[ONGOING] masterclass: Kubernetes Self healing, networking, HA large scale, Mesh, TLS ...
โ 37 mins - Kubernetes Design Principles: Understand the Why - Saad Ali, Google
ย ๐ Link to YT: hereKubernetes is quickly becoming indispensable for managing and deploying workloads on distributed systems across both cloud and on-prem environments. While most people are now familiar with how to use Kubernetes, few are aware of the โwhyโ behind it. Why does the Kubernetes API look the way it does? Why do Kubernetes components only interact with each other through the Kubernetes API? Why is there a PersistentVolumeClaim object when you could easily reference a volume directly from a pod? To answer these questions and help you develop a deeper understanding of Kubernetes, this talk exposes the principles underpinning the design of Kubernetes.
โ About TLS and cert-manager
๐ cert-manager โ Past, Present and Future โ Jake Sanders (cert-manager Maintainer) & Ashley Davis (Jetstack): ๐ฅ Watch here | ๐ Slides | ๐งพ Summary
cert-manager is the Cloud Native way to manage X.509 certificates inside Kubernetes. It's often one of the first tools administrators install on a new cluster, reaching over 15 million image pulls per day! The project recently entered the CNCF incubation phase after two years in the sandbox. In this talk, two maintainers discuss why cert-manager matters, its evolution, and whatโs next.
๐ Cert-Manager Beyond Ingress โ Exploring the Variety of Use Cases - Matthew Bates, Jetstack ๐ฅ Watch here | ๐ Slides | ๐งพ Summary
Cert-manager is a widely used project for the automation of X.509 TLS certificates. In 2020, it reached 1.0 and landed in the CNCF Sandbox. cert-manager has been popularised by its support of ACME and Ingress, enabling many millions of certificates to be issued and renewed, and to help secure the cloud native web with Kubernetes and all the various ingress controllers. But cert-manager, with its custom resources and controllers, extensible with issuers including those out-of-tree, can also be used for a myriad of other use cases in which certificates are required. This talk will walk through the various use cases for cert-manager, including ingress, control plane and nodes (kubeadm, CAPI), webhooks, intra-service mTLS (cert-manager-csi) and service mesh (OpenServiceMesh, Istio).
๐ Best Friends Keep No Secrets: Going Secretless with cert-manager - Ashley Davis & Tim Ramlot, Venafi ๐ฅ Watch here | ๐ Slides | ๐งพ Summary
In today's complex Kubernetes environments, managing secrets securely is a challenge. Traditional methods often involve complex configurations with secret vaults, secret syncing and secret backups. Regardless of which fancy technology is used, secrets always come with a risk of being leaked. Most of the secrets used in traditional applications can be replaced by short-lived certificates. Applications can prove to be the owner of a certificate without sharing any secrets. In Kubernetes, cert-manager can be used to provision these certificates to all applications without sharing any secret information. Table of contents: - Do we actually need secrets? Comparing authentication methods: static secrets vs short-lived secrets and proof of ownership - H ow to issue certificates using cert-manager without using [S|s]ecrets - Compatibility and other challenges
๐ title ๐ฅ Watch here | ๐ Slides | ๐งพ Summary
blablabla...
โ - 35 mins - Certifik8s: All You Need to Know About Certificates in Kubernetes [I] - Alexander Brand, Apprenda
ย ๐ Link to YT: hereCertificates are an integral part of a secure Kubernetes cluster deployment. They are mainly used to secure the Kubernetes API server using TLS, but certificates (and keys) are also used for other cluster functions such as client authentication, encryption of secrets, TLS bootstrapping, and the generation of service account tokens.
Certificates pose interesting challenges to cluster operators. What does the certificate setup look like in an ideal scenario? How long should certificates be valid for? When nearing expiration dates, how can certificates be rotated to ensure the cluster remains operational? These challenges must be understood when it comes to deploying and operating a Kubernetes cluster.
After this talk, you should have a better understanding of:
ย ย ย ย โข How each cluster component uses certificates for secure communications
ย ย ย ย โข How certificates can be used for authentication, including service account tokens
ย ย ย ย โข How the Kubelet TLS bootstrapping process works
ย ย ย ย โข How to plan, generate and deploy the certificates required for a secure cluster
ย ย ย ย โข How to rotate certificates that are nearing their expiration date
About Alexander Brand Alex works on the Kismatic Enterprise Toolkit at Apprenda, making the deployment of production Kubernetes clusters easier. He has been involved with Kubernetes and related projects since early 2016. Before Apprenda, Alex attended Queen's University in Canada, where he majored in Biomedical Computing.
