Articles

Monitoring Kubernetes cert-manager Certificates With BotKube

,

The monitoring and alerting stack is a crucial part of the SRE practices. That’s where BotKube helps you monitor your Kubernetes cluster and send notifications to your messaging platform or any other configured sink. In this blog post, we will be configuring BotKube to watch the Kubernetes cert-manager certificates CustomResources.

What is BotKube?

BotKube is a messaging tool for monitoring and debugging Kubernetes clusters. BotKube can be integrated with multiple messaging platforms like – Slack, Mattermost, or Microsoft Teams to help you monitor your Kubernetes cluster(s), debug critical deployments, and gives recommendations for standard practices by running checks on the Kubernetes resources.

Source de l’article sur DZONE

/par

Deploying Percona Kubernetes Operators using OpenEBS Local Storage

,

Introduction

Local storage volumes remain the preferred choice when it comes to the control of managing cluster services and achieving higher performance.

In this article, we highlight how Vadim Tkachenko, CTO, Percona, deployed a Percona Kubernetes Operator using OpenEBS Local Persistent Volumes for enhanced database efficiency. 

Source de l’article sur DZONE

/par

Deploying CockroachDB on Kubernetes using OpenEBS LocalPV

,

CockroachDB is a cloud-native SQL database that features both scalability and consistency. The database is designed to withstand data center failures by deploying multiple instances of symmetric nodes in a cluster consisting of several machines, disks, and data centers. Kubernetes’ built-in capabilities to scale and survive node failures make it well suited to orchestrate CockroachDB’s databases. This is particularly for the reason that Kubernetes simplifies cluster management and helps maintain high-availability by replicating data across independent nodes. 

This guide focuses on how OpenEBS LocalPV devices can be used to persist storage for Kubernetes-Hosted CockroachDB clusters. 

Source de l’article sur DZONE

/par

Killing Cloud Security Misconceptions: Common Vulnerabilities and Exposures (CVEs)

,

Background

The Common Vulnerabilities and Exposures (CVE) tells us the whole story just by its name — these are exposures and vulnerabilities that are common. But what happens when uncommon issues are discovered and exploited by attackers? What if attackers just want us to think they’d only exploit common issues and vulnerabilities?

Securing CVEs sounds like it should be the right place to start from. Exploring common vulnerabilities and exposure is where script kiddies start from, that’s what bots are exploiting, and none of us want to end up in the security hall of shame, set aside for organizations that were exploited and affected by ransomware, thanks to an unpatched CVE from months ago.

Source de l’article sur DZONE

/par

Top Practices for Containers, Kubernetes

,

Is your organization ready to move containerized workloads into production or yet struggling with these challenges? Adopting complex stateful workloads with many dependencies, deploying containerization tooling without well-framed DevOps practices, and becoming gripped into vendor lock-in faster may be a few of such challenges. Having the right DevOps team in place and finding out how Kubernetes integrates with your company’s technological infrastructure to undergo effective legacy application modernization should be the way out. As an organization, you should consider if you have the requisite roles and skillsets before adopting new technologies. You must decide on runtime and orchestration engines in technical terms while selecting containerization workloads with utmost care and attention.

With more than 70% of organizations running containerized applications in production, Kubernetes has emerged to be one of the most sought-after methods to organize containers. Here are a few of the Kubernetes best practices that ensure its adoption truly advancing container deployment.

Source de l’article sur DZONE

/par

Distributed Tracing in ASP.NET Core With Jaeger and Tye, Part 2: Project Tye

,

In This Series:

  1. Distributed Tracing With Jaeger
  2. Simplifying the Setup With Tye (this article)

Tye is an experimental dotnet tool from Microsoft that aims to make developing, testing, and deploying microservices easier. Tye’s opinionated nature greatly simplifies the lifecycle of development and deployment of .NET Core microservices.

To understand the benefits of Tye, let’s enumerate the steps involved in the development and deployment of the DCalculator application to Kubernetes:

Source de l’article sur DZONE

/par

Monitoring and Governance for AKS Costs With Kubecost

,

When running Azure Kubernetes Service (AKS), it can be hard to understand and allocate costs in environments with multiple teams, projects, or even departments. With Kubecost, you gain full transparency into your Kubernetes usage and cost within minutes of installation. Officially launched in 2019 and built on open source, Kubecost now monitors over one billion dollars in Kubernetes spend, and enables startups and global enterprises alike to understand their spend and identify cost savings ranging from 30% to over 50%. Kubecost supports a wide range of self-managed and hosted Kubernetes environments, including Azure Kubernetes Service, which we’ll cover today in this article.

The Microsoft Azure Kubernetes Service (AKS) is a popular fully managed Kubernetes service that offers embedded continuous integration and continuous delivery as well as enterprise-grade security and governance— powerful tools for teams adopting Kubernetes. As with any complex infrastructure, AKS requires proper governance and financial transparency for successful organizational adoption. Kubecost, an open source tool that provides teams with visibility into Kubernetes spend and supports environments hosted in Azure, is a widely recommended solution for engineers and finance teams facing this problem. Note: This documentation page for AKS provides helpful context for using Kubecost to implement a cost governance strategy.

Source de l’article sur DZONE

/par

Multizone Kubernetes and VPC Load Balancer Setup

,

You can expose your app to the public by setting up a Kubernetes LoadBalancer service in your IBM Cloud Kubernetes Service cluster. When you expose your app, a Load Balancer for VPC that routes requests to your app is automatically created for you in your VPC outside of your cluster.

In this post, you will provision an IBM Cloud Kubernetes Service cluster spanning two private subnets (each subnet in a different zone), deploy an application using a container image stored in an IBM Cloud Container Registry and expose the app via a VPC load balancer deployed to a public subnet in a different zone. Sound complex? Don’t worry, you will provision and deploy the app using Terraform scripts.

Source de l’article sur DZONE

/par

Edge Security Policy at Kubernetes Ingress Using Helm and Envoy

,

Introduction: EnRoute Helm Chart

Helm is a popular package manager choice for Kubernetes. Installation of software, managing versions, upgrading versions, and finding charts from the registry are key benefits of Helm.

EnRoute helm chart installs the EnRoute Ingress Controller and provides easy configuration options to define policy for a service. The helm chart provides fine-grained control to define L7 policies with its ability to enable/disable plugins for a service using configuration options that can be specified when the helm is invoked.

Source de l’article sur DZONE

/par

The Kubernetes Native Gateway Series (Part 1): Envoy at Scale

,

Gloo Edge is our Kubernetes native API gateway based on Envoy.

It provides Authentication (OAuth, JWT, API keys, JWT, …), Authorization (OPA, custom, …), Web Application Firewall (based on ModSecurity), function discovery (OpenAPI based, Lambda, …), advanced transformations, and much more.

Source de l’article sur DZONE

/par