Tips, Expertise, Articles and Advice from the Pro's for Your Website or Blog to Succeed
As Kubernetes becomes a basic infrastructure for many organizations, performance tuning for Kubernetes clusters is becoming more important. Kubernetes is a highly scalable open-source platform for orchestrating containerized workloads in server environments. It enables declarative configuration and automation of computing resources.
Kubernetes is fundamentally a complex system with lots of different potential attack vectors aimed at data theft currency mining and other threats. Brice Fernandes started us off with a discussion on how to secure your operations to Kubernetes using GitOps best practices. Liz Rice then followed up on the current state of Kubernetes security-related features as well as best practices and other tips on how to secure your cluster.
According to Brice, Kubernetes clusters were traditionally accessed by developers directly, using the command line tool `kubectl`. There are of course many issues with having your development team directly accessing the cluster in this way. The biggest problem with this is that it is really hard to audit and track who did what, when.
Over the past two years, deploying a conformant Kubernetes cluster has become even easier, thanks to the efforts of the Cluster Lifecycle Special Interest Group (SIG) and its kubeadm tool. But if you've used kubeadm on a freshly provisioned machine, you know there is a considerable set of tasks you have to complete prior to running kubeadm:
To take you from zero to hero (see what I did there?), the team at Platform9 has built nodeadm, an unassuming but jovial sidekick to kubeadm. Like kubeadm, it's open-source and focused on making it easy to manage the Kubernetes lifecycle. You can use it in concert with tools like etcdadm and cctl as part of our Klusterkit, together with your own automation software, or interactively.
