Loma  Baumbach

Loma Baumbach


Injektor: A Kubernetes controller that injects on INIT

Namespaces in Kubernetes are logical boundaries that are intended for use in a shared cluster hosting multiple tenants or services.

Namespaces provide,

  • A scope for names. The object name metadata must be unique within a namespace, but need not across namespaces.
  • A mechanism to attach authorization and policy to a subsection of the cluster.

In large scale Kubernetes deployments, multiple namespaces exist to host application services or tenants. From a cluster administrator perspective, the namespace initialization can range from being fairly simple such as kubectl apply -f <namespace.yaml> to a really complex process using automation pipelines (Eg. Jenkins, Ansible).

This is because most namespace initializations require creating multiple other Kubernetes resources (objects) which are required as a prerequisite to deploying a service or a tenant application. Some examples are,

  • An application pod needs access to an API key to send logs to a hosted log collector or a pod needs a persistentVolume to persists data
  • Cluster administrators need to setup admin specific objects (such as RBACnetwork-policiesdisruption-budgets, etc) before it can be handed over to service owners or tenants

As we can imagine, this process quickly becomes complex if we were to scale to 100s of services or tenants. To automate this fairly repeatable process, I introduce Injektor; a Kubernetes controller to inject objects on an Initevent.

Recently I also published Agumbe, a controller that creates GlobalObjectsfor Kubernetes. These controllers working in tandem will help ease the operational overhead for Kubernetes administrators.

For more info on Agumbe:

Agumbe: A Kubernetes operator to create GlobalSecrets

Agumbe is a Kubernetes controller that makes it easy to replicate (CRUD) a namespaced object, its behavior & share the…


Injektor a pretty simple controller, which watches for certain annotations on a namespace resource initialization and correspondingly creates child objects in that namespace.

Image for post

Fig2. Injektor workflow

There are THREE components involved,

  • Namespace Annotation
  • A custom key, value pair added to a namespace object. For example,
apiVersion: v1
kind: Namespace
  name: tenant-1
    savilabs.io/injekt: true
    savilabs.io/tier: gold
    env: DEV
    access: tenant-1
  • Controller
  • The controller is a while loop that constantly scans Kubernetes API server for namespace CREATE/UPDATE/DELETE events, and executes certain actions on annotation string match

  if annotation in namespace.annotations.keys():
  • Manifests
  • Single or a group of Kubernetes object definitions that needs to be injected into a namespace on Init . These files can be mounted through a configMap or can be fetched from a cloud object-storage (like AWS S3) during controller bootup sequence

├── role.yaml
├── rolebinding.yaml
├── configmap.yaml
├── pdb.yaml
├── secret.yaml
├── networkpolicy.yaml
└── serviceaccount.yaml

#docker #devops #automation #kubernetes #cloud-computing

What is GEEK

Buddha Community

Injektor: A Kubernetes controller that injects on INIT
Christa  Stehr

Christa Stehr


50+ Useful Kubernetes Tools for 2020 - Part 2


Last year, we provided a list of Kubernetes tools that proved so popular we have decided to curate another list of some useful additions for working with the platform—among which are many tools that we personally use here at Caylent. Check out the original tools list here in case you missed it.

According to a recent survey done by Stackrox, the dominance Kubernetes enjoys in the market continues to be reinforced, with 86% of respondents using it for container orchestration.

(State of Kubernetes and Container Security, 2020)

And as you can see below, more and more companies are jumping into containerization for their apps. If you’re among them, here are some tools to aid you going forward as Kubernetes continues its rapid growth.

(State of Kubernetes and Container Security, 2020)

#blog #tools #amazon elastic kubernetes service #application security #aws kms #botkube #caylent #cli #container monitoring #container orchestration tools #container security #containers #continuous delivery #continuous deployment #continuous integration #contour #developers #development #developments #draft #eksctl #firewall #gcp #github #harbor #helm #helm charts #helm-2to3 #helm-aws-secret-plugin #helm-docs #helm-operator-get-started #helm-secrets #iam #json #k-rail #k3s #k3sup #k8s #keel.sh #keycloak #kiali #kiam #klum #knative #krew #ksniff #kube #kube-prod-runtime #kube-ps1 #kube-scan #kube-state-metrics #kube2iam #kubeapps #kubebuilder #kubeconfig #kubectl #kubectl-aws-secrets #kubefwd #kubernetes #kubernetes command line tool #kubernetes configuration #kubernetes deployment #kubernetes in development #kubernetes in production #kubernetes ingress #kubernetes interfaces #kubernetes monitoring #kubernetes networking #kubernetes observability #kubernetes plugins #kubernetes secrets #kubernetes security #kubernetes security best practices #kubernetes security vendors #kubernetes service discovery #kubernetic #kubesec #kubeterminal #kubeval #kudo #kuma #microsoft azure key vault #mozilla sops #octant #octarine #open source #palo alto kubernetes security #permission-manager #pgp #rafay #rakess #rancher #rook #secrets operations #serverless function #service mesh #shell-operator #snyk #snyk container #sonobuoy #strongdm #tcpdump #tenkai #testing #tigera #tilt #vert.x #wireshark #yaml

Maud  Rosenbaum

Maud Rosenbaum


Kubernetes in the Cloud: Strategies for Effective Multi Cloud Implementations

Kubernetes is a highly popular container orchestration platform. Multi cloud is a strategy that leverages cloud resources from multiple vendors. Multi cloud strategies have become popular because they help prevent vendor lock-in and enable you to leverage a wide variety of cloud resources. However, multi cloud ecosystems are notoriously difficult to configure and maintain.

