System Upgrade Controller provides a general-purpose, Kubernetes-native upgrade controller (for nodes). It introduces a new CRD, for defining any and all of your upgrade policies/requirements.


Read more https://github.com/rancher/system-upgrade-controller

This article explains the PID 1 problem, explains how you can solve it, and presents a pre-built solution that you can use: the Baseimage-docker.

Read more https://blog.phusion.nl/2015/01/20/docker-and-the-pid-1-zombie-reaping-problem

In this repository you will find a simulator that creates a Kubernetes cluster in your AWS account; runs scenarios that misconfigure it and/or leave it vulnerable to compromise and trains you in mitigating against these vulnerabilities.



Read more https://github.com/kubernetes-simulator/simulator

coroot-node-agent is a Prometheus exporter based on eBPF that gathers comprehensive container metrics such as TCP connects.

Read more https://github.com/coroot/coroot-node-agent

What happens when you combine a Kubernetes RoleBinding to a ClusterRole?

Are you even allowed?

This article will explore the Kubernetes RBAC authorization model by rebuilding it from scratch.

You will also discover different (unusual but useful) configurations for your RBAC resources.

If you work in a large organization with many users and applications, you will find this article on limiting access to Kubernetes resources relevant.

https://learnk8s.io/rbac-kubernetes

This article shows how you can leverage Pipy to enforce admission control decisions in Kubernetes clusters without modifying or recompiling any Kubernetes components.

Read more https://medium.com/@ali.naqvi/using-pipy-as-a-kubernetes-policy-engine-e70a23c8d54c

In this repository you will find a curated list of OPA related tools, frameworks and articles.

Read more https://github.com/anderseknert/awesome-opa

In this article, you will learn how you can use secrets (managed by AWS Secrets Manager) inside AWS EKS pods.

Read more https://medium.com/@ishana98dadhich/integrating-aws-secret-manager-with-eks-and-use-secrets-inside-the-pods-part-1-1938b0c3c2fb

mcrouter is a memcached protocol router for scaling memcached deployments. Here's a story of how it helped to provide cache coherence for an app run in Kubernetes.

Read more https://blog.flant.com/highly-available-memcached-with-mcrouter-in-kubernetes

AWS supports authenticating your pods using an identity provider that your account is configured to trust.

This tutorial will guide you through the process of creating an IAM role that your kubernetes pods will be able to assume.

Read more https://dev.to/arpanadhikari/reusable-aws-iam-role-for-service-accounts-irsa-for-k8s-terraform-module-2og2

Kubeflow is resource-intensive and deploying it locally means that you might not have enough resources to run your end-to-end machine learning pipeline. In this article you will learn how to deploy Kubeflow in AWS.

Read more https://medium.com/@gkkarobia/kubeflow-cloud-deployment-aws-46f739ccbb32

Read how 4 YAML lines brought down 3 APIs for 1h30 on a Saturday morning.
In the end, the issue was a Helm chart misconfiguration where 2 settings were conflicting with each other.

Read more https://dev.to/francoislp/post-mortem-1h30-downtime-on-a-saturday-morning-5af0

In this article, you will learn about the RAFT protocol and how it affects the availability of your cluster and services.
Then, you will simulate failure scenarios and compare HA setups with 3 and 5 nodes.

Is 3 Pods for a raft cluster enough?

Read more https://medium.com/@laboratoire.pe/raft-consensus-on-kubernetes-how-strong-is-it-93c1793d4332

This scheduler enables cluster admins to offload some configurable percentage of their workloads to spot nodes enabling them to decrease the cost of running these pods without affecting their reliability.

Read more https://github.com/Azure/placement-policy-scheduler-plugins

gotway is a cloud-native API Gateway powered with in-redis cache. Features:

- API composition: expose your services to the internet using a single endpoint.
- Configure routing and cache using Kubernetes CRDs.
- Cache invalidation using tags.


Read more https://github.com/gotway/gotway

Cuber is an automation tool that makes it easy to publish your applications on Kubernetes. Cuber is a gem written in Ruby, but you can deploy apps in any language and framework.



Read more https://github.com/cuber-cloud/cuber-gem

In this article you will learn how to deploy and configure Keycloak in a local Kubernetes cluster, then deploy Grafana and use the Keycloak instance for authentication and authorization.



Read more https://medium.com/@charled.breteche/securing-grafana-with-keycloak-sso-d01fec05d984

The team at Learnk8s is happy to announce Kube Events — a curated list of Kubernetes-related events.

The website includes only what we think are the meetups, conferences, training & webinars that you will find interesting to attend (e.g. no vendor pitches, with a focus on Kubernetes).

You can discover the next upcoming events here: https://kube.events

You can also join the Telegram channel for daily updates here: https://xn--r1a.website/KubeEvents

Config Syncer keeps ConfigMaps and Secrets synchronized across namespaces and/or clusters.

Read more https://github.com/kubeops/config-syncer

For something as important as NetworkPolicy, debugging is surprisingly painful.
In this article you will learn a few practical tips on how to debug your network policies.

Read more https://pauldally.medium.com/debugging-networkpolicy-part-1-249921cdba37

In this article, you will learn some of the pitfalls and gotchas in deploying Multus into AWS Elastic Kubernetes Service.

Read more https://joealford.medium.com/deploying-multus-into-amazons-eks-42269146f421