Kubernetes

Introduction

• https://kubernetes.io/

• https://github.com/ramitsurana/awesome-kubernetes

• https://aws.amazon.com/eks/

• https://cloud.google.com/kubernetes-engine/

• https://azure.microsoft.com/pl-pl/services/kubernetes-service/

• https://www.udacity.com/course/scalable-microservices-with-kubernetes--ud615

• The Illustrated Children's Guide to Kubernetes https://www.youtube.com/watch?v=4ht22ReBjno

• https://kubernetes.io/docs/tasks/access-application-cluster/configure-access-multiple-clusters/

• https://kubernetes.io/docs/reference/kubectl/cheatsheet/

• https://github.com/dennyzhang/cheatsheet-kubernetes-A4

• https://github.com/ramitsurana/awesome-kubernetes#books

• https://www.replex.io/blog/the-ultimate-kubernetes-cost-guide-aws-vs-gce-vs-azure-vs-digital-ocean

• https://divvycloud.com/blog/kubedex-comparison-google-gke-microsoft-aks-amazon-eks/

• https://github.com/ramitsurana/awesome-kubernetes#useful-article

• https://github.com/kelseyhightower/kubernetes-the-hard-way

• https://kubedex.com/google-gke-vs-microsoft-aks-vs-amazon-eks/

• https://github.com/darshanime/notes/blob/master/kubernetes.org

CNI & Networking

• https://chrislovecnm.com/kubernetes/cni/choosing-a-cni-provider/

• https://itnext.io/benchmark-results-of-kubernetes-network-plugins-cni-over-10gbit-s-network-36475925a560

• https://itnext.io/kubernetes-networking-behind-the-scenes-39a1ab1792bb

• https://itnext.io/kubernetes-multi-cluster-networking-made-simple-c8f26827813

AWS EKS

• https://docs.aws.amazon.com/eks/latest/userguide/what-is-eks.html

• https://aws.amazon.com/eks/faq/

• https://eksworkshop.com/introduction/

• https://medium.com/@zhaimo/learning-kubernetes-by-doing-part-1-setting-up-eks-in-aws-50dcf7a76247

• https://docs.aws.amazon.com/eks/latest/userguide/eks-ug.pdf

• https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html

• https://docs.aws.amazon.com/eks/latest/userguide/dashboard-tutorial.html

• https://docs.aws.amazon.com/eks/latest/userguide/create-public-private-vpc.html

• https://github.com/uswitch/kiam/pull/112

• https://sourcediving.com/elastic-kubernetes-service-536a9ffe9223

• https://aws.amazon.com/blogs/opensource/eksctl-eks-cluster-one-command/

• https://aws.amazon.com/blogs/opensource/category/compute/amazon-elastic-container-service-for-kubernetes/

• https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html

• https://www.reddit.com/r/aws/comments/9kbejr/anyone_using_eks_yet_for_prod/

• https://aws.amazon.com/blogs/opensource/eksctl-eks-cluster-one-command/

• https://aws.amazon.com/blogs/opensource/aws-service-operator-kubernetes-available/

• https://aws.amazon.com/about-aws/whats-new/2018/10/amazon-eks-enables-support-for-kubernetes-dynamic-admission-cont/ (istio stuff)

• https://docs.aws.amazon.com/eks/latest/userguide/calico.html

• https://github.com/awsdocs/amazon-eks-user-guide/blob/master/doc_source/doc-history.md

• https://github.com/awslabs/amazon-ecr-credential-helper

• https://blog.giantswarm.io/load-balancer-service-use-cases-on-aws/

• https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer

• https://github.com/kubernetes/kubernetes/issues/26670

• https://www.weave.works/technologies/kubernetes-on-aws

• https://stripe.com/blog/operating-kubernetes

• https://eksworkshop.com/introduction/

• https://github.com/aws/containers-roadmap/projects/1

• https://github.com/pahud/eks-alb-ingress

• https://github.com/awslabs/aws-app-mesh-examples

• https://www.slideshare.net/AmazonWebServices/building-paas-with-amazon-eks-for-the-largescale-highly-regulated-enterprise-con309r1-aws-reinvent-2018

• https://aws.amazon.com/app-mesh/features/

• https://aws.amazon.com/blogs/opensource/kubernetes-service-catalog-aws-service-broker-on-eks/

Ingress

• https://github.com/kubernetes/ingress-nginx

• https://github.com/Kong/kong (nginx)

