This media is not supported in your browser
VIEW IN TELEGRAM
Is sharing a cluster with multiple tenants worth it?
Should you share or have a single dedicated cluster per team?
In this KubeFM episode, Artem revisits his journey into Kubernetes multi-tenancy and discusses how the landscapes (and opinions) on multi-tenancy have changed over the years.
Here's what you will learn:
- The trade-offs of multi-tenancy and the tooling necessary to make it happen (e.g. vCluster, Argo CD, Kamaji, etc.).
- The challenges of providing isolated monitoring and logging for tenants.
- How to design and architect a platform on Kubernetes to optimise your developer's experience.
Watch (or listen to) it here: https://kube.fm/multitenancy-artem
Should you share or have a single dedicated cluster per team?
In this KubeFM episode, Artem revisits his journey into Kubernetes multi-tenancy and discusses how the landscapes (and opinions) on multi-tenancy have changed over the years.
Here's what you will learn:
- The trade-offs of multi-tenancy and the tooling necessary to make it happen (e.g. vCluster, Argo CD, Kamaji, etc.).
- The challenges of providing isolated monitoring and logging for tenants.
- How to design and architect a platform on Kubernetes to optimise your developer's experience.
Watch (or listen to) it here: https://kube.fm/multitenancy-artem
Forwarded from LearnKube news
When planning your infrastructure, one of the fundamental questions is: how many Kubernetes clusters should you have?
One big cluster or multiple smaller clusters?
Should the team share resources, or to each their own?
This Thursday, Dan investigates the pros and cons of different approaches and compares cost efficiency, ease of management resilience and security for different setups.
In this session, you will learn:
- How Kubernetes design is intended for sharing resources and the consequence for isolation and security.
- How can you isolate your workloads with different security trade-offs depending on how trustworthy your tenants are?
- How to estimate costs and efforts in building a single shared cluster vs multiple clusters.
📆 Thu, 29th Feb
⏰ 8am PT | 5pm CET
👉 https://www.vcluster.com/event/workshop-series-1/
One big cluster or multiple smaller clusters?
Should the team share resources, or to each their own?
This Thursday, Dan investigates the pros and cons of different approaches and compares cost efficiency, ease of management resilience and security for different setups.
In this session, you will learn:
- How Kubernetes design is intended for sharing resources and the consequence for isolation and security.
- How can you isolate your workloads with different security trade-offs depending on how trustworthy your tenants are?
- How to estimate costs and efforts in building a single shared cluster vs multiple clusters.
📆 Thu, 29th Feb
⏰ 8am PT | 5pm CET
👉 https://www.vcluster.com/event/workshop-series-1/
This media is not supported in your browser
VIEW IN TELEGRAM
Structured Authentication Config is the most significant Kubernetes authentication system update in the last six years.
In this KubeFM episode, Maksim explains how this is going to affect you:
1. You can use multiple authentication providers simultaneously (e.g., Okta, Keycloak, GitLab) — no need for Dex.
2. You can change the configuration dynamically without restarting the API server.
3. You can use any JWT-compliant token for authentication.
4. You can use CEL (Common Expression Language) to determine whether the token's claims match the user's attributes in Kubernetes (username, group).
Watch (or listen to) it here: https://kube.fm/structured-authentication-maksim
In this KubeFM episode, Maksim explains how this is going to affect you:
1. You can use multiple authentication providers simultaneously (e.g., Okta, Keycloak, GitLab) — no need for Dex.
2. You can change the configuration dynamically without restarting the API server.
3. You can use any JWT-compliant token for authentication.
4. You can use CEL (Common Expression Language) to determine whether the token's claims match the user's attributes in Kubernetes (username, group).
Watch (or listen to) it here: https://kube.fm/structured-authentication-maksim
This media is not supported in your browser
VIEW IN TELEGRAM
Can you run databases on Kubernetes and survive to tell the story?
Or should you refrain from running stateful workloads as much as possible?
In this KubeFM episode, Steven argues that you should run databases on Kubernetes.
He also goes further and demonstrates how to build your custom operator to manage your database.
Listen to the episode and learn how:
- You can use Kubebuilder and the Operator Framework to build your operator.
- Custom Resources lets you create higher abstractions to manage your infrastructure as code.
- Steven's operator manages hundreds of databases at scale at QuestDB.
Watch (or listen to) it here: https://kube.fm/operators-steven
Or should you refrain from running stateful workloads as much as possible?
In this KubeFM episode, Steven argues that you should run databases on Kubernetes.
