AWS

Understanding Amazon Elastic Container Service for Kubernetes (EKS)

...
Understanding Amazon Elastic Container Service for Kubernetes (EKS)

Amazon Elastic Container Service for Kubernetes or EKS provides a Managed Kubernetes Service. Amazon does the undifferentiated heavy lifting, such as provisioning the cluster, performing upgrades and patching. Although it is compatible with existing plugins and tooling, EKS is not a proprietary AWS fork of Kubernetes in any way. This...

...
CONTINUE READING
AWS

Autoscaling an Amazon Elastic Kubernetes Service cluster

...
Autoscaling an Amazon Elastic Kubernetes Service cluster

In this article we are going to consider the two most common methods for Autoscaling in EKS cluster: Horizontal Pod Autoscaler (HPA)Cluster Autoscaler (CA)The Horizontal Pod Autoscaler or HPA is a Kubernetes component that automatically scales your service based on metrics such as CPU utilization or others, as...

...
CONTINUE READING
Kubernetes

Kubernetes Admission Controllers

...
Kubernetes Admission Controllers

Kubernetes supports over 30 Admission Controllers. Subsequent to Authorization and Authentication, Admission Controllers are the final step in a 3-step process before Kubernetes persists the resource in etcd (a consistent and highly-available key value store used as Kubernetes’ backing store for all cluster data). Some relevant Admission Controllers to secure...

...
CONTINUE READING
Security

Kubernetes Authorization and RBAC

...
Kubernetes Authorization and RBAC

Authorization Modes Kubernetes supports the following authorization modes: Attribute-Based Access Control: An authorizer through which access rights are granted to users through policies combining attributes (resources attributes, user attributes, objects, etc.)Node Authorization: A special-purpose authorizer that grants permissions to kubelets based on the pods they are scheduled to run...

...
CONTINUE READING
Kubernetes

Configure Kubernetes Network with Flannel

...
Configure Kubernetes Network with Flannel

Introduction Network overlays in Kubernetes clusters are used to address containers, pods, services and external client connectivity.  Overlays are software components that decouple the physical infrastructure from networking services. Overlays encapsulate a packet-within-a-packet to achieve connectivity and routing. An overlay is a virtual network serving on the underlying network or...

...
CONTINUE READING
Kubernetes

Kubernetes Authentication

...
Kubernetes Authentication

There are 3 steps that Kubernetes uses to enforce security access and permissions - Authentication, Authorization and Admission. In this article we are going to consider Authentication first. The Authentication, Authorization and Admission Control ProcessThe first thing in Authentication is Identity. IdentityKubernetes assumes that 'users' are managed outside of Kubernetes:...

...
CONTINUE READING
Kubernetes

Kubernetes Dashboard WebUI

...
Kubernetes Dashboard WebUI

In this topic, we are going to consider the Kubernetes WebUI Dashboard. The Web User Interface allows us to browse our playground cluster and perform administrative tasks and things like that. It gives a good way to see what you have done on your playground without having to use the...

...
CONTINUE READING
Kubernetes

Kubernetes. Replication and self-healing

...
Kubernetes. Replication and self-healing

To start with, I would like to explain what does self-healing means in terms of Kubernetes. Self-healing is a fantastic feature of Kubernetes to recover from service or node failure automatically. In the following article, we will consider the benefit of using replication for your micro-services and how the Kubernetes...

...
CONTINUE READING
Kubernetes

Trusted Repositories and Container Registries in Kubernetes

...
Trusted Repositories and Container Registries in Kubernetes

In this topic, we will consider some of the key capabilities of trusted repositories and container registries. We will cover secure authentication, scanning and signing of content as necessary practices that ensure a secure Kubernetes environment. In order to establish a deployment of Kubernetes cluster and application workloads into that...

...
CONTINUE READING
Docker

Docker Swarm and Shared Storage Volumes

...
Docker Swarm and Shared Storage Volumes

As we know, volumes provide a flexible and powerful way to add persistent storage to managed dockers, but what should we do if we want to share storage volumes across several Docker hosts, for instance, a Swarm cluster? In this topic, we will consider a simple method of creating shared...

...
CONTINUE READING