How NOT to Start with Kubernetes


Authors:   Christian Heckelmann


Best practices for running workloads in Kubernetes
  • Proper validation and policies should be implemented to ensure security and stability
  • Developers should be familiar with local development tools and avoid using 'latest' tags for images
  • Private registries and base images should be used for better control and security
The speaker mentioned an example of a deployment that requested 12 CPUs and 128 GB of memory for small microservices written in Go, which was excessive and could cause issues with resource allocation. They also emphasized the importance of using a secret store for sensitive information and avoiding putting secrets in plaintext environment variables.


To k8s or not? THAT should be the first question you answer before considering moving your workloads to k8s. Granted – in many cases - Kubernetes is going to be the right choice but don’t just default to k8s because its hip or cool. When starting with Kubernetes you will run into many challenging situations or must make important decisions that will impact the way you will benefit or not benefit from k8s, that will decide whether you have sleepless nights or whether you can enjoy your evenings and weekends with friends and family! I, Christian Heckelmann, would have loved to know a lot more about Kubernetes networking, resource limits, the importance of training people upfront, providing templates, security, the CNCF landscape and more. 2 years ago, I started my journey as DevOps engineer setting up k8s 1.9 on bare metal. In this talk I recap my lessons learned in the hope that everyone that starts with k8s doesn’t start off in the wrong direction.


Post a comment

Related work

Conference:  Defcon 31
Authors: Scott "Duckie" Melnick Principal Security Research and Development, Bulletproof International

Authors: Marky Jackson, Nabarun Pal, Kaslin Fields, Madhav Jivrajani