Jumpstarting your understanding of Kubernetes Networking Policies.

We are about to get hands-on with Kubernetes and network policies by walking through some common use cases. By the end of this post, you should have a basic understanding of how to implement networking policies in Kubernetes, and how to allow / block traffic within your cluster.

Overview

  • Set up the testing environment using Minikube
  • Deploy an Nginx container to the defaultnamespace
  • Deploy a container to a new namespace to use as an interactive shell to connect with the Nginx container
  • Dive into use cases and policies to showcase how it works

Tools I’m using for this exercise:

  • Minikube


Shifting Security Left by scanning your container images

It’s been quite some time since I wrote a how-to article. A lot has changed since then with me personally but let’s get right into it.

Anchore Engine is an open-source tool that scans your container images to see if there are any open vulnerabilities.

For example, if your base image is node:alpine how do you know if that image is safe to use? Anchore will scan your built image and let you know if there are vulnerabilities that you can leverage during the build process.

Here’s the breakdown of what we’ll…


On Windows 10 with minikube & different namespaces

So far, we have covered GitOps in theory. Now, we are going to put GitOps into practice using Weaveworks Flux and Kustomize.

We are going to set up our hello-world example so that every time you push a change to a particular branch in your git repository, those changes will sync to Kubernetes, or in our case minikube, and ensure your application is in the state that you want it to be in. …


One more step in our automation quest…

In my last post, I covered GitOps, how we got here, and why it’s important. In this post, we are going to get back to the technical stuff and cover the deployable artifact, a Helm Chart.

Where we are in our stages

As a quick recap, by going #GitOps, I’ve decided my entire stack will now be configured in Git. From the host configuration to the latest version of my microservices, it’s all in there.

In this post, I will be converting the Airwave Tech hello-word service into a helm chart. …


From 1.6.2, eek!

It’s been a few months since I fired up my minikube instance and since then, minkube v1.9.2 and K8S v1.18.1 have come out. Time to upgrade!

Upgrade Minikube to v.1.9.2

minikube stop

choco upgrade minikube --version 1.9.2


A brief history lesson of how we got here.

GitOps is a practice that uses Git (source control) as the source of truth for your codified infrastructure. Coupled with a way to sync your stack’s current state against this source code, your system will continuously converge to what has been set as its desired state. Much like common software delivery practices, the ability to deploy changes starts with the pull request.

A couple of years ago, Weaveworks developed GitOps, but the concept of managing your infrastructure with code has been around for decades. …


Updated — Testing out Knative Serving v0.16.0

Knative (pronounced kay-nay-tiv) is a serverless solution you can run on Kubernetes, except in our case it’s minikube. We are going to do some basic set up and testing so you can get your feet wet and figure out what the Knative hype is about.

Before we dive in, a very quick and rudimentary breakdown of the Knative components:

Serving — We will be using Istio and Kubernetes to deploy and serve serverless applications and functions.

Eventing — A system to loosely couple services. Design principles include leveraging consumers, producers, and brokers. …


Some changes you must know about before getting started.

After a 60 day break from working on all things #DevOps, I wanted to jump back in by refreshing my local environment. While spinning things up, I noticed Helm v3 was released back in November 2019.

After an internet search, I found this:

Some of my takeaways are…

  • Tiller has been removed. This is huge because as you saw in a previous post, managing RBAC permissions can get a bit out of hand. From the Helm website listed above:

With role-based access controls (RBAC) enabled by default in Kubernetes 1.6, locking…


Upgrading from v1.5.2 to v1.6.2

minikube told me there was an update

I feel like it’s been ages since I’ve played with Minikube. The last thing I remember is I was trying to write a post about serverless on minikube but my machine ran out of resources. I was back to pick up from where I left off but noticed there was a minikube update available so I thought I’d write a quick post to kick off the New Year!

Upgrade Minikube

The following commands will stop your minikube, upgrade your minikube binaries on windows, and then restarts minikube again.

minikube stop
choco upgrade minikube
minikube start


Another tool to help you release software

Skaffold is a command line tool that facilitates continuous development for Kubernetes applications. You can iterate on your application source code locally then deploy to local or remote Kubernetes clusters. Skaffold handles the workflow for building, pushing and deploying your application. It also provides building blocks and describe customizations for a CI/CD pipeline.

https://github.com/GoogleContainerTools/skaffold

Having deployed software for many years, I figured I’d give it a spin and see what it has to offer and how it is different from other tools/solutions.

Some back story…

I have been deploying software for a long time. I remember…

AirwaveTech

Helping you build the hardest parts of your Stack

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store