, when faced with the problem of making a shared to-do list application, created Ruby on Rails. And when they decided to write up their remote working policy, published a New York Times bestselling business book.

    This is not a company that merely shaves its Yaks. It offers a full menu of Yak barber services, and then launches a line of successful Yak grooming products.