He also goes further and demonstrates how to build your custom operator to manage your database.
Listen to the episode and learn how:
- You can use Kubebuilder and the Operator Framework to build your operator.
- Custom Resources lets you create higher abstractions to manage your infrastructure as code.
- Steven's operator manages hundreds of databases at scale at QuestDB.
Watch (or listen to) it here: https://kube.fm/operators-steven
Forwarded from LearnKube news
Kubernetes namespaces are the basic building block for identity and isolation but don't provide any of those features out of the box.
In this session, you will explore in a great level of detail:
- How namespaces are (not) used during scheduling.
- How namespaces are (not) used in the cluster network and the implementation of Network Policies.
- How namespaces provide the starting point for RBAC.
The insights will help you understand the trade-offs in designing a multi-tenant platform on Kubernetes.
📆 Thu, 7th Mar
⏰ 8am PT | 5pm CET
👉 https://www.vcluster.com/event/workshop-series-2/
In this session, you will explore in a great level of detail:
- How namespaces are (not) used during scheduling.
- How namespaces are (not) used in the cluster network and the implementation of Network Policies.
- How namespaces provide the starting point for RBAC.
The insights will help you understand the trade-offs in designing a multi-tenant platform on Kubernetes.
📆 Thu, 7th Mar
⏰ 8am PT | 5pm CET
👉 https://www.vcluster.com/event/workshop-series-2/
Forwarded from LearnKube news
Kubernetes: 50 namespaces vs 50 control planes vs 50 clusters.
For the last episode of "Building Kubernetes platforms", we decided to run an experiment: how much does multi-tenancy cost?
We created three scenarios:
- 50 tenants using the Hierarchical Namespace Controller.
- 50 tenants using vCluster.
- 50 dedicated clusters managed via Karmada.
Which one was the most expensive?
Spoiler: the dedicated clusters are very expensive.
But is it worth the investment?
Chris will cover it live on Thursday!
📆 Thu, 14th Mar
⏰ 8am PT | 5pm CET
👉 https://www.vcluster.com/event/workshop-series-3/
For the last episode of "Building Kubernetes platforms", we decided to run an experiment: how much does multi-tenancy cost?
We created three scenarios:
- 50 tenants using the Hierarchical Namespace Controller.
- 50 tenants using vCluster.
- 50 dedicated clusters managed via Karmada.
Which one was the most expensive?
Spoiler: the dedicated clusters are very expensive.
But is it worth the investment?
Chris will cover it live on Thursday!
📆 Thu, 14th Mar
⏰ 8am PT | 5pm CET
👉 https://www.vcluster.com/event/workshop-series-3/
This media is not supported in your browser
VIEW IN TELEGRAM
Service meshes and the community's opinion of them have changed drastically over the years.
From being perceived as unnecessary, complicated and bloated, they matured into security and observability powerhouses (while still retaining much of their complexity).
In this KubeFM episode, William deep dives into the world of service meshes and explains a few of the technical choices and trade-offs of service meshes in simple terms.
You will learn:
- What is a service mesh and its design (i.e. control plane and data plane).
- How Ambient mesh departs from the traditional sidecar model and how it affects reliability and security.
- Why there's more than just eBPF in sidecarless service meshes and the limitation of this technology.
- The direct costs (compute) and human factors involved in operating a service mesh.
Watch (or listen to) it here: https://kube.fm/service-mesh-william
From being perceived as unnecessary, complicated and bloated, they matured into security and observability powerhouses (while still retaining much of their complexity).
In this KubeFM episode, William deep dives into the world of service meshes and explains a few of the technical choices and trade-offs of service meshes in simple terms.
You will learn:
- What is a service mesh and its design (i.e. control plane and data plane).
- How Ambient mesh departs from the traditional sidecar model and how it affects reliability and security.
- Why there's more than just eBPF in sidecarless service meshes and the limitation of this technology.
- The direct costs (compute) and human factors involved in operating a service mesh.
Watch (or listen to) it here: https://kube.fm/service-mesh-william
This media is not supported in your browser
VIEW IN TELEGRAM
Ensuring the repeatability of your infrastructure is a crucial aspect of managing Kubernetes clusters.
This allows you to swiftly tear down and set up a new one, a practice that is quite handy.
However, there are exceptional circumstances when your cluster becomes more than a disposable tool.
Dan shared, "A Kubernetes cluster will be treated as disposable until you deploy ingress, and then it becomes a pet."
