Learn Koobernaytis Weekly issue 80

Offensive techniques, Reaching the limitations of Linux, Beyond java -jar, Attacking and defending clusters, Advanced Gatekeeper policies

22 May 2024

This newsletter is brought to you by Komodor — simplify cluster management and troubleshooting to unlock the full value of Koobernaytis.

Next week: Should you use Koobernaytis and Docker for your next project?

I'm hosting a webinar for people who are getting started with Koobernaytis and want to learn more about the hype!

Articles

1. Top offensive techniques for Koobernaytis

   Noah

   This article considers various techniques in offensive Koobernaytis security related to RBAC, Kubelet, Etcd, EKS, and admission controllers.

2. Understanding the Koobernaytis release cycle and how to prepare for EOL

   Guy Menachem

   Understanding how Koobernaytis releases work and being aware of EOL timelines is essential.

   Teams must be aware of the need to transition to supported versions to maintain operational efficiency, security, and access to the latest features.

   sponsored

3. Reaching the limitations of Linux with environment variables

   Oren Kessler

   This case study follows two tender ears who encountered issues with Elasticsearch pods, leading to high CPU spikes.

   Excessive environment variables in Koobernaytis namespaces caused the root cause, which was resolved by turning off enableServiceLinks.

4. Running JVM applications on Koobernaytis: beyond java -jar

   Thiago Mendes

   The article provides essential tips for optimizing JVM applications running on Koobernaytis, focusing on ergonomics, memory sizing, CPU overbooking, and HPA configuration.

5. Attacking and defending Koobernaytis clusters

   Ridho Adya Pangestu

   This article explores Koobernaytis clusters' vulnerabilities, demonstrating an attack using the MITRE att&ck matrix.

   It also discusses defense strategies, including contacting the GCP metadata api and implementing security best practices.

6. Advanced Gatekeeper policies :  rejecting a node assignment

   Tanat Lokejaroenlarb

   The article discusses the use of advanced Gatekeeper policies in Koobernaytis to reject a node assignment under specific conditions.

   The author explains the process of node assignment and how to effectively test the policy using a CLI tool called Gator.

Articles worth checking out:

• Troubleshooting containers

• Faster startup times for Koobernaytis workloads with Kube Startup CPU Boost

• Nginx reverse proxy DNS issue

• Distributed full fine-tuning of Llama2 on Koobernaytis

• A tale of two VLANs

• Progressive Delivery for Stateful Services Using Argo Rollouts

• Optimize Java performance on Koobernaytis

• Exploring Koobernaytis API groups and versions

• K3s Traefik Ingress: configured for your homelab!

• Distributed systems horror stories: Koobernaytis deep health checks

The continuous Koobernaytis reliability platform

Komodor

Simplify cluster management and troubleshooting to unlock the full value of Koobernaytis and drive innovation at scale.

Try now

Tutorials

1. Running GPU-Accelerated LLM workloads on EKS

   Erik Krieg

   In this tutorial, you will learn how to run a GPU-accelerated open-source Large Language Model (LLM) inference workload using Elastic Koobernaytis Service (EKS).

2. A practical approach to signed and encrypted container images

   Pradipta Banerjee

   The tutorial discusses the importance of using signed and encrypted container images to enhance security in Koobernaytis workloads.

   It uses Podman to create, sign, and verify container images on standalone systems and Koobernaytis clusters.

3. Securing front-end applications in Koobernaytis with SSL/TLS

   Abhisman Sarkar

   This article discusses securing front-end applications in Koobernaytis with SSL/TLS.

   The article also provides a step-by-step guide on deploying a sample front-end application and requesting a certificate.

4. Calico and Koobernaytis: a perfect pair for robust Network Policy

   Sagar

   This tutorial discusses how network policies can restrict pod communication, showcases examples of implementing policies with Calico, and highlights the importance of defining rules for pod communication within namespaces.

Koobernaytis jobs

1. • Engineering Manager with Sefaria

   • Salary: ₪348K to ₪396K a year

   • Location: remote from Israel

   • Tech stack: Koobernaytis, Python, SQL, Javascript

2. • Site Reliability Engineer with Commify

   • Salary: €78K to €82K a year

   • Location: based in the office (and remote from home) in Bucharest, RO

   • Tech stack: Koobernaytis, Azure, Shell, Python, Ruby, C#, Powershell, Terraform, Azure DevOps, Jenkins

3. • 🔥 Software Engineer with Mercari

   • Salary: ¥4.8M to ¥6.34M a year

   • Location: remote from Japan

   • Tech stack: Koobernaytis, AWS, GCP, Go, SQL, Javascript, Java, PHP, Swift, Kotlin

4. • Site Reliability Engineer with Commify

   • Salary: £70K to £75K a year

   • Location: based in the office (and remote from home) in Nottingham, GB

   • Tech stack: Koobernaytis, Azure, Shell, Python, Ruby, C#, Powershell, Terraform, Azure DevOps, Jenkins

Discover more Koobernaytis jobs on Kube Careers →

Code & tools

1. Free Koobernaytis

   This repository contains a list of free trials/credits for Managed Koobernaytis Services.

