brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-09 05:44:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: placeholders for kubernetes applications

Browse Source
This commit is contained in:
Michele Cereda
2023-11-13 04:30:55 +01:00
parent 7c72e4e5fb
commit 9e877aa38f
5 changed files with 130 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -4,6 +4,8 @@
!.vscode/extensions.json !.vscode/extensions.json
!.vscode/settings.json !.vscode/settings.json
.obsidian/
.vagrant/ .vagrant/
.terraform/ .terraform/

31
knowledge base/kubernetes/README.md
View File

@@ -191,24 +191,24 @@ Also see [configuration best practices] and the [production best practices check
- Avoid workloads and nodes fail due limited resources being available.<br/> - Avoid workloads and nodes fail due limited resources being available.<br/>
Set [resource requests and limits][resource management for pods and containers] to reserve a minimum amount of resources for pods and limit their hogging abilities. Set [resource requests and limits][resource management for pods and containers] to reserve a minimum amount of resources for pods and limit their hogging abilities.
- Prefer smaller container images. - Prefer smaller container images.
- Prioritize critical workloads. - Prioritize critical workloads.<br/>
Quality of service. Quality of service.
- Instrument applications to detect and respond to the SIGTERM signal. - Instrument applications to detect and respond to the SIGTERM signal.
- Avoid using bare pods.<br/> - Avoid using bare pods.<br/>
Prefer defining them as part of a replica-based resource, like Deployments, StatefulSets, ReplicaSets or DaemonSets. Prefer defining them as part of a replica-based resource, like Deployments, StatefulSets, ReplicaSets or DaemonSets.
- Restrict traffic between objects in the cluster. - Restrict traffic between objects in the cluster.<br/>
Network policies. [Network policies].
- Reduce container privileges. - Reduce container privileges.
- Leverage autoscalers. - Leverage autoscalers.
- Pod disruption budgets. - Pod disruption budgets.
- Try to use all nodes possible. - Try to use all nodes possible.<br/>
Affinities, taint and tolerations. Affinities, taint and tolerations.
- Push for automation. - Push for automation.<br/>
GitOps. GitOps.
- Apply the principle of least privilege.<br/> - Apply the principle of least privilege.<br/>
Role-based access control (RBAC). Role-based access control (RBAC).
- Continuously audit events and logs regularly, also for control plane components. - Continuously audit events and logs regularly, also for control plane components.
- Protect the cluster's ingress points. - Protect the cluster's ingress points.<br/>
Firewalls, web application firewalls, application gateways. Firewalls, web application firewalls, application gateways.
## Quality of service ## Quality of service
@@ -519,18 +519,29 @@ Concepts:
- [Container capabilities in Kubernetes] - [Container capabilities in Kubernetes]
- [Kubernetes SecurityContext Capabilities Explained] - [Kubernetes SecurityContext Capabilities Explained]
- [Best practices for pod security in Azure Kubernetes Service (AKS)] - [Best practices for pod security in Azure Kubernetes Service (AKS)]
- [Network policies]
Tools: Tools:
- [`kubectl`][kubectl] - [`kubectl`][kubectl]
- [`helm`][helm] - [`helm`][helm]
- [`helmfile`][helmfile] - [`helmfile`][helmfile]
- [`kustomize`][kustomize]
- [`kubeval`][kubeval] - [`kubeval`][kubeval]
- `kube-score` - `kube-score`
- [`kubectx`+`kubens`][kubectx+kubens] (alternative to [`kubie`][kubie]) - [`kubectx`+`kubens`][kubectx+kubens] (alternative to [`kubie`][kubie])
- [`kube-ps1`][kube-ps1] - [`kube-ps1`][kube-ps1]
- [`kubie`][kubie] (alternative to [`kubectx`+`kubens`][kubectx+kubens] and [`kube-ps1`][kube-ps1]) - [`kubie`][kubie] (alternative to [`kubectx`+`kubens`][kubectx+kubens] and [`kube-ps1`][kube-ps1])
- [k3s] - [k3s]
- [minikube]
Applications:
- [cert-manager]
- [external-dns]
- [flux]
- [istio]
- [keda]
Others: Others:
@@ -589,12 +600,20 @@ All the references in the [further readings] section, plus the following:
<!-- Knowledge base --> <!-- Knowledge base -->
[azure kubernetes service]: ../azure/aks.md [azure kubernetes service]: ../azure/aks.md
[cert-manager]: cert-manager.md
[create an admission webhook]: ../../examples/kubernetes/create%20an%20admission%20webhook/README.md [create an admission webhook]: ../../examples/kubernetes/create%20an%20admission%20webhook/README.md
[external-dns]: external-dns.md
[flux]: flux.md
[helm]: helm.md [helm]: helm.md
[helmfile]: helmfile.md [helmfile]: helmfile.md
[istio]: istio.md
[k3s]: k3s.md [k3s]: k3s.md
[keda]: keda.md
[kubectl]: kubectl.md [kubectl]: kubectl.md
[kubeval]: kubeval.md [kubeval]: kubeval.md
[kustomize]: kustomize.md
[minikube]: minikube.md
[network policies]: network%20policies.md
[prometheus on kubernetes using helm]: ../../examples/kubernetes/prometheus%20on%20k8s%20using%20helm.md [prometheus on kubernetes using helm]: ../../examples/kubernetes/prometheus%20on%20k8s%20using%20helm.md
[terraform]: ../terraform.md [terraform]: ../terraform.md
[velero]: velero.md [velero]: velero.md

35
knowledge base/kubernetes/cert-manager.md Normal file
View File

@@ -0,0 +1,35 @@
# cert-manager
FIXME
## Table of contents <!-- omit in toc -->
1. [TL;DR](#tldr)
1. [Further readings](#further-readings)
1. [Sources](#sources)
## TL;DR
## Further readings
- [Website]
- [Github]
## Sources
All the references in the [further readings] section, plus the following:
<!--
References
-->
<!-- Upstream -->
[github]: https://github.com/cert-manager/cert-manager
[website]: https://cert-manager.io/
<!-- In-article sections -->
[further readings]: #further-readings
<!-- Knowledge base -->
<!-- Files -->
<!-- Others -->

33
knowledge base/kubernetes/external-dns.md Normal file
View File

@@ -0,0 +1,33 @@
# ExternalDNS
FIXME
## Table of contents <!-- omit in toc -->
1. [TL;DR](#tldr)
1. [Further readings](#further-readings)
1. [Sources](#sources)
## TL;DR
## Further readings
- [Github]
## Sources
All the references in the [further readings] section, plus the following:
<!--
References
-->
<!-- Upstream -->
[github]: https://github.com/kubernetes-sigs/external-dns
<!-- In-article sections -->
[further readings]: #further-readings
<!-- Knowledge base -->
<!-- Files -->
<!-- Others -->

35
knowledge base/kubernetes/kustomize.md Normal file
View File

@@ -0,0 +1,35 @@
# Kustomize
FIXME
## Table of contents <!-- omit in toc -->
1. [TL;DR](#tldr)
1. [Further readings](#further-readings)
1. [Sources](#sources)
## TL;DR
## Further readings
- [Website]
- [Github]
## Sources
All the references in the [further readings] section, plus the following:
<!--
References
-->
<!-- Upstream -->
[github]: https://github.com/kubernetes-sigs/kustomize
[website]: https://kustomize.io/
<!-- In-article sections -->
[further readings]: #further-readings
<!-- Knowledge base -->
<!-- Files -->
<!-- Others -->