In this episode, you will delve into the concept of 'disposable' and 'pet' Kubernetes clusters and learn:
- How you can use GitOps to create a repeatable infrastructure that syncs.
- How resources such as the Ingress and external-dns require careful maintenance and monitoring to make your cluster special.
- How Crossplane and vCluster help you define repeatable environments that are disposable.
- All the flavours for Argo: Workflows, Autopilot, CD, etc., and "Project" a newer abstraction to manage apps across environments.
Watch (or listen to) it here: https://kube.fm/ingress-gitops-dan
This allows you to swiftly tear down and set up a new one, a practice that is quite handy.
However, there are exceptional circumstances when your cluster becomes more than a disposable tool.
Dan shared, "A Kubernetes cluster will be treated as disposable until you deploy ingress, and then it becomes a pet."
In this episode, you will delve into the concept of 'disposable' and 'pet' Kubernetes clusters and learn:
- How you can use GitOps to create a repeatable infrastructure that syncs.
- How resources such as the Ingress and external-dns require careful maintenance and monitoring to make your cluster special.
- How Crossplane and vCluster help you define repeatable environments that are disposable.
- All the flavours for Argo: Workflows, Autopilot, CD, etc., and "Project" a newer abstraction to manage apps across environments.
Watch (or listen to) it here: https://kube.fm/ingress-gitops-dan
Forwarded from Kube Events
Kubernetes Community Days Romania starts in less than 2 weeks!
A one-day technical event loaded with exciting Kubernetes talks and networking opportunities.
📆 Thu, 25th Apr
⏰ 8am EET
📍 Bucharest, RO
👉 https://kube.events/t/b08aa779-8760-45e7-a493-4dc023871777
A one-day technical event loaded with exciting Kubernetes talks and networking opportunities.
📆 Thu, 25th Apr
⏰ 8am EET
📍 Bucharest, RO
👉 https://kube.events/t/b08aa779-8760-45e7-a493-4dc023871777
Forwarded from LearnKube news
Creating and deleting Pods is one of the most common tasks in Kubernetes.
In this article, you will learn how to prevent broken connections when a Pod starts up or shuts down (and how to shut down long-running tasks gracefully).
Read the full article: https://learnk8s.io/graceful-shutdown
In this article, you will learn how to prevent broken connections when a Pod starts up or shuts down (and how to shut down long-running tasks gracefully).
Read the full article: https://learnk8s.io/graceful-shutdown
This media is not supported in your browser
VIEW IN TELEGRAM
In this KubeFM episode, Mat discusses the necessity of long-term support for Kubernetes and explores the intricacies of managing Kubernetes upgrades in a fast-evolving landscape.
You will learn:
- The importance of long-term support (LTS) for Kubernetes and how it can alleviate the challenges associated with the platform's rapid release cycles.
- Strategies for managing Kubernetes upgrades, including insights into the release cycle and the potential pitfalls of the upgrading process.
- The role of managed services and semi-automatic upgrades in simplifying Kubernetes maintenance for organizations, especially in cost optimization and resource constraints.
Watch (or listen to) it here: https://kube.fm/kubernetes-lts-mat
You will learn:
- The importance of long-term support (LTS) for Kubernetes and how it can alleviate the challenges associated with the platform's rapid release cycles.
- Strategies for managing Kubernetes upgrades, including insights into the release cycle and the potential pitfalls of the upgrading process.
- The role of managed services and semi-automatic upgrades in simplifying Kubernetes maintenance for organizations, especially in cost optimization and resource constraints.
Watch (or listen to) it here: https://kube.fm/kubernetes-lts-mat
Media is too big
VIEW IN TELEGRAM
In this KubeFM episode, Alexander Block delves into the intricacies of Kubernetes templating and deployment tools, sharing his journey from frustration with existing solutions to creating his tool, kluctl.
Alex also discusses the challenges and solutions in Kubernetes templating and deployment, emphasizing the need for more adaptable tools in the Kubernetes ecosystem.
You will learn:
- The fundamental flaws of Helm and how they impact Kubernetes deployments and tools packaging.
- How tools such as Kustomize, CUE, jsonnet are only a partial solution to templating.
- Alternatives to Helm and the future of Kubernetes resource templating and distribution.
Watch (or listen to) it here: https://kube.fm/kluctl-templating-codablock
Alex also discusses the challenges and solutions in Kubernetes templating and deployment, emphasizing the need for more adaptable tools in the Kubernetes ecosystem.
