35 Advanced Tutorials to Learn Kubernetes — FAUN

If you are serious about learning Kubernetes, you should focus on in-depth tutorials and practical use cases. It’s not hard to find beginner contents about Kubernetes. In this list, we will identify some good posts to learn Kubernetes. We created another list of the best stories FAUN members written in publication, you can check it here.

Aymen Eon Amri
Dec 23, 2019 · 17 min read
Image for post
Image for post

This ranking does not follow any particular order.

Kubernetes — flat, NAT-less Networking

by ankur

So, how exactly does the does the Kubernetes achieves the flat and NAT-less network for an inter-pod communication? Well, not surprisingly it doesn’t. As it requires the Container Network Interface (CNI) plugin to set up the network.

Image for post
Image for post

Kubernetes Security — Are your Container Doors Open?

by Gourav Gulati

Container adoption in IT industry is on a dramatic growth. The surge in container adoption is the driving force behind the eagerness to get on board with the most popular orchestration platform around, organizations are jumping on the Kubernetes bandwagon to orchestrate and gauge their container workloads. It allows for continuous integration and delivery; handles networking, service discovery, and storage; and has the capability to do all that in multi-cloud environments.

Image for post
Image for post

Writing Your First Kubernetes Operator

by Xavier Coulon

In this article, we’ll see how to build and deploy your first Kubernetes Operator using the Operator SDK.

Image for post
Image for post

Using Kubernetes for Local Development — Minikube

by Aymen El Amri

If your ops team is using Docker and Kubernetes, it is recommended to adopt the same or similar technologies in development. This will reduce the number of incompatibility and portability problems and makes everyone consider the application contains a common responsibility of both Dev and Ops teams.

Image for post
Image for post

Production grade Kubernetes Monitoring using Prometheus

by VAIBHAV THAKUR

Monitoring is a crucial aspect of any Ops pipeline and for technologies like Kubernetes which is a rage right now, a robust monitoring setup can bolster your confidence to migrate production workloads from VMs to Containers.

Today we will deploy a Production grade Prometheus based monitoring system, in less than 5 minutes.

Image for post
Image for post

Configuring HA Kubernetes cluster on bare metal servers with kubeadm.

by Alexey Nizhegolenko

..in this article I wanna sort and share some experience about creating and using the internal Kubernetes cluster.

For the last few years this container orchestration tech made a great step forward and became a some kind of corporate standard for the thousands of companies. Some of them use it in production, some just test it inside their projects, but anyway there is a strong passion about it in IT community. So if you never used it before, it’s definitely time to start dive in to it.

Image for post
Image for post

A Gentle Introduction to Kubernetes

by Aymen El Amri

In this story, we’re going to use learn how to deploy Kubernetes services and Ambassador API gateway. We are going to examine the difference between Kubernetes proxies and service mesh like Istio. We will see how to access the Kubernetes API and discover some security pitfalls when building Docker images and many interesting things.

Image for post
Image for post

An Overall View On Docker Ecosystem — Containers, Moby, Swarm, Linuxkit, containerd & Kubernetes

by Aymen El Amri

The goal of this blog post (and the video) is sharing an overall view of container technologies. We’re not going through many technical details, instead of that, we’re going to have a global view on containers and Docker.

We’ve seen a lot of changes in Docker since its first version and this could be confusing for engineers and developers trying to learn this technology.

That’s why we’re going to see different concepts from the containers ecosystem, the relationship between them, an introduction to Docker as well as its most important milestones until 2018.

Google Kubernetes Engine; Explain Like I’m Five!

by Aymen El Amri

Creating your first managed Kubernetes cluster on Google Kubernetes Engine using Terraform, this is what we are going to cover in this tutorial.

Image for post
Image for post

Dockerize your Java Application

by Garrett Sweeney

As everyone and their brother moves to Kubernetes, its good to know how to Dockerize applications. This is a small tutorial on how to create a Dockerfile for a spring.io/guides project, build an image, push our image to dockerhub, and run our containerized application locally.

