Istio: Istio Service Mesh | Part-1 | Introduction
What is a Service Mesh? Modern applications are typically architected as distributed collections of microservices, with each collection of microservices performing some discrete business function. A service mesh is a dedicated infrastructure layer that you can add to your applications. It allows you to transparently add capabilities like observability, traffic management, and security, without adding […]
OPA (Open Policy Agent)/ Rego : Part-7: Kubernetes Custom Resource Definition (CRD) and OPA Gatekeeper
Custom Resources A custom resource is an extension of the Kubernetes API that is not necessarily available in a default Kubernetes installation. It represents a customization of a particular Kubernetes installation. However, many core Kubernetes functions are now built using custom resources, making Kubernetes more modular. Custom resources can appear and disappear in a running cluster through […]
OPA (Open Policy Agent): Part-6: Rego – Enforcing labels For Kubernetes Deployment
Overview In this article, we are going to learn about how to create a Rule for Kubernetes Deployment Manifest. The policy will check whether the defined label exists in our pod manifest file. In order to in Rego, we will convert our pod manifest file (which is in Yaml format) to Json format. We will name it […]
OPA (Open Policy Agent): Part-5: Rego – Deny/Allow Rule for Kubernetes Pod image
Overview In this article, we are going to learn about how to create Deny / Allow rule for Kubernetes POD image. Working Example Let’s create a Directory called test6 and create 3 files like below: policy.rego input.json Testing The policy 1. Testing Deny policy using “opa eval” command: The Output: 2. Testing Allow policy using “opa […]
Google Kubernetes Engine: Running a MongoDB Database in Kubernetes with StatefulSets
Overview Kubernetes is an open source container orchestration tool that handles the complexities of running containerized applications. You can run Kubernetes applications with Kubernetes Engine—a Google Cloud computing service that offers many different customizations and integrations. In this lab, you will get some practical experience with Kubernetes by learning how to set up a MongoDB database with […]
Google Cloud: Working with Google Kubernetes Engine Secrets and ConfigMaps
In this lab, you set up configuration information, both encrypted and unencrypted. Encrypted configuration information is stored as secrets. Unencrypted configuration information is stored as ConfigMaps. This approach avoids hard coding such information into code bases. Credentials (like API keys) that belong in secrets should never travel inside code repositories like GitHub (unless they are […]
Google Cloud: Configuring Persistent Storage for Google Kubernetes Engine
PersistentVolumes are storage that is available to a Kubernetes cluster. PersistentVolumeClaims enable Pods to access PersistentVolumes. Without PersistentVolumeClaims Pods are mostly ephemeral, so you should use PersistentVolumeClaims for any data that you expect to survive Pod scaling, updating, or migrating. In this lab, you learn how to perform the following tasks: Create manifests for PersistentVolumes […]
Google Cloud: Configuring Private Kubernetes Cluster
In this lab, you will create a private cluster, and add an authorized network for API access to it. In this lab, you learn how to perform the following tasks: Create and test a private cluster Configure a cluster for authorized network master access Task 1. Create a private cluster In this task, you create […]
Google Cloud: Deploying Jobs on Google Kubernetes Engine
In this lab, you define and run Jobs and CronJobs. In GKE, a Job is a controller object that represents a finite task. Jobs manage a task as it runs to completion, rather than managing an ongoing desired state such as the maintaining the total number of running Pods. CronJobs perform finite, time-related tasks that run […]
Google Cloud: Upgrading Google Kubernetes Engine Clusters
In this lab, you will upgrade a GKE cluster using the Google Cloud Console. Task 1. Deploy a GKE cluster In this task, you use Google Cloud Console to deploy a GKE cluster running a Kubernetes version that is not the most recent release. You will upgrade this cluster to a more recent release in […]