You will learn:
- The fundamental flaws of Helm and how they impact Kubernetes deployments and tools packaging.
- How tools such as Kustomize, CUE, jsonnet are only a partial solution to templating.
- Alternatives to Helm and the future of Kubernetes resource templating and distribution.
Watch (or listen to) it here: https://kube.fm/kluctl-templating-codablock
This media is not supported in your browser
VIEW IN TELEGRAM
With a passion for security and a knack for troubleshooting, Jennifer Luther Thomas, a Technical Marketing Engineer at Tigera, discusses the critical role of network policies in Kubernetes security, the complexities involved in their implementation, and the balance between security and manageability.
In this KubeFM episode, you will learn:
- The importance of observability in troubleshooting network policies and how it aids in debugging complex issues.
- The trade-offs between the complexity of network policies and the security benefits they provide.
- The skills, thought process and humility behind troubleshooting technologies you are unfamiliar with.
Watch (or listen to) it here: https://kube.fm/network-observability-jen
🙏 Many thanks to Otterize for supporting our work and sponsoring this episode. Make sure to check out their product for automating policies and zero-trust security! https://otterize.com
With 🎙Bart "La falsa modestia" Farrell
In this KubeFM episode, you will learn:
- The importance of observability in troubleshooting network policies and how it aids in debugging complex issues.
- The trade-offs between the complexity of network policies and the security benefits they provide.
- The skills, thought process and humility behind troubleshooting technologies you are unfamiliar with.
Watch (or listen to) it here: https://kube.fm/network-observability-jen
🙏 Many thanks to Otterize for supporting our work and sponsoring this episode. Make sure to check out their product for automating policies and zero-trust security! https://otterize.com
With 🎙Bart "La falsa modestia" Farrell
Media is too big
VIEW IN TELEGRAM
Abdelfettah Sghiouar (Senior Developer Advocate at Google) shares his insights on three interesting technologies in the cloud-native ecosystem:
1. Actuated: a tool for running isolated GitHub action workers, focusing on ARM architecture.
2. Ray: the Kubernetes AI platform.
3. Argo: a suite of open-source tools for deploying and running applications and workloads on Kubernetes.
Watch the full interview: https://kube.fm/multi-tenancy-community-abdel
1. Actuated: a tool for running isolated GitHub action workers, focusing on ARM architecture.
2. Ray: the Kubernetes AI platform.
3. Argo: a suite of open-source tools for deploying and running applications and workloads on Kubernetes.
Watch the full interview: https://kube.fm/multi-tenancy-community-abdel
Media is too big
VIEW IN TELEGRAM
Thomas Graf, VP and CTO of Cloud Networking and Security at Isovalent (part of Cisco), emphasizes that eBPF's kernel-level operation can significantly improve service mesh performance and security.
Thomas evaluates service meshes based on their scalability, security, and observability features, areas where he believes eBPF can provide substantial benefits.
Watch the full interview: https://kube.fm/on-prem-challenges-thomas
This interview is a reaction to William's episode https://kube.fm/service-mesh-william
Thomas evaluates service meshes based on their scalability, security, and observability features, areas where he believes eBPF can provide substantial benefits.
Watch the full interview: https://kube.fm/on-prem-challenges-thomas
This interview is a reaction to William's episode https://kube.fm/service-mesh-william
Media is too big
VIEW IN TELEGRAM
In this interview, Miguel Luna, Principal Product Manager at Elastic, explores the evolving landscape of observability from three critical perspectives.
He highlights the challenges and strategies around cardinality and data decay, emphasizing the massive scale of data generated by modern technologies like Kubernetes.
Miguel also introduces the concept of entity-centric observability, advocating for a more intuitive approach that aligns with the user's specific needs and interests.
Watch the full interview: https://kube.fm/metrics-ingestion-decay-miguel
This interview is a reaction to Mat's episode https://kube.fm/bare-metal-kubernetes-mathias
He highlights the challenges and strategies around cardinality and data decay, emphasizing the massive scale of data generated by modern technologies like Kubernetes.
Miguel also introduces the concept of entity-centric observability, advocating for a more intuitive approach that aligns with the user's specific needs and interests.
Watch the full interview: https://kube.fm/metrics-ingestion-decay-miguel
This interview is a reaction to Mat's episode https://kube.fm/bare-metal-kubernetes-mathias
Media is too big
VIEW IN TELEGRAM
In this episode, Alexander Block, shares his perspectives on YAML's pivotal role in Kubernetes.
