Kaptain Kubernetes Weekly Newsletter is part of FAUN Developer Community. We help developers learn and grow by keeping them up with what matters.

⭐ Patrons

😍 Cloud Native Microservices With Kubernetes — Get 30% Off!

👋 Hey there,

Aymen here, founder of FAUN, and I’m thrilled to announce the release of the first version of “Cloud Native Microservices With Kubernetes.”

This comprehensive guide takes you on a deep dive into the intricacies of microservices, high-availability strategies, CI/CD, GitOps, and observability in the fascinating world of Cloud Native development.

Throughout the book, you’ll get hands-on experience with an extensive range of powerful tools and technologies, including Docker, Kubernetes, minikube, Rancher, Terraform, Operators, Helm, Prometheus, Istio, Grafana, OpenTelemetry, Jaeger, Loki, Argo CD, and many more. These tools will empower you to build and manage robust, scalable, and resilient microservices architectures.

While this is the initial release (v0) of the book, rest assured that it is fully packed with valuable insights and practical knowledge. Additionally, expect updates and further contents in the future.

🤩As a token of appreciation for being a FAUNer, I’m thrilled to offer you an exclusive 30% discount on the book. Simply use this coupon link to secure your discounted copy.

Don’t miss this opportunity and grab your copy now!

Thank you for your continued support, and I can’t wait to hear about your experiences with the book.

Happy reading!
Aymen, Founder of FAUN

👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.

⭐ Sponsors

The all-in-one monitoring solution for IT admins, DevOps and SREs

Get deep visibility into the performance of your complex enterprise applications and cloud native workloads. Identify potential issues, improve productivity, and ensure that your business and end users are unaffected by downtime and substandard performance.

Download a 30-day free trial .

👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.

🔗 From the web

Kelsey Hightower — Present

Learn from Kubernetes superstar Kelsey Hightower on The ReadME Podcast, discussing his journey into tech, the future of Kubernetes, and how to demystify complex technology.

Docker Swarm vs. Kubernetes

Docker Swarm and Kubernetes are two popular container orchestration technologies. Docker Swarm is easier to use with its simple installation and user-friendly API, but may fall short for more complex use cases. Kubernetes has a steeper learning curve but offers more advanced tools, a larger community, and strong networking and scaling capabilities for larger and more complicated deployments. Ultimately, the choice depends on the specific needs of the containerized application environment.

The challenges of monitoring Kubernetes for observability

Monitoring and managing Kubernetes presents unique challenges due to its dynamic and distributed nature. Traditional monitoring tools are inadequate for the complexity of modern distributed systems. Kubernetes observability requires a different approach that consolidates telemetry data, generates insights, and doesn’t require deep Kubernetes expertise.

✅ Exploring the effect of Topology Aware Hints on network traffic in Amazon Elastic Kubernetes Service

Kubernetes is introducing Topology Aware Hint, a feature that biases traffic routing based on origin within an AZ, in order to optimize latency and reduce inter-AZ data transfer costs for workloads running on Amazon EKS clusters. The feature sets a zone label on endpoint objects and instructs the kube-proxy to filter endpoints based on zone hints, routing traffic to the specified AZ for better performance while still providing the benefit of resiliency with multiaz architecture.

Kubernetes Cluster Architecture Best Practices

Kubernetes is a powerful platform for managing containerized applications, but configuring the cluster is complex. Optimizing cluster architecture involves considerations like single or multiple clusters, node configurations, sandboxing, network policies, and best practices for operations and deployment. Careful planning improves security, efficiency, and management.

Attacking and securing cloud identities in managed Kubernetes (Amazon EKS)

The post discusses authentication and authorization in Amazon Elastic Kubernetes Service (EKS). It explains how EKS authenticates requests and authorizes access using IAM. It also explores attack vectors like SSRF vulnerabilities and stealing pod identities. The defender-focused section covers preventing pod access to node credentials and auditing with MKAT.

Building a Kubernetes purple teaming lab

Learn how to create a local Kubernetes lab with telemetry monitoring using auditd, Laurel, and Sumo Logic. Follow the step-by-step instructions to provision, configure, and send relevant telemetry to Sumo Logic’s free instance to track testing activity using an awesome tool called Vectr.

