그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그 그

Posts in 2018
  • Hibernate a Cluster to Save Money

    Wednesday, July 11, 2018 in 2018

    You want to experiment with Kubernetes or set up a customer scenario, but don’t want to run the cluster 24 / 7 due to cost reasons? Gardener gives you the possibility to scale your cluster down to zero nodes. Learn more on Hibernate a Cluster.

    Read more

  • Watching Logs of Several Pods

    Monday, June 11, 2018 in 2018

    One thing that always bothered me was that I couldn’t get the logs of several pods at once with kubectl. A simple tail -f <path-to-logfile> isn’t possible. Certainly, you can use kubectl logs -f <pod-id>, but it doesn’t …

    Read more

  • Shared Storage with S3 Backend

    Monday, June 11, 2018 in 2018

    The storage is definitely the most complex and important part of an application setup. Once this part is completed, one of the most problematic parts could be solved. Mounting an S3 bucket into a pod using FUSE allows you to access data stored in S3 …

    Read more

  • ReadWriteMany - Dynamically Provisioned Persistent Volumes Using Amazon EFS

    Monday, June 11, 2018 in 2018

    The efs-provisioner allows you to mount EFS storage as PersistentVolumes in Kubernetes. It consists of a container that has access to an AWS EFS resource. The container reads a configmap containing the EFS filesystem ID, the AWS region and the name …

    Read more

  • Namespace Scope

    Monday, June 11, 2018 in 2018

    Should I use: ❌ one namespace per user/developer? ❌ one namespace per team? ❌ one per service type? ❌ one namespace per application type? 😄 one namespace per running instance of your application? Apply the Principle of Least Privilege All user …

    Read more

  • Namespace Isolation

    Monday, June 11, 2018 in 2018

    …or DENY all traffic from other namespaces You can configure a NetworkPolicy to deny all traffic from other namespaces while allowing all traffic coming from the same namespace the pod is deployed to. There are many reasons why you may choose …

    Read more

  • Kubernetes is Available in Docker for Mac 17.12 CE

    Monday, June 11, 2018 in 2018

    Kubernetes is only available in Docker for Mac 17.12 CE and higher on the Edge channel. Kubernetes support is not included in Docker for Mac Stable releases. To find out more about Stable and Edge channels and how to switch between them, see general …

    Read more

  • Hardening the Gardener Community Setup

    Monday, June 11, 2018 in 2018

    The Gardener project team has analyzed the impact of the Gardener CVE-2018-2475 and the Kubernetes CVE-2018-1002105 on the Gardener Community Setup. Following some recommendations it is possible to mitigate both vulnerabilities.

    Read more

  • Big Things Come in Small Packages

    Monday, June 11, 2018 in 2018

    Microservices tend to use smaller runtimes but you can use what you have today - and this can be a problem in Kubernetes. Switching your architecture from a monolith to microservices has many advantages, both in the way you write software and the way …

    Read more

  • Auditing Kubernetes for Secure Setup

    Monday, June 11, 2018 in 2018

    In summer 2018, the Gardener project team asked Kinvolk to execute several penetration tests in its role as a third-party contractor. The goal of this ongoing work is to increase the security of all Gardener stakeholders in the open source community. …

    Read more