How to preserve the source IP in Kubernetes

As you implement SRE practices and culture at your organization, you’ll realize everyone has a part to play. From engineers setting SLOs, to management upholding the virtue of blamelessness, to marketing teams conducting retrospectives on email campaigns, there’s no part of an organization that doesn’t benefit from the SRE mentality.

However, while it’s not necessarily to have people with the title of ‘SRE’ in order to successfully adopt the best practices of SRE, having people who are dedicated to stewardship of SRE practices is important to achieve reliability excellence. In this blog post, we’ll look at some of the many roles an SRE can play, and how to find people with those skill sets.

We explain the precise maintenance process to execute a major version upgrade of PostgreSQL.

ipvs-node-controller is the kubernetes controller that solves External-IP (Load Balancer IP) issue with IPVS proxy mode. IPVS proxy mode has various problems, and one of them is that the External-IP assigned through the LoadBalancer type service with externalTrafficPolicy=Local option cannot access inside the cluster.

How and why we spend trillions to keep old software going

Kubeonoff is a small web UI that allows to quickly stop/start/restart pods.

Comparing the three most popular managed Kubernetes platforms in features and overall experience

1. Source base image from trusted repositories
2. Install verified packages
3. Minimize attack surface in the Image
4. Do not bake secrets in the image
5. Use of Secure Private or Public Registries
6. Do not use privileged or root user to run the application in a container
7. Implement image vulnerability scanning in CI/CD
8. Enable kernel security profiles like AppArmor
9. Secure centralized and remote logging
10. Deploy runtime security monitoring

- Keep your migration scripts away from your production code.
- Keep it low-tech, don’t deserialize.
- Write tests to exercise each migration script individually.
- Consider running long migrations online.
- Consider versioning your documents.

Ktunnel is a CLI tool that establishes a reverse tunnel between a kubernetes cluster and your local machine. It lets you expose your machine as a service in the cluster or expose it to a specific deployment.

This project provides a custom operator for implementing a strong multi-tenant environment in Kubernetes. Capsule is not intended to be yet another PaaS, instead, it has been designed as a lightweight tool with a minimalist approach leveraging only the standard features of upstream Kubernetes.