Image for post
Image for post

Security problems of Kops default deployments

by Josselin Costanzi

We have all seen the typical tutorial demonstrating how easy it is to deploy a Kubernetes Cluster on AWS using Kops. It’s almost a one-liner. In this article I’ll start from this one-liner and demonstrate several security flaws of the default deployment.

Exploiting theses flaws gives an attacker full cluster control. This means that a single app compromise becomes a full cluster compromise.

When thinking about security, you must think about defense in depth. The system must be conceived so that a breach somewhere can be contained. For a container management platform, this means that a breached container shouldn’t be able to access its host or other containers.

In this article I’ll show that a default Kops setup has no security in depth and how an attacker can use a single compromised container to gain access to everything in the cluster. I’ll also show you how to handle and fix theses security flaws to the best of my knowledge.

Image for post
Image for post

Playing with AKS & AAD

by Houssem Dellai

This quick workshop will walk you through configuring AKS with AAD to use RBAC to authenticate users.

Istio step-by-step, a 12-part series

by Nethmini Romina

Istio makes it easy to create a network of deployed services with load balancing, service-to-service authentication, monitoring, and more. Istio supports services by deploying a special sidecar proxy throughout the environment that intercepts all network communications between micro-services, then configure and manage Istio using control plane functionality which includes,

Automatic load balancing for HTTP, gRPC, WebSocket and TCP traffic.

** gRPC — a modern open-source high-performance RPC framework that can run in any environment

Fine-grained control of traffic behaviour with rich routing rules, retries, failovers and fault injection

A pluggable policy layer and configuration API supporting access controls, rate limits and quotas.

Automatic metrics, logs and traces for all traffic within a cluster, including cluster ingress and egress.

** cluster ingress — a collection of rules that allow inbound connections to reach the cluster services.

** cluster egress — a collection of rules that allow outbound connections to reach the cluster services.

Secure service-to-service communication in a cluster with strong identity-based authentication and authorization.

Image for post
Image for post

Highly Available and Scalable Elasticsearch on Kubernetes

by VAIBHAV THAKUR

In the previous post we learned about Stateful Sets by scaling a MongoDB Replica Set. In this post we will be orchaestrating a HA Elasticsearch cluster ( with different Master, Data and Client nodes ) along with ES-HQ and Kibana

Image for post
Image for post

How to Pass Certified Kubernetes Administrator (CKA) exam on first Attempt

by Prudhvi Godithi

I have recently had the opportunity to take the CKA Exam a few weeks ago and managed to clear it on my first attempt. I’ve complied few tips on how to clear CKA exam on your first attempt too.

Image for post
Image for post

Why I no longer use Terraform for Templating Kubernetes

by Christopher Stobie

One of the most important principles to being an engineer, is being able to admit when you are wrong. Well folks. I was wrong. Some of you may have read my previous blog post about Templating k8s with Terraform. Well since this time, I have come to understand the value of helm. If you recall this is a big transition from my earlier sentiments of “I have never understood the value of Helm”.

Image for post
Image for post

Scaling MongoDB on Kubernetes

by VAIBHAV THAKUR

We will deploy the following components for our MongoDB cluster:

- Daemon Set to configure HostVM

- Service Account and ClusterRole Binding for Mongo Pods

- Storage Class to provision persistent SSDs for the Pods

- Headless Service to access to Mongo Containers

- Mongo Pods Stateful Set

- GCP Internal LB to access MongoDB from outside the kuberntes cluster (Optional)

- Access to pods using Ingress (Optional)

Image for post
Image for post

How to Setup a Perfect Kubernetes Cluster using KOPS on AWS

by Krishna Modi

Kubernetes is currently the most popular container orchestration system and has definitely gained that popularity because of the amazing features and ease of container automation. Even though Kubernetes automates most of the container lifecycle processes, setting up a Kubernetes cluster has been a big pain point. With Kops, it makes setting up a cluster so darn easy that it just works without much hassle!

