We explain the precise maintenance process to execute a major version upgrade of PostgreSQL.

ipvs-node-controller is the kubernetes controller that solves External-IP (Load Balancer IP) issue with IPVS proxy mode. IPVS proxy mode has various problems, and one of them is that the External-IP assigned through the LoadBalancer type service with externalTrafficPolicy=Local option cannot access inside the cluster.

How and why we spend trillions to keep old software going

Kubeonoff is a small web UI that allows to quickly stop/start/restart pods.

Comparing the three most popular managed Kubernetes platforms in features and overall experience

1. Source base image from trusted repositories
2. Install verified packages
3. Minimize attack surface in the Image
4. Do not bake secrets in the image
5. Use of Secure Private or Public Registries
6. Do not use privileged or root user to run the application in a container
7. Implement image vulnerability scanning in CI/CD
8. Enable kernel security profiles like AppArmor
9. Secure centralized and remote logging
10. Deploy runtime security monitoring

- Keep your migration scripts away from your production code.
- Keep it low-tech, don’t deserialize.
- Write tests to exercise each migration script individually.
- Consider running long migrations online.
- Consider versioning your documents.

Ktunnel is a CLI tool that establishes a reverse tunnel between a kubernetes cluster and your local machine. It lets you expose your machine as a service in the cluster or expose it to a specific deployment.

This project provides a custom operator for implementing a strong multi-tenant environment in Kubernetes. Capsule is not intended to be yet another PaaS, instead, it has been designed as a lightweight tool with a minimalist approach leveraging only the standard features of upstream Kubernetes.

A Kubernetes project to kill all namespace living over X times. Quite useful when auto-generated development environments on the fly and give them a lifecycle out-of-the-box from Kubernetes or even Helm.

List of resources and notes for passing the Certified Kubernetes Application Developer (CKAD) exam.

SRE Classroom: Distributed PubSub is a workshop developed by Google’s Site Reliability Engineering group. The goals of this workshop are to (1) introduce participants to the principles of non-abstract large systems design (NALSD), and (2) provide hands-on experiences with applying these principles to the design and evaluation of these systems. We consider NALSD a concept fundamental to SRE, and understanding its principles provides a basis for having meaningful conversations about the design and operation of large software systems.

In the first theoretical part of the workshop, participants learn about some foundational large system design principles and concepts. Topics include correctness, reliability, performance, different inter-system communication styles, and more. We introduce the problem requirements in detail and walk through the first parts of an example solution.

The practical part of this workshop asks participants to apply the principles they have learned to develop a Publish-Subscribe system that meets certain performance and correctness requirements and Service Level Objectives (SLOs).

The workshop concludes with a detailed example solution, as well as a discussion of the system’s inputs and SLOs.

awstaghelper allow tagging hundreds of AWS resources in few commands