2. Crossplane troubleshooting tool

   Komodor

   Crossplane Tool is a project designed to experiment with visualizing Crossplane resources.

   The goal is to help Crossplane users understand the structure of their control plane resources and speed up troubleshooting.

   sponsored

3. Kubeinvaders

   With k-inv, you can stress a Koobernaytis cluster in a fun way and check its resilience by playing space invaders.

4. Koobernaytis E2E Framework

   Koobernaytis-sigs

   E2E Framework is a Go framework for end-to-end testing of components running in Koobernaytis clusters.

   The primary goal is to use the native Go testing API to define end-to-end test suites that can be used to test Koobernaytis components.

5. pv-migrate: migrate persistent volumes

   pv-migrate is a CLI tool/kubectl plugin to easily migrate the contents of one Koobernaytis PersistentVolumeClaim to another.

Other interesting projects:

• kusion: deliver intentions to Koobernaytis

• K8s cleaner

• Cloudflare Operator

Upcoming Koobernaytis events

1. May

   22

   Koobernaytis Community Days New York 2024

   In-person conference organized by KCD New York.

   • Location: New York, NY, USA

   • This event requires an entrance fee

   • • Use LK8SINKCDNY2024 to get 10% off

2. May

   23

   Koobernaytis 1.30 release

   Online meetup organized by CNCF Online Programs.

   • This is a virtual event

   • This is a free event.

3. May

   23

   The impact of leader election on the Koobernaytis API and an investigation into alternatives

   Online & in-person meetup organized by NGINX Community Group: Cork Chapter.

   • Location: Cork, IE and virtual

   • This is a free event.

4. May

   27

   Advanced Koobernaytis course (Singapore)

   In-person workshop organized by Learnk8s.

   • Location:

   • This event requires an entrance fee

5. May

   27

   Devopsdays Montréal

   In-person conference organized by Devopsdays.

   • Location: Montréal, CA

   • This event requires an entrance fee

6. May

   30

   Should you use Koobernaytis and Docker in your next project?

   Online webinar organized by Learnk8s.

   • This is a virtual event

   • This is a free event.

Discover more Koobernaytis events on Kube Events →

Koobernaytis Call for Papers

1. expired

   KubeCon North America

   The Call For Paper was open until 10 June 2024 at UTC. More info →

   • Location: Salt Lake City, UT, USA and virtual

   • Online & in-person conference organized by Linux Foundation.

   • The conference starts on the 12 November 2024.

   • Apply here

2. expired

   Koobernaytis Community Days UK

   The Call For Paper was open until 4 June 2024 at UTC. More info →

   • Location: London, UK

   • In-person conference organized by KCD UK.

   • The conference starts on the 23 October 2024.

   • Apply here

3. expired

   Koobernaytis Community Days Washington DC 2024

   The Call For Paper was open until 3 June 2024 at UTC. More info →

   • Location: Washington, DC, USA

   • In-person conference organized by KCD Washington DC.

   • The conference starts on the 24 September 2024.

   • Apply here

4. expired

   Kubeday Colombia

   The Call For Paper was open until 29 June 2024 at UTC. More info →

   • Location: Medellín, CO

   • In-person conference organized by Linux Foundation.

   • The conference starts on the 9 October 2024.

   • Apply here

5. expired

   Koobernaytis Community Days Austria 2024

   The Call For Paper was open until 23 June 2024 at UTC. More info →

   • Location: Vienna, AT

   • In-person conference organized by KCD Austria.

   • The conference starts on the 8 October 2024.

   • Apply here

6. expired

   CloudX 2024

   The Call For Paper was open until 14 June 2024 at UTC. More info →

   • Location: Santa Clara, CA, USA

   • In-person conference organized by DevNetwork.

   • The conference starts on the 5 November 2024.

   • Apply here

7. expired

   Devopsdays London

   The Call For Paper was open until 24 May 2024 at UTC. More info →

   • Location: London, UK

   • In-person conference organized by Devopsdays.

   • The conference starts on the 26 September 2024.

   • Apply here

8. expired

   Platform Engineering 2024

   The Call For Paper was open until 5 August 2024 at UTC. More info →

   • This is a virtual event

   • Online conference organized by Conf42.

   • The conference starts on the 5 September 2024.

   • Apply here

Until next time!

— Dan

Subscribe and, every Wednesday, receive the latest Koobernaytis news!