Kubernetes

Found our AWS access keys in a public GitHub repo last month. Fun times. Here’s how it happened and what we actually did to prevent it. How we leaked them Developer needed to add an API key to a Kubernetes service. Did this: # deployment.yaml - DON'T DO THIS apiVersion: apps/v1 kind: Deployment metadata: name: api-service spec: template: spec: containers: - name: api env: - name: AWS_ACCESS_KEY value: "AKIAIOSFODNN7EXAMPLE" # 🚨 Plaintext in git! - name: AWS_SECRET_KEY value: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" Committed it. Pushed it. Public repo. Keys were active for 6 hours before AWS alerted us to unusual activity. ...

Kubernetes is powerful, but it’s also complex. This is my journey of trying to build a “simple” Kubernetes stack and the lessons learned along the way. The Goal I wanted to create a simple, maintainable Kubernetes setup for a small to medium-sized application. The requirements were: Easy to understand and maintain Cost-effective Scalable when needed Developer-friendly What I Started With Initial Stack Kubernetes: EKS (AWS) Ingress: NGINX Ingress Controller Database: Managed PostgreSQL (RDS) Monitoring: Prometheus + Grafana Logging: ELK Stack CI/CD: GitLab CI The Reality Check Complexity Crept In What started as “simple” quickly became complex: ...

Kubernetes provides several deployment strategies to ensure zero-downtime updates and safe rollouts of new application versions. Understanding these strategies is crucial for maintaining reliable production systems. Deployment strategy overview Kubernetes deployment strategies determine how new versions of your application replace old ones. The choice depends on: Risk tolerance: How critical is zero downtime? Traffic patterns: Can you route traffic to multiple versions? Rollback speed: How quickly can you revert if issues occur? Resource constraints: Can you run multiple versions simultaneously? Rolling update (default) The default Kubernetes deployment strategy gradually replaces old pods with new ones. ...