Kubernetes development environments

Uninstalling Docker Desktop led to trying various ways to configure a Kubernetes development environment, including Minikube and Kind. The author recommends using Kind due to its support for multiple Kubernetes cluster versions and the ability to run Kubernetes nodes in Docker containers. Additionally, the author suggests using Rancher Desktop or Podman as an open-source replacement for Docker Desktop. The focus should be on developing applications close to the production environment while staying up to date on the constantly evolving Kubernetes ecosystem.

✅ Having fun with seccomp profiles on the edge

The Security Profiles Operator (SPO) is a Kubernetes feature that simplifies managing seccomp, SELinux, and AppArmor profiles. The SPO’s new command-line tool, spoc, allows easy recording and testing of seccomp profiles. It can record profiles from binary invocations, run binaries with applied profiles, and debug profile issues using the log enricher feature.

⭐ Supporters

Join us — /r/KubernetesLinks on Reddit

We’d love to invite you to join our subreddit, /r/KubernetesLinks

This community is dedicated to sharing useful and insightful content about everything related to Kubernetes and its large ecosystem!

Our goal is to create an active community on Reddit community where you can learn, share knowledge, and stay up-to-date.

Join us here => /r/KubernetesLinks

AWS Migration Meetup

Let’s make informed decisions faster than ever before! Join Migration Meetup by N-iX on June 7th.

We’ll discuss how to easily collect, store, process, and analyze data in real-time using AWS tools and services. And focus on Data trends, difficulties in constructing a modern data platform, unified data access, unified data governance, Scalable Data Lakes, and much more!

Also, you’ll catch some tips & tricks on starting the migration journey.

• Date: June 7th at 4 pm (CEST)
• Free online event
• Talks will be in English

Register here .

👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.

ℹ️ News

Automate Security and Monitoring with Amazon EKS Blueprints, Terraform, and Sysdig

Sysdig and AWS have collaborated to launch a Sysdig addon for Amazon Elastic Kubernetes Service (EKS), designed to help organizations deploy and instrument Kubernetes clusters. The Sysdig EKS blueprint enables organizations to confidently deploy and monitor a Kubernetes cluster with Terraform and a blueprint that provisions a cluster to monitor and secure day zero. The blueprint reduces the learning curve of Kubernetes adoption, and the addon allows for “real-time visibility” and auto-remediation on AWS workloads, helping organizations run Kubernetes with confidence.

Amazon EKS and Amazon EKS Distro now support Kubernetes version 1.27

EKS Distro is now available and allows easy cluster creation and upgrading through the console or command line. Kubernetes supports Amazon EKS in all regions including GovCloud US region.

💬 Discussions

What tools would make your Kubernetes development experience better?

⚙️ Tools

kubernetes-sigs/kwok

Kubernetes WithOut Kubelet — Simulates thousands of Nodes and Clusters.

vfx1b/kubectl-really-get-all

A kubectl get plugin that allows you to list every resource in your cluster

kubevoy/kubevoy

Slack bot for monitoring resources for kubernetes, It’s customizable across multiple channels

jodevsa/kubectl-console

Easily bash into kubernetes workers as if your ssh-ing into them

zerodha/nomad-cluster-setup

Terraform modules for creating Nomad servers and clients nodes on AWS.

👉 Spread the word and help developers find and follow your Open Source project by promoting it on FAUN. Get in touch for more information.

🤔 Did you know?

The first computer programming language, called FORTRAN, was developed in 1954.

😂 Meme of the week

❤️ Thanks for reading

👉 Never miss an issue
Join FAUN Developer Community and subscribe to our newsletter here.

👋 Keep in touch and follow us on social media:
- 💼LinkedIn
- 📝Medium
- 🐦Twitter
- 👥Facebook
- 📰Reddit
- 📸Instagram

👌 Was this newsletter helpful?
We’d really appreciate it if you could share it with your friends! You can also donate to help us keep this newsletter going.

ℹ️ Have a question or feedback?
Feel free to reach out to us at [email protected]. We’d love to hear from you!

🤩 Want to sponsor our newsletter?
Reach out to us at [email protected] and we’ll get back to you as soon as possible.

🦈 Kubernetes Weekly #375: Kubernetes Cluster Architecture Best Practices was originally published in FAUN — Developer Community 🐾 on Medium, where people are continuing the conversation by highlighting and responding to this story.