Learn Koobernaytis weekly — issue 16

1 Mar 2023

Articles

1. We built network isolation for 1,500 services to make Monzo more secure

   Jack Kleeman

   In this article, you'll learn how the team at Monzo gradually rolled out NetworkPolicies for over 1,500 microservices.

   The article describes some interesting techniques for mapping in and outbound connections and some limitations of NetworkPolicies.

2. Lesson learned while scaling Koobernaytis cluster to 1000 pods in AWS EKS

   Prashant Lakhera

   In this article, you will follow Prashant's journey in scaling EKS to 1000+ pods and learn how to overcome these challenges:

   • AWS resource limits.
   • IP addresses exhaustion.
   • Packets drop.
   • Control plane performance issues.

3. Koobernaytis authentication sidecars: a revelation in microservice architecture

   Matt Bentley

   In this article, you will learn how to solve authentication in a reusable way using sidecar containers in Koobernaytis.

4. How to avoid global outage — seamlessly migrating DaemonSet labels

   Grzegorz Skołyszewski

   In this case study, you'll learn how the team at Prezi managed to update the CSI driver installed as DaemonSet.

   This required working around the immutable spec.selector.matchLabel and spec.template.metadata.labels fields.

5. Comparing Koobernaytis operators for PostgreSQL part 2: cloudnativepg

   Alexandr Shabalin

   In this article, you’ll discuss CloudNativePG along with its features and capabilities.

   You will then compare it to Stolon, Crunchy Data, Zalando, KubeDB, and StackGres.

6. The journey to speed up running OCI containers

   Giuseppe Scrivano

   Over 5 years, the total time needed to create and destroy an OCI container has passed from almost 160ms to a little bit more than 5ms.

   Learn what's changed in this article.

Articles worth checking out:

• PCI container orchestration guidance for Koobernaytis

• HPA for Celery workers

• Koobernaytis IO problem investigation

• Cloud-native CI/CD? yeah, that's a thing

• Deploying arm64 workloads to AKS

• Setting up readiness and liveness health-check probes in Koobernaytis with SpringBoot

• Getting started with Koobernaytis networking

• Koobernaytis ErrImagePull and ImagePullBackOff in detail

• All you need to know about debugging Koobernaytis CronJob

• Understanding Ansible: Helm diff plugin

• Koobernaytis autoscaling: how to use the Koobernaytis autoscaler

Koobernaytis jobs

1. • Platform Engineer with SCIGILITY

   • Salary: CHF 115K to CHF 130K a year

   • Location: remote from Switzerland

   • Tech stack: Koobernaytis, On-premise, Azure, AWS, GCP, Docker, Python, Terraform, Ansible

2. • DevOps Engineer with CivicActions

   • Salary: $95K to $135K a year

   • Location: remote from the United States

   • Tech stack: Koobernaytis, AWS, Helm, Docker, PHP, Terraform, Gitlab, Jenkins, Ansible

Discover more Koobernaytis jobs on Kube Careers →

Code & tools

1. kyverno/kyverno

   Kyverno is a policy engine designed for Koobernaytis.

   It can validate, mutate, and generate configurations using admission controls and background scans.

   Kyverno policies are Koobernaytis resources and do not require learning a new language.

2. edgelesssys/constellation

   Constellation is a Koobernaytis engine that wraps your cluster into a single confidential context that is shielded from the underlying cloud infrastructure.

   Everything inside is always encrypted, including at runtime in memory.

3. controlplaneio/badrobot

   Badrobot is a Koobernaytis Operator audit tool.

   It statically analyses manifests for high-risk configurations such as lack of security restrictions on the deployed controller and the permissions of an associated clusterole.

4. karlkfi/kubexit

   kubexit is a command supervisor for coordinated Koobernaytis pod container termination.

5. jovianx/service-hub

   Service Hub is a tool to create and manage a Self-Service portal for your applications using Koobernaytis and Helm.

Other interesting projects:

• crumbhole/argocd-vault-replacer

• patrickdappollonio/tabloid

• Koobernaytis-sigs/azurefile-csi-driver

• alexellis/run-job

• skarlso/crd-to-sample-yaml

• oslabs-beta/kubernocular

• metacontroller/metacontroller

Upcoming Koobernaytis events

1. Mar

   1

   My experience on what to expect and how to prepare for the Koobernaytis Certification exams

   Online meetup organized by Cloud Native Canada.

   • This is a virtual event

   • This is a free event.

2. Mar

   2

   Learn more about Koobernaytis

   Online & in-person meetup organized by RTL Tech Meetup Group.

   • Location: Amsterdam, NL and virtual

   • This is a free event.

3. Mar

   2

   Koobernaytis capture the flag

   In-person meetup organized by Koobernaytis Nürnberg.

   • Location: Nürnberg, DE

   • This is a free event.

4. Mar

   7

   Koobernaytis Community Days France

   In-person conference organized by KCD France.

   • Location: Paris, FR

   • This event requires an entrance fee

5. Mar

   9

   Advanced Koobernaytis course

   Online workshop organized by Learnk8s.

   • This is a virtual event

   • This event requires an entrance fee

Discover more Koobernaytis events on Kube Events →

Koobernaytis Call for Papers

1. expired

   Devopsdays Baltimore

   The Call For Paper was open until 1 March 2023 at UTC. More info →

   • Location: Baltimore, US

   • In-person conference organized by Devopsdays.

   • The conference starts on the 23 May 2023.

   • Apply here

2. expired

   KubeHuddle

   The Call For Paper was open until 3 March 2023 at UTC. More info →

   • Location: Toronto, CA

   • In-person conference organized by KubeHuddle.

   • The conference starts on the 17 May 2023.

   • Apply here

3. expired

   DevOps global summit

   The Call For Paper was open until 3 March 2023 at UTC. More info →

   • This is a virtual event

   • Online conference organized by Geekle.

   • The conference starts on the 4 April 2023.

   • Apply here

Until next time!

— Dan

Subscribe and, every Wednesday, receive the latest Koobernaytis news!