• https://github.com/containous/traefik

• https://github.com/haproxy/haproxy

• https://github.com/appscode/voyager (haproxy)

• https://github.com/heptio/contour (envoy)

• https://github.com/datawire/ambassador (envoy) (with istio https://www.getambassador.io/user-guide/with-istio/)

• https://istio.io/docs/tasks/traffic-management/ingress/ (envoy)

• https://github.com/kubernetes-sigs/aws-alb-ingress-controller (ALB)

• https://github.com/zalando-incubator/kube-ingress-aws-controller

• https://kubedex.com/nginx-ingress-vs-kong-vs-traefik-vs-haproxy-vs-voyager-vs-contour-vs-ambassador/

• https://www.envoyproxy.io/

• https://github.com/pahud/amazon-eks-workshop/tree/master/03-creating-services/ingress/traefik-ingress

• https://github.com/aws-samples/aws-workshop-for-kubernetes

• https://www.slideshare.net/Provectus/dive-into-devops-march-traefik-as-kubernetes-ingress-controller-ihor-borodin

• https://medium.com/@dmaas/amazon-eks-ingress-guide-8ec2ec940a70

• https://itnext.io/save-on-your-aws-bill-with-kubernetes-ingress-148214a79dcb

• Traefik from kubedex.com: "Another consideration is minimizing server reloads because that impacts load balancing quality and existing connections etc. Traefik doesn’t support hitless reloads so you need NGINX or Envoy Proxy for this. For a lot of people this is a big deal." vs from rancher.com: "Traefik has a true zero downtime reload and implements the possibility of defining circuit breakers rules."

• https://github.com/nginxinc/nginmesh

• https://blog.giantswarm.io/load-balancer-service-use-cases-on-aws/

• https://medium.com/devopslinks/istio-step-by-step-part-01-introduction-to-istio-b9fd0df30a9e Istio

• https://github.com/pahud/eks-alb-ingress

External DNS

• https://github.com/kubernetes-incubator/external-dns

• https://github.com/helm/charts/tree/master/stable/external-dns

• https://github.com/kubernetes-incubator/external-dns/blob/master/docs/tutorials/nginx-ingress.md

• https://banzaicloud.com/blog/k8s-external-dns-route53/

• https://ryaneschinger.com/blog/automatic-dns-kubernetes-ingresses-externaldns/

• https://medium.com/@russell.whelan/traefik-and-external-dns-naming-magic-b4d6a01d3634

• https://github.com/kubernetes-incubator/external-dns/blob/master/docs/tutorials/istio.md

• https://appscode.com/products/voyager/8.0.1/guides/ingress/dns/external-dns/

• https://stackoverflow.com/questions/50251672/how-to-setup-up-dns-and-ingress-controllers-for-a-public-facing-web-app

• https://github.com/kubernetes-incubator/external-dns/issues/413 Ingress with traefik

  apiVersion: extensions/v1beta1
  kind: Ingress
  metadata:
    name: test-wordpress
    annotations:
      kubernetes.io/ingress.class: traefik
      external-dns.alpha.kubernetes.io/target: mytraefikservice.mydomain.com
  spec:
    rules:
    - host: test.mydomain.com
      http:
        paths:
        - path: /
          backend:
            serviceName: test-wordpress
            servicePort: 80

AWS/GCP IAM with Kubernetes

• https://github.com/uswitch/kiam

• https://github.com/jtblin/kube2iam

• https://github.com/ash2k/iam4kube

• https://github.com/mikkeloscar/kube-aws-iam-controller

• https://docs.google.com/document/d/1rn-v2TNH9k4Oz-VuaueP77ANE5p-5Ua89obK2JaArfg/edit?usp=sharing

• https://github.com/kernelpayments/kube-google-iam

• https://github.com/istio/istio/issues/9297

Service Mesh

• https://istio.io/docs/concepts/what-is-istio/

• https://kubernetes.io/blog/2017/05/managing-microservices-with-istio-service-mesh/

• https://www.hashicorp.com/blog/consul-1-2-service-mesh

• https://linkerd.io/1/getting-started/k8s/

• https://thenewstack.io/which-service-mesh-should-i-use/

• https://medium.com/@jeffzzq/how-to-integrate-an-aws-lambda-function-into-your-kubernetes-service-mesh-5d665f351675

