chore: placeholders for kubernetes applications

2026-02-08 21:34:25 +00:00 · 2023-11-13 04:30:55 +01:00
parent 7c72e4e5fb
commit 9e877aa38f
5 changed files with 130 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -4,6 +4,8 @@
 !.vscode/extensions.json
 !.vscode/settings.json

+.obsidian/
+
 .vagrant/

 .terraform/
--- a/base/kubernetes/README.md
+++ b/base/kubernetes/README.md
@@ -191,24 +191,24 @@ Also see [configuration best practices] and the [production best practices check
 - Avoid workloads and nodes fail due limited resources being available.<br/>
  Set [resource requests and limits][resource management for pods and containers] to reserve a minimum amount of resources for pods and limit their hogging abilities.
 - Prefer smaller container images.
- Prioritize critical workloads.
+- Prioritize critical workloads.<br/>
  Quality of service.
 - Instrument applications to detect and respond to the SIGTERM signal.
 - Avoid using bare pods.<br/>
  Prefer defining them as part of a replica-based resource, like Deployments, StatefulSets, ReplicaSets or DaemonSets.
- Restrict traffic between objects in the cluster.
-  Network policies.
+- Restrict traffic between objects in the cluster.<br/>
+  [Network policies].
 - Reduce container privileges.
 - Leverage autoscalers.
 - Pod disruption budgets.
- Try to use all nodes possible.
+- Try to use all nodes possible.<br/>
  Affinities, taint and tolerations.
- Push for automation.
+- Push for automation.<br/>
  GitOps.
 - Apply the principle of least privilege.<br/>
  Role-based access control (RBAC).
 - Continuously audit events and logs regularly, also for control plane components.
- Protect the cluster's ingress points.
+- Protect the cluster's ingress points.<br/>
  Firewalls, web application firewalls, application gateways.

 ## Quality of service
@@ -519,18 +519,29 @@ Concepts:
 - [Container capabilities in Kubernetes]
 - [Kubernetes SecurityContext Capabilities Explained]
 - [Best practices for pod security in Azure Kubernetes Service (AKS)]
+- [Network policies]

 Tools:

 - [`kubectl`][kubectl]
 - [`helm`][helm]
 - [`helmfile`][helmfile]
+- [`kustomize`][kustomize]
 - [`kubeval`][kubeval]
 - `kube-score`
 - [`kubectx`+`kubens`][kubectx+kubens] (alternative to [`kubie`][kubie])
 - [`kube-ps1`][kube-ps1]
 - [`kubie`][kubie] (alternative to [`kubectx`+`kubens`][kubectx+kubens] and [`kube-ps1`][kube-ps1])
 - [k3s]
+- [minikube]
+
+Applications:
+
+- [cert-manager]
+- [external-dns]
+- [flux]
+- [istio]
+- [keda]

 Others:

@@ -589,12 +600,20 @@ All the references in the [further readings] section, plus the following:

 <!-- Knowledge base -->
 [azure kubernetes service]: ../azure/aks.md
+[cert-manager]: cert-manager.md
 [create an admission webhook]: ../../examples/kubernetes/create%20an%20admission%20webhook/README.md
+[external-dns]: external-dns.md
+[flux]: flux.md
 [helm]: helm.md
 [helmfile]: helmfile.md
+[istio]: istio.md
 [k3s]: k3s.md
+[keda]: keda.md
 [kubectl]: kubectl.md
 [kubeval]: kubeval.md
+[kustomize]: kustomize.md
+[minikube]: minikube.md
+[network policies]: network%20policies.md
 [prometheus on kubernetes using helm]: ../../examples/kubernetes/prometheus%20on%20k8s%20using%20helm.md
 [terraform]: ../terraform.md
 [velero]: velero.md
--- a/base/kubernetes/cert-manager.md
+++ b/base/kubernetes/cert-manager.md
@@ -0,0 +1,35 @@
+# cert-manager
+
+FIXME
+
+## Table of contents <!-- omit in toc -->
+
+1. [TL;DR](#tldr)
+1. [Further readings](#further-readings)
+1. [Sources](#sources)
+
+## TL;DR
+
+## Further readings
+
+- [Website]
+- [Github]
+
+## Sources
+
+All the references in the [further readings] section, plus the following:
+
+<!--
+  References
+  -->
+
+<!-- Upstream -->
+[github]: https://github.com/cert-manager/cert-manager
+[website]: https://cert-manager.io/
+
+<!-- In-article sections -->
+[further readings]: #further-readings
+
+<!-- Knowledge base -->
+<!-- Files -->
+<!-- Others -->
--- a/base/kubernetes/external-dns.md
+++ b/base/kubernetes/external-dns.md
@@ -0,0 +1,33 @@
+# ExternalDNS
+
+FIXME
+
+## Table of contents <!-- omit in toc -->
+
+1. [TL;DR](#tldr)
+1. [Further readings](#further-readings)
+1. [Sources](#sources)
+
+## TL;DR
+
+## Further readings
+
+- [Github]
+
+## Sources
+
+All the references in the [further readings] section, plus the following:
+
+<!--
+  References
+  -->
+
+<!-- Upstream -->
+[github]: https://github.com/kubernetes-sigs/external-dns
+
+<!-- In-article sections -->
+[further readings]: #further-readings
+
+<!-- Knowledge base -->
+<!-- Files -->
+<!-- Others -->
--- a/base/kubernetes/kustomize.md
+++ b/base/kubernetes/kustomize.md
@@ -0,0 +1,35 @@
+# Kustomize
+
+FIXME
+
+## Table of contents <!-- omit in toc -->
+
+1. [TL;DR](#tldr)
+1. [Further readings](#further-readings)
+1. [Sources](#sources)
+
+## TL;DR
+
+## Further readings
+
+- [Website]
+- [Github]
+
+## Sources
+
+All the references in the [further readings] section, plus the following:
+
+<!--
+  References
+  -->
+
+<!-- Upstream -->
+[github]: https://github.com/kubernetes-sigs/kustomize
+[website]: https://kustomize.io/
+
+<!-- In-article sections -->
+[further readings]: #further-readings
+
+<!-- Knowledge base -->
+<!-- Files -->
+<!-- Others -->