- (5y ago) LISA19 - Deep Dive into Kubernetes Internals for Builders and Operators
- (1y ago) Crossplane Intro and Deep Dive - the Cloud Native Control Plane Framework
Self Healing:
- (1y ago) The Magic of Kubernetes Self-Healing Capabilities - Saad Ali, Google
- (8y ago) Deploying Self Healing Services With Kubernetes w/ Rob Scott
- (1y ago) "Kubernetes self-healing: HA for services and control plane" - Lukasz Sztachanski i Lukasz Luczaj
Networking
- Understanding Kubernetes Networking in 30 Minutes - Ricardo Katz & James Strong- Life of a Packet [I] - Michael Rubin, Google
- Tutorial: Communication Is Key - Understanding Kubernetes Networking - Jeff Poole, Vivint Smart Home
- Surviving Day 2 - How to Troubleshoot Kubernetes Networking - Thomas Graf, Isovalent
- Kubernetes Networking Intro and Deep-Dive - Bowei Du & Tim Hockin, Google
- Understanding Kubernetes Networking. Part 1: Container Networking
โ Tutorial: From CNI Zero to CNI Hero: A Kubernetes Networking Tutorial Using CNI
ย ๐ Link to YT: herematerial available here:
fork of demo
HA Large scale
- Highly Available Kubernetes Clusters - Best Practices - Meaghan Kjelland & Karan Goel, Google
- (1y ago) Building a Large Scale Multi-Cloud Multi-Region SaaS Platform with Kubernetes Controllers
- (1y ago) Architecting Resilience: Lessons from Managing 7K+ Kubernetes Clusters at Scale
Mesh: Istio and Cilium:
- (5y ago) Demystifying Service Mesh, HashiCorp
- (1y ago) Comparing Sidecar-Less Service Mesh from Cilium and Istio - Christian Posta, Solo.io
- (1y ago) Simplifying Multi-Cluster and Multi-Cloud Deployments with Cilium - Liz Rice, Isovalent
- (1y ago) Istio Ambient Service Mesh Made Simple - Lin Sun, Solo.io
- (1y ago) Best-Practices for Securing Egress Traffic with Istio - Niranjan Shankar, Microsoft
- (6mm ago) What Istio Got Wrong: Learnings from the Last Seven Years of Service Mesh - C. Posta, L. Ryan
- (1y ago) Reliable multi-cluster application architectures with Istio - Ameer Abbas & John Howard, Google
- (1y ago) What Istio Got Wrong: Learnings from the Last Seven Years of Service Mesh - C. Posta, L. Ryan
- (1y ago) Create resilient multi-cluster, multi-regional and multi-tenant architectures with Istio and K8s
โ04/26 -> Actual - ๐ก - Cyber Security super bundle
โ - 60 hours - ๐ก - Linux System Administration Essentials (LFS207)โ - 35 hours - ๐ข - Kubernetes Fundamentals (LFS258)
โ - 30 hours - ๐ - Kubernetes Security Essentials (LFS260)
โ - 40 hours - ๐ - Implementing DevSecOps (LFS262)
โ - 24 hours - ๐ - Mastering Infrastructure Security: Strategies, Tools, and Practices (SKF200)
โ - 35 hours - ๐ - Mastering Kubernetes Security with Kyverno (LFS255)
โ06/25 -> 03/26 - ๐ข๐ -
Advanced Cloud Engineer IT Professional Program (LFS002)
โ- 40 hours - ๐ข - Containers Fundamentals (LFS253)โ- 35 hours - ๐ข - Kubernetes Fundamentals (LFS258)
โ- 20 hours - ๐ข - Service Mesh Fundamentals (LFS243)
โ- 25 hours - ๐ข - Monitoring Systems and Services with Prometheus (LFS241)
โ- 30 hours - ๐ข - Managing Kubernetes Applications with Helm (LFS244)
โ- 30 hours - ๐ข - Cloud Native Logging with Fluentd and Fluent Bit (LFS242)
โ05/25 -> 06/25 - ๐ข๐ - Introduction to DevOps and Cloud Infrastructure Technologies
โ- 20 hours - ๐ข - Introduction to Jenkins (LFS167)โ- 20 hours - ๐ข - Introduction to kubernetes (LFS158)
โ- 50 hours - ๐ข - Introduction to Cloud Infrastructure Technologies (LFS151)
โ- 12 hours - ๐ข - Introduction to DevOps and Site Reliability Engineering (LFS162)
โ 06/25 - ๐ข - Kubernetes troubleshooting: a step-by-step guide
โ- 2 hours - ๐ข - Link hereExplaination and analysis (with Devtron) of the following common errors, their possible root causes and how to fix them:
- CRASHLOOPBACKOFF
-- OOMKilled
-- CPU throttling
- ENV Variables/Secrets Mount Issue
- Database connection issues FROM The Linux Foundation
Courses and workshops on AI
โ06/25 - ๐ข - Fine-tuning and Deploy of a LLM
โโ- 2 hours - ๐ข - Link hereโโโFrom: ProfessionAI
โ06/25 - ๐ข - AI Cloud Explained: What It Is, Why It Matters, and How It Works
โโ- 2 hours - ๐ข - Link hereโโโExplored scalable AI workloads, model training, deployment, and real-time processing in cloud environments.
โ05/25 - ๐ข - Desarrolla una Aplicaciรณn Web con Inteligencia Artificial Usando Endpoints de API OpenAI
โโ- 4 hours - ๐ข - Link hereโโโBuilt a web application using AI API endpoints, focusing on practical OpenAI integration.
โโโFrom: Nuclio Digital School
Courses and workshops on Agile management, Project management and foundraising
โ10/25 - ๐ข Designing in Italy for Global Citizenship
โโ- 35 hours - ๐ข - more info hereโโโCovered EU funding programmes and project management tools, including Next Generation EU, Cohesion Policy, Horizon Europe, PMยฒ, LFA, RACI, SWOT, stakeholder mapping and SMART indicators.
โโโfrom: ProgEU: Progress in European Union
โ05/25 - ๐ข Agile management
โโ- 16 hours - ๐ข - more info hereโโโIntensive 4-week program designed to provide professionals and students with foundational and practical knowledge of Agile methodologies. Through a combination of recorded content, live sessions, and hands-on challenges, participants will gain tools to manage digital products and teams effectively in dynamic environments
โโโfrom: Nuclio digital school
๐ฌยณ = On the bucket list, to start asap
๐ฌยฒ = DevOps with kubernetes starts in june
๐ฌยน = NodeJS ... Stopped to follow others
ECTS = European Credit Transfer and Accumulation System (ECTS)
Resume :
here
badges : here