Even though Kops makes it a cake walk to create Kubernetes cluster, there are some best practices we need to ensure so that we create an optimal K8S cluster.

Today, I’ll walk you through the detailed steps to create a Kubernetes cluster with 3 master nodes and 2 worker nodes with 1 AWS On-demand instance and 1 AWS Spot instance within a private topology with multi-availability zones deployment.

Image for post
Image for post

How to Deploy a Express Node.js app on Kubernetes

by Brian Mathews

While container technology has existed for years, Docker really took it mainstream. A lot of companies and developers now use containers to ship their apps. Docker provides an easy to use interface to work with containers.

However, for any non-trivial application, you will not be deploying “one container”, but rather a group of containers on multiple hosts. In this article, we’ll take a look at Kubernetes, an open-source system for automating deployment, scaling, and management of containerised applications.

Image for post
Image for post

Kubernetes Headless service vs ClusterIP and traffic distribution

by ismail yenigül

Default Kubernetes service type is clusterIP, When you create a headless service by setting clusterIP None, no load-balancing is done and no cluster IP is allocated for this service. Only DNS is automatically configured. When you run a DNS query for headless service, you will get the list of the Pods IPs and usually client dns chooses the first DNS record.

Image for post
Image for post

How to Create an API Gateway using Ambassador on Kubernetes

by Krishna Modi

API Gateway is an important aspect in your Kubernetes deployment for your services. It acts as an single entry point and can help simplify a lot of tasks like Service Discovery, Distributed Tracing, Routing, Rate Limiting. It can offer a great flexibility and better configuration for your services.

Envoy is one of the very popular API gateways currently available which can handle extensive loads. With Kubernetes, Ambassador is the most popular and efficient way to use Envoy.

Today, I’ll walk you through the detailed steps to deploy Ambassador on a Kubernetes cluster we deployed in my previous post, and configure it to use AWS load balancer for incoming traffic and route it to various services based on rules.

Image for post
Image for post

How to inject chaos on Kubernetes resources using LitmusChaos

by Raj Babu Das

It’s very difficult to handle failures when your application is in production. If your application somehow fails while in production, it cost you a lot. So, your application should be fault-tolerant to handle this kind of situations. Here is the solution for this kind of situations.

In this is a hands-on tutorial, I am going to inject chaos on any Kubernetes resources to check its fault-tolerant state. Here I am using a chaos tool i.e LitmusChaos for this tutorial. so, here we start.

Image for post
Image for post

Get Started with Istio and Kubernetes

by Sofyan Hadi Ahmad

In this article, I will show you how to run Istio on Kubernetes. Istio is an open platform that provides a uniform way to connect, manage, and secure microservices. Istio supports managing traffic flows between microservices, enforcing access policies, and aggregating telemetry data, all without requiring changes to the microservice code

Image for post
Image for post

Rancher : One place for all Kubernetes Clusters

by Saiyam Pathak

Rancher is open-source software for delivering Kubernetes-as-a-Service.

Managing kubernetes clusters running in different cloud providers was never an easy task until Rancher came. So what exactly is Rancher , Rancher is an open source platform where you can create the cluster in different clouds or import an existing one as well. Today I will tell you how to spin up a kubernetes cluster in Google cloud, AWS Cloud and how to import a cluster from Oracle Cloud. All these three clusters you will be able to see and manage from one place itself which is nothing but Rancher Dashboard. Rancher have wide variety of tools and the company is coming up with more and more cool open source projects including the k3os.io that they recently launched . I will show you the creation of kubernetes cluster from rancher and how easy monitoring and deployments can be done via Rancher Dashboard.

Image for post
Image for post

Application Rollout Strategies — Kubernetes & Istio

by Gokul Chandra

As most modern software developers can attest, container orchestration systems such as Kubernetes have provided users with dramatically more flexibility for running cloud-native based applications as microservices on physical and virtual infrastructures. Sometimes deploying an application to all machines in the environment at once, it is better to deploy the application in batches. In production environments, reducing the downtime and risk while releasing newer versions becomes business critical. This is especially critical in production applications with live end-user traffic all the time like a website and related components which are critical to business, such as a e-commerce, banking or investment website.