This article explains how you can leverage Kubernetes to reduce multi cloud complexities and improve stability, scalability, and velocity.

Kubernetes: Your Multi Cloud Strategy

Maintaining standardized application deployments becomes more challenging as your number of applications and the technologies they are based on increase. As environments, operating systems, and dependencies differ, management and operations require more effort and extensive documentation.

In the past, teams tried to get around these difficulties by creating isolated projects in the data center. Each project, including its configurations and requirements were managed independently. This required accurately predicting performance and the number of users before deployment and taking down applications to update operating systems or applications. There were many chances for error.

Kubernetes can provide an alternative to the old method, enabling teams to deploy applications independent of the environment in containers. This eliminates the need to create resource partitions and enables teams to operate infrastructure as a unified whole.

In particular, Kubernetes makes it easier to deploy a multi cloud strategy since it enables you to abstract away service differences. With Kubernetes deployments you can work from a consistent platform and optimize services and applications according to your business needs.

The Compelling Attributes of Multi Cloud Kubernetes

Multi cloud Kubernetes can provide multiple benefits beyond a single cloud deployment. Below are some of the most notable advantages.


In addition to the built-in scalability, fault tolerance, and auto-healing features of Kubernetes, multi cloud deployments can provide service redundancy. For example, you can mirror applications or split microservices across vendors. This reduces the risk of a vendor-related outage and enables you to create failovers.

#kubernetes #multicloud-strategy #kubernetes-cluster #kubernetes-top-story #kubernetes-cluster-install #kubernetes-explained #kubernetes-infrastructure #cloud

Mitchel  Carter

Mitchel Carter


Microsoft Announces General Availability Of Bridge To Kubernetes

Recently, Microsoft announced the general availability of Bridge to Kubernetes, formerly known as Local Process with Kubernetes. It is an iterative development tool offered in Visual Studio and VS Code, which allows developers to write, test as well as debug microservice code on their development workstations while consuming dependencies and inheriting the existing configuration from a Kubernetes environment.

Nick Greenfield, Program Manager, Bridge to Kubernetes stated in an official blog post, “Bridge to Kubernetes is expanding support to any Kubernetes. Whether you’re connecting to your development cluster running in the cloud, or to your local Kubernetes cluster, Bridge to Kubernetes is available for your end-to-end debugging scenarios.”

Bridge to Kubernetes provides a number of compelling features. Some of them are mentioned below-

#news #bridge to kubernetes #developer tools #kubernetes #kubernetes platform #kubernetes tools #local process with kubernetes #microsoft

Houston  Sipes

Houston Sipes


Did Google Open Sourcing Kubernetes Backfired?

Over the last few years, Kubernetes have become the de-facto standard for container orchestration and has also won the race against Docker for being the most loved platforms among developers. Released in 2014, Kubernetes has come a long way with currently being used across the entire cloudscape platforms. In fact, recent reports state that out of 109 tools to manage containers, 89% of them are leveraging Kubernetes versions.

Although inspired by Borg, Kubernetes, is an open-source project by Google, and has been donated to a vendor-neutral firm — The Cloud Native Computing Foundation. This could be attributed to Google’s vision of creating a platform that can be used by every firm of the world, including the large tech companies and can host multiple cloud platforms and data centres. The entire reason for handing over the control to CNCF is to develop the platform in the best interest of its users without vendor lock-in.

#opinions #google open source #google open source tools #google opening kubernetes #kubernetes #kubernetes platform #kubernetes tools #open source kubernetes backfired

Kubernetes: Monitoring, Reducing, and Optimizing Your Costs

Over the past two years at Magalix, we have focused on building our system, introducing new features, and scaling our infrastructure and microservices. During this time, we had a look at our Kubernetes clusters utilization and found it to be very low. We were paying for resources we didn’t use, so we started a cost-saving practice to increase cluster utilization, use the resources we already had and pay less to run our cluster.

In this article, I will discuss the top five techniques we used to better utilize our Kubernetes clusters on the cloud and eliminate wasted resources, thus saving money. In the end, we were able to cut our monthly bill by more than 50%!

  • Applying Workload Right-Sizing
  • Choosing The Right Worker Nodes
  • Autoscaling Workloads
  • Autoscaling Worker Nodes
  • Purchasing Commitment/Saving Plans

#cloud-native #kubernetes #optimization #kubecost #kubernetes-cost-savings #kubernetes-cost-monitoring #kubernetes-reduce-cost #kubernetes-cost-analysis