weekly k8s: Aug -02

This series will give you a quick glance at the curated list of events happening in the Kubernetes world and keep yourself up-to-date on a weekly basis. As well as a dedicated section focusing mainly on Kubernetes developers, Admin & DevOps. Let's get in…

weekly k8s

Latest News & Announcements

• CNCF announced new certification CKS ( certified Kubernetes Security Specialist) this certification is tailored to focus on the growing demand for Kubernetes security aspects. for more details about CKS https://www.cncf.io/blog/2020/07/15/certified-kubernetes-security-specialist-cks-coming-in-november/
• Google Traffic Director supports proxy less gRPC. In short, Traffic Director is GCP Managed control plane for the global service mesh( across the VM & k8s container).with the new proxy-less gRPC the traffic director can directly talk to end gRPC microservices through xDS API, which eliminates the sidecar proxy overheads. you can refer to the below link for more details: https://cloud.google.com/blog/products/networking/traffic-director-supports-proxyless-grpc
• New VS Code Docker Extension, can help you to develop & deploy your Docker containers directly into your Azure Container Instances. https://cloudblogs.microsoft.com/opensource/2020/07/22/vs-code-docker-extension-azure-containers-instances/
• Contour (VMware Open source High-Performance Ingress Controller ) joins CNCF Incubation.
• Lyft, open sources clutch, web app for managing cloud-native infrastructure like EC2, K8s, Envoy etc..,
• Carbonates introduce cloud-native container application security testing (CAST)-as-a-Service solution. In short, Carbonates provides the most comprehensive container analysis service, simultaneously analyzing all aspects of the container’s contents: open source (SCA: vulnerabilities, licensing, and dependencies), native code (vulnerabilities and secrets), as well as configuration and malware. By leveraging Kubernetes’ automated scaling, the analysis runs in parallel for industry-leading performance.

Upcoming Events

• Full pass: KubeCon + Cloud Native Con, Europe 2020, Fully Virtual event. charges $75.
• Keynote + Expo Hall Only: Complimentary!

Let's discuss some of the interesting K8s CVE(Common Vulnerabilities and Exposures) which got fixed around this week.

• CVE-2020–8557 Any clusters allowing pods with sufficient privileges to write to their own /etc/hosts files are affected. If a pod writes a large amount of data to the /etc/hosts file, it could fill the storage space of the node and cause the node to fail.
• CVE-2020–8559 If an attacker is able to intercept certain requests to the Kubelet, they can send a redirect response that may be followed by a client using the credentials from the original request. This can lead to the compromise of other nodes.

Dev central

This week, Dev central we are going to see how to use GoLang SDK to access the Kubernetes cluster. This is multi-part series where we start with GoLang SDK and going forward start creating production-grade Kubernetes application step by step in upcoming weeks.

Simple GoLang Program to list the pod in k8s!

Pre-requisite

• I assume that you have k8s cluster config available at the default path ~/.kube/config
• Fair understanding of GoLang & K8s building blocks

we will be using GoLang K8s SDK to list the pods, glide for go Lang dependency management.

The getKubeHandle() in utils.go returns the client set & CoreV1().Pods will get you the Pod details. Git hub code is self-explanatory, let me know if you face any issues or any doubts in the comment section.

you can reference SDK docs for the complete reference

package main
import (
"fmt"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"github.com/urfave/cli"
)
func crudOperation(c *cli.Context) {
fmt.Println("Running CRUD Example")
cs := getKubeHandle()
pods, err := cs.CoreV1().Pods("").List(metav1.ListOptions{})
if err != nil {
fatal(fmt.Sprintf("error getting list of pods: %v", err))
}
fmt.Println("## Pods ##")
for i, pod := range pods.Items {
fmt.Printf("%d) %v \n", i, pod.Name)
}
}

Output

./wk8s crud
Running CRUD Example
## Pods ##
0) nginx-76df748b9–4mwt4
1) nginx-76df748b9-zdbvs

The complete working code is available at https://github.com/tamilhce/weeklyk8s/tree/master/k8sClientListPod

References :

• https://github.com/kubernetes/client-go
• https://medium.com/programming-kubernetes/building-stuff-with-the-kubernetes-api-part-4-using-go-b1d0e3c1c899

Admin central

In this week's admin central section, we will see how to use k9s, simple terminal UI to manage Your Kubernetes. I found it is an exciting and handy tool to manage your cluster.

Features

• Tracks in real-time activities of resources running
• Tracks real-time metrics associates with resources such as pods, containers and nodes.
• Built-in Benchmarking — You can benchmark your HTTP services/pods directly from K9s

For Further reference: https://github.com/derailed/k9s

Installation:

# Via Homebrew(for Mac/Linux) 
 brew install derailed/k9s/k9s
# Via scoop( for windows) 
scoop install k9s

For a detailed installation guide: https://k9scli.io/topics/install/

once you have installed, hit k9s in your terminal will take you to the screen to terminal UI dashboard, by default it reads the cluster config ~/.kube/config. In my case, I have only one cluster.

K9s Terminal UI

keys to remember

<esc> -To Move back

shift + ?-Help

shift : quit -To quit k9s

It's very straight forward to use without remembering the kubectl commands.

That's all for the week, stay tuned!