Helm

• https://helm.sh/

• https://www.digitalocean.com/community/tutorials/how-to-install-software-on-kubernetes-clusters-with-the-helm-package-manager

• https://rancher.com/docs/rancher/v2.x/en/installation/ha/helm-init/

• https://github.com/helm/charts

• https://www.terraform.io/docs/providers/helm/index.html

• https://github.com/roboll/helmfile

• https://github.com/Praqma/helmsman

Security

• https://kubernetes.io/blog/2018/07/18/11-ways-not-to-get-hacked/

• https://github.com/kubernetes-sigs/aws-iam-authenticator

• https://kubernetes.io/docs/reference/access-authn-authz/rbac/

• https://github.com/freach/kubernetes-security-best-practice

• https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/

• https://engineering.bitnami.com/articles/sealed-secrets.html

• https://github.com/bitnami-labs/sealed-secrets

• https://www.slideshare.net/sebastiengoasguen/kubernetes-sealed-secrets

• https://medium.com/@gmaliar/dynamic-secrets-on-kubernetes-pods-using-vault-35d9094d169

• https://github.com/Boostport/kubernetes-vault

• https://coreos.com/blog/introducing-vault-operator-project

• https://medium.com/containerum/top-security-tips-for-your-kubernetes-cluster-9b23a4e95111

• https://neuvector.com/container-security/kubernetes-security-guide/

Chaos Engineering & Kubernetes

• https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/

• https://thenewstack.io/how-chaos-engineering-can-drive-kubernetes-reliability/

• https://learnk8s.io/blog/kubernetes-chaos-engineering-lessons-learned

• https://github.com/asobti/kube-monkey

• https://github.com/bloomberg/powerfulseal

Serverless & Kubernetes

• https://github.com/knative/

• https://cloud.google.com/knative/

• https://github.com/kubeless/kubeless

• https://fission.io/

• https://thenewstack.io/the-future-of-kubernetes-is-serverless/

• https://thenewstack.io/why-serverless-vs-kubernetes-isnt-a-real-debate/

• https://dzone.com/articles/when-to-use-serverless-when-to-use-kubernetes

• https://medium.com/coryodaniel/from-erverless-to-elixir-48752db4d7bc

Misc (Tools, CI/CD, ML, CD/CI, Metrics)

• https://kubernetes.io/docs/reference/tools/

• https://github.com/ahmetb/kubectx

• https://github.com/txn2/kubefwd

• https://about.gitlab.com/solutions/kubernetes/

• https://www.spinnaker.io/

• https://www.kubeflow.org/

• https://opencensus.io/

• https://www.pulumi.com/

• https://kubernetes.io/docs/tasks/debug-application-cluster/resource-usage-monitoring/

• https://itnext.io/kubernetes-monitoring-with-prometheus-in-15-minutes-8e54d1de2e1

• https://www.abhishek-tiwari.com/10-open-source-tools-for-highly-effective-kubernetes-sre-and-ops-teams/

• https://logz.io/blog/kubernetes-monitoring/

• https://thenewstack.io/5-tools-monitoring-kubernetes-scale-production/

• https://medium.com/containerum/4-tools-to-monitor-your-kubernetes-cluster-efficiently-ceaf62818eea

• https://www.weave.works/technologies/monitoring-kubernetes-with-prometheus/

• https://github.com/XiaoMi/naftis

Multi-cloud

• https://banzaicloud.com/blog/multi-cloud-k8s/

• https://kubernetes.io/docs/setup/turnkey/stackpoint/

• https://kubernetes.io/docs/concepts/cluster-administration/federation/

• https://dzone.com/articles/best-practices-for-multi-cloud-kubernetes

• https://cloudify.co/webinars/multi-cloud-orchestration-kubernetes

• https://containership.io/

• http://superuser.openstack.org/articles/how-to-multi-cloud-kubernetes/

• https://www.tripwire.com/state-of-security/security-data-protection/cloud/multi-cloud-security-best-practices-guide/

PREEMPTIBLE & SPOT Instances

• https://cloud.google.com/preemptible-vms/

• https://aws.amazon.com/ec2/spot/

RBAC Sample

# Allows scaling deployments or stateful sets up/down
# Generally bound at the namespace level to allow scaling only in that namespace
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: namespace-scale
rules:
  - apiGroups:
      - '' # core group
    resources:
      - deployments/scale
      - statefulsets/scale
    verbs:
      - create
 ---