He champions YAML over alternatives like XML and JSON, praising its non-bloated nature and human readability.
He believes this simplicity and ease of learning make YAML an ideal choice despite some criticisms, which he attributes more to tooling issues rather than the language itself.
Watch the full episode: https://kube.fm/kluctl-templating-codablock
He champions YAML over alternatives like XML and JSON, praising its non-bloated nature and human readability.
He believes this simplicity and ease of learning make YAML an ideal choice despite some criticisms, which he attributes more to tooling issues rather than the language itself.
Watch the full episode: https://kube.fm/kluctl-templating-codablock
This media is not supported in your browser
VIEW IN TELEGRAM
Jennifer Luther Thomas, a Technical Marketing Engineer at Tigera, highlights a common challenge: configuring network policies.
She recalls one particular issue involving a customer who, despite following documentation, overlooked a port necessary for pod communication, leading to partial application dysfunction.
Watch the full episode: https://kube.fm/network-observability-jen
She recalls one particular issue involving a customer who, despite following documentation, overlooked a port necessary for pod communication, leading to partial application dysfunction.
Watch the full episode: https://kube.fm/network-observability-jen
Media is too big
VIEW IN TELEGRAM
In this interview, Miguel Luna, Principal Product Manager at Elastic, explores the evolving landscape of observability from three critical perspectives.
He highlights the challenges and strategies around cardinality and data decay, emphasizing the massive scale of data generated by modern technologies like Kubernetes.
Miguel also introduces the concept of entity-centric observability, advocating for a more intuitive approach that aligns with the user's specific needs and interests.
Watch the full interview: https://kube.fm/metrics-ingestion-decay-miguel
This interview is a reaction to Mat's episode https://kube.fm/foolproof-gke-mat
He highlights the challenges and strategies around cardinality and data decay, emphasizing the massive scale of data generated by modern technologies like Kubernetes.
Miguel also introduces the concept of entity-centric observability, advocating for a more intuitive approach that aligns with the user's specific needs and interests.
Watch the full interview: https://kube.fm/metrics-ingestion-decay-miguel
This interview is a reaction to Mat's episode https://kube.fm/foolproof-gke-mat
Media is too big
VIEW IN TELEGRAM
Thomas Graf, VP and CTO of Cloud Networking and Security at Isovalent (part of Cisco), emphasizes that eBPF's kernel-level operation can significantly improve service mesh performance and security.
Thomas evaluates service meshes based on their scalability, security, and observability features, areas where he believes eBPF can provide substantial benefits.
Watch the full interview: https://kube.fm/on-prem-challenges-thomas
This interview is a reaction to William's episode https://kube.fm/service-mesh-william
Thomas evaluates service meshes based on their scalability, security, and observability features, areas where he believes eBPF can provide substantial benefits.
Watch the full interview: https://kube.fm/on-prem-challenges-thomas
This interview is a reaction to William's episode https://kube.fm/service-mesh-william
This media is not supported in your browser
VIEW IN TELEGRAM
In this KubeFM episode, Mircea shares his journey of migrating a home lab to Kubernetes, specifically choosing Talos over other operating systems like Ubuntu, Flatcar, or Bottlerocket.
Mircea also discusses his decision-making process and experiences in setting up and optimizing his Kubernetes home lab. You will learn:
- What is Talos Linux and how it compares to other operating systems.
- The challenges and considerations involved in migrating to Kubernetes, including selecting network plugins and GitOps.
- Insights into managing and securing Kubernetes clusters, focusing on the advantages of immutable operating systems.
Watch (or listen to) it here: https://kube.fm/talos-mircea
🙏 Many thanks to DigitalOcean for supporting our work and sponsoring this episode. Make sure to check out their managed Kubernetes service (and enjoy $200 free credits) https://do.co/kubefm
With @Birthmarkb "Crazy Rich Asian" Farrell
Mircea also discusses his decision-making process and experiences in setting up and optimizing his Kubernetes home lab. You will learn:
- What is Talos Linux and how it compares to other operating systems.
- The challenges and considerations involved in migrating to Kubernetes, including selecting network plugins and GitOps.
- Insights into managing and securing Kubernetes clusters, focusing on the advantages of immutable operating systems.
Watch (or listen to) it here: https://kube.fm/talos-mircea
🙏 Many thanks to DigitalOcean for supporting our work and sponsoring this episode. Make sure to check out their managed Kubernetes service (and enjoy $200 free credits) https://do.co/kubefm
With @Birthmarkb "Crazy Rich Asian" Farrell