These applications almost always have frequent deployments. For example, a mobile application or an consumer web application may undergo several changes within a month. Some are even deployed to production multiple times a day. The speed at which you constantly update your application and deploy it’s new features to the users plays a significant role in maintaining consistence.

Application deployment becomes more complicated the more the product grows. Deployment of a new application thus may mean deployment of new infrastructure code with it. A deployment strategy determines the deployment process, and is defined by the deployment configuration that a user provides while hosting the application on Kubernetes.

Image for post
Image for post

Ballerina makes Kubernetes more “Boring”

by Lakmal Warusawithana

We wanted to have some kind of distinctive way to connect these two worlds. Ballerina Kuburnetes annotation is the outcome of thinking out of the box to solve this problem. Ballerina is an open-source programming language optimized to write cloud-native applications such as microservice. It is intended to be the core of a language-centric middleware platform. It has all the general-purpose functionality expected of a modern programming language, but it also has several unusual aspects that make it particularly suitable for its intended purpose.

Image for post
Image for post

Could a Kubernetes Operator become the guardian of your ConfigMaps

by Carlos Vicens

All this started as a by-product of a meeting I had recently with a customer and also from a conversation I had with a partner. Both events triggered the need of managing configuration in a kubernetes namespace, and because I have been invo…

Just to give you a bit of context…

The meeting with the customer was focused on new Openshift features around Ops, and most of the time was spent on Kubernetes Operators, why, how, etc. In fact it was conducted as a lab where we used the Prometheus Operator, I’m referring to this short lab. What is curious is that the relevant outcome of the meeting came from a side conversation about their CI/CD pipelines and specifically about configuration management… at that moment I thought what if we use an operator to ensure that configuration is as defined in the git repository.

The conversation with the partner happened around the same week… again a side conversation (how important is wandering around every now and then ;-) this time it was about creating some kind of archetype to speed up the first moves of a new project forced me to develop the operator. The key concept of the side conversation was GitOps, a new concept for me that fitted perfectly with the previous conversation about configuration management.

So I decided to prove that this all made sense… and here’s the result.

Image for post
Image for post

How to Setup Scalable Jenkins on Kubernetes

by Kasun Sameera

Why do we want to run Jenkins in kubernetes? That might be your first question. You might not find a requirement to run Jenkins in K8s strait away. When your codebase grows larger or run many jobs parallelly, Jenkins will grow very largely. This will slow down your builds and lead to unnecessary resource utilization. Let’s assume that you have 3 Jenkins slaves and each can run 3 job parallelly. Then you can run maximum 9 jobs parallelly, other jobs have to wait. Solution for these is scaling Jenkins.

Scaling Jenkins is vey easy. Jenkins has scaling feature out-fo-the-box. Jenkins comes with master/slave mode. Master is responsible for maintaining jobs, users, configurations, scheduling jobs in slaves and etc… Slaves are Jenkins agents, their primary task is executing jobs scheduled by the master.

Every one knows K8s is container orchestration platform. So I’m going to implement this solution in K8s using its features.

Image for post
Image for post

Kubernetes pod security 101

by Scott Coulton

In this blog post, we will look at applying the basic security policies to our deployments within Kubernetes. We are going to only look at three security settings. These really don’t need a massive understanding of the underlying Linux security subsystems like AppArmor or SELinux but give the most bang for your buck when deploying your applications.

This blog post assumes that you already have a Kubernetes cluster up and running. If not you can deploy one on in the cloud with aks or locally with minikube.

Before we jump into the security context that we will set we will first deploy a simple web application that uses the Golang HTTP package to host an HTML file. The source code for the application can be found here

To deploy our web application we will use the following..

