Learn about Kubernetes networking!| docs.tigera.io
Get a clear overview of Kubernetes Services, including types, use cases, and best practices for configuring and managing kubernetes services at scale.| Blog | Plural
Kube dns -> link-local -> tcpdump -> sudo| Jack's home on the web
The architectural concepts behind Kubernetes.| Kubernetes
In Kubernetes, namespaces provide a mechanism for isolating groups of resources within a single cluster. Names of resources need to be unique within a namespace, but not across namespaces. Namespace-based scoping is applicable only for namespaced objects (e.g. Deployments, Services, etc.) and not for cluster-wide objects (e.g. StorageClass, Nodes, PersistentVolumes, etc.). When to Use Multiple Namespaces Namespaces are intended for use in environments with many users spread across multiple te...| Kubernetes
Kubernetes pods /etc/resolv.conf ndots:5 option and why it may negatively affect your application performances| pracucci.com
This blog explores Kubernetes DNS, focusing on service discovery. It covers differences between DNS implementations such as musl and glibc.| Povilas Versockas
Thanks in part to Linkerd’s performance numbers and stellar security audit report, there’s been a recent surge of interest in Linkerd2-proxy, the underlying proxy used by Linkerd. I’ve been working on Linkerd2-proxy for the majority of my time as a Linkerd maintainer so this topic is near and dear to my heart. In this article, I’m going to shed a little more light on what Linkerd2-proxy is and how it works. The proxy is arguably the most critical component of a service mesh. It scales...| Linkerd
Written by| johnhame.link
A StatefulSet runs a group of Pods, and maintains a sticky identity for each of those Pods. This is useful for managing applications that need persistent storage or a stable, unique network identity.| Kubernetes
This page provides hints on diagnosing DNS problems. Before you begin You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. It is recommended to run this tutorial on a cluster with at least two nodes that are not acting as control plane hosts. If you do not already have a cluster, you can create one by using minikube or you can use one of these Kubernetes playgrounds:| Kubernetes
Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within your organization. RBAC authorization uses the rbac.authorization.k8s.io API group to drive authorization decisions, allowing you to dynamically configure policies through the Kubernetes API. To enable RBAC, start the API server with the --authorization-config flag set to a file that includes the RBAC authorizer; for example: apiVersion: apiserver.| Kubernetes
Expose an application running in your cluster behind a single outward-facing endpoint, even when the workload is split across multiple backends.| Kubernetes
)
+ tl;dr - I upgraded traefik and added some resources (IngressRoute, Middleware) to get a better security score from Mozilla’s (HTTP) Observatory. The upgrade from 2.2.0-rc1 to 2.3.2 came with a few breaking changes so it was a bit involved (see Traefik v1 to v2 docs and also the general v2.x migration docs) I recently came across an insanely helpful and concise Written by Sam Texas from simplecto.com post while surfing r/Traefik subreddit.| vadosware.io