Are your Kubernetes applications inexplicably slowing down, even when your nodes seem to have plenty of CPU to spare? You might be experiencing CPU throttling. I recently watched an excellent CNCF video by Dave Chiluk, an engineer at Indeed. I encourage you to watch the whole video. There is also a related blog article from […]
Understanding and Fixing CPU Limits in Kubernetes Read More »
Managing secrets is critical for running secure and professional Kubernetes clusters. Sensitive data like API keys, database passwords, and TLS certificates need to be handled with care. While Kubernetes offers its own Secret object, it is often better to delegate the actual storage and management of secrets to external, specialized systems like AWS Secrets Manager,
Secrets Store CSI Driver vs. External Secrets Operator Read More »
Falco is an open-source security tool for linux-based systems. Thanks to its plugin architecture, it can also be used to scan and monitor Kubernetes clusters. This article will cover some of the basics of Falco and show how it can be used to monitor AWS EKS clusters. Security Scan Basics There are two basic types
Secure EKS Clusters with Falco Read More »
EKS Pod Identity was announced at AWS ReInvent:2023. This feature aims to simplify granting pods access to AWS services running in an EKS cluster. AWS EKS Pod Identity allows you to associate an IAM role with a Kubernetes service account and configure your Pods to use that service account. Introduction Kubernetes workloads that need access
Evaluating AWS EKS Pod Identity Read More »
Having introduced the Gateway API in part one of this series, we will now explore some Gateway API types and field specifications, and how they all fit together. Installing the Gateway API Addon You might be wondering, “Why don’t I see Gateway API resources on my Kubernetes cluster?” or “Which Kubernetes cluster version includes the
Gateway API – Part 2 – API Resources Read More »
This is the first article of a series about the Kubernetes Gateway API. In case you missed it, Gateway API has reached v1.0 GA Release in October of 2023, while around the same time, the well-established Ingress API Object was frozen. We can infer from this that Gateway API is officially replacing Ingress. But don’t
Gateway API – Part 1 – An Introduction Read More »
Artificial Intelligence is showing up everywhere, including Kubernetes! The K8sGPT project is an official CNCF sandbox project, first announced at KubeCon Amsterdam in 2023. It was open-sourced under the Apache-2.0 license and the github project already has lots of stars and contributors. Its motto is … Giving Kubernetes Superpowers to everyone In this article I
Trying K8sGPT – AI For Kubernetes Read More »
If you manage several Kubernetes clusters across different AWS accounts, you know it can be challenging to manage Kubernetes secrets across all of those clusters. This article describes a method to store secrets values in AWS Secrets Manager in a single account and use those secrets in Kubernetes clusters running in different AWS accounts. Furthermore,
Centralized Secrets with ESO and AWS Secrets Manager Read More »
Ephemeral volumes are a feature of Kubernetes that allows the creation of storage volumes which follow the lifecycle of the pod. In other words, when the pod is destroyed, the volume is also destroyed. This differs from persistent volumes, which are often used to retain data, even after the pod is no longer running. In
EBS-backed Ephemeral Volumes Read More »
Kubernetes does not come with a full-featured monitoring solution out-of-the-box, however it does expose metrics for the health and state of the cluster and its workloads. These metrics are exposed by APIs, which are in turn collected by monitoring solutions such Prometheus, Metric Server and many other third-party tools. You can read more about the
Understanding How Kubernetes Exposes Metrics Read More »