Image for post
Image for post
Photo by Bernard Hermant on Unsplash

Kubernetes vs Docker Swarm. Who’s the bigger and better?

by Cloud_Freak

Container orchestration is fast evolving and Kubernetes and Docker Swarm are the two major players in this field. Both Kubernetes and Docker Swarm are important tools that are used to deploy containers inside a cluster. Kubernetes and Docker Swarm has many their prominent niche USPs and Pros in the field and they are here to stay. Though both of them have quite a different and unique way to meet the goals, at the end of the day their endpoint remains quite near.

Image for post
Image for post

Exploring CICD in Kubernetes Cluster — AWS Part

by Johanes Glenn

The speech from Kelsey Hightower always ringing into my head as he spoke about installing Kubernetes cluster and giving kubectl is not the end game of this Kubernetes landscape. How the developer can actually focus in coding instead of thinking on how to navigate + manage Kubernetes through kubectl (which is not that easy in the beginning of adoption) is the main focus. So with that in mind we try to create actually an automation (or pipeline) which starts from

- Taking codes from our Git

- and process it (complie, build, etc)

- put it into registry

- and finally deploy it into Cluster.

Image for post
Image for post

Deploying and Scaling Jenkins on Kubernetes

by Anup Dubey

In this post, I’m going to set up Jenkins on the Kubernetes cluster. Here I’ll be using Helm to install Jenkins.

Image for post
Image for post

Standardizing deployment patterns using Helm Chart

by Kenichi Shibata

Why standard workflows? Most of the time our workflows are repetitions of what came before us. This means that any webserver will have the same requirements. A cronjob will need a the generic non-functional requirements as any other cron job.

Image for post
Image for post

Don’t forget to check the Part II of this series.

Install KubeSphere on GKE cluster

by Feynman

This guide walks you throungh the steps of KubeSphere minimal installation on Google Kubernetes Engine.

KubeSphere is an enterprise-grade multi-tenant container platform that built on Kubernetes , it’s an open source project that supports installing on Linux and Kubernetes . It provides an easy-to-use UI for users to manage Kubernetes resources with a few clicks, which reduces the learning curve and empowers the DevOps teams. It greatly reduces the complexity of the daily work of development, testing, operation and maintenance, aiming to alleviate the pain points of Kubernetes’ storage, network, security and ease of use, etc.

Image for post
Image for post

Connect Deeper

From security, networking to storage and common operations, the above tutorials and stories from our wonderful community are great resources to learn Kubernetes and go beyond the basics.

Would you like to read more similar content? Subscribe to our newsletters and join our community team-chat on Slack.

⚡⚡ Do you have tutorials and stories you would like to share with us? Use our submission form and we will review and post your stories in this publication.

⚡⚡⚡ Are you looking for more practical use cases to dive deeper into the Kubernetes and the orchestration ocean? You can preorder “Learn Kubernetes by Building 10 Projects” and profit from our time-limited 80% discount!

FAUN

The Must-Read Publication for Creative Developers & DevOps Enthusiasts

Sign up for FAUN

By FAUN

Medium’s largest and most followed independent DevOps publication. Join thousands of aspiring developers and DevOps enthusiasts Take a look.

By signing up, you will create a Medium account if you don’t already have one. Review our Privacy Policy for more information about our privacy practices.

Check your inbox
Medium sent you an email at to complete your subscription.

Aymen Eon Amri

Written by

Founder and CEO of www.eralabs.io and www.faun.dev community. Tech author, cloud-native architect, entrepreneur, and startup advisor

FAUN

FAUN

The Must-Read Publication for Creative Developers & DevOps Enthusiasts. Medium’s largest DevOps publication.

Aymen Eon Amri

Written by

Founder and CEO of www.eralabs.io and www.faun.dev community. Tech author, cloud-native architect, entrepreneur, and startup advisor

FAUN

FAUN

The Must-Read Publication for Creative Developers & DevOps Enthusiasts. Medium’s largest DevOps publication.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store