K8S Native Tools


Minikube

It has many addons

minikube addons list

--insecure-registry flag for private docker registry.
OR
registry-creads addon to use GCR ECR and private docker registry.  

Advanced topics: https://github.com/kubernetes/minikube/tree/master/docs

Kops

To manage production-grade k8s clusters using CLI on AWS etc. It creates configuration file, that can be used to create actual clusters. It is like kubectl for AWS. 

https://github.com/kubernetes/kops/tree/master/docs

kubeadm

Master Node needs : docker, kubeadm, kubelet, kubectl. Worker Node needs : Kubeadm
Master : kubeadm init It gives "joint token" to be used at worker node. with command kubeadm join

https://www.ianlewis.org/en/how-kubeadm-initializes-your-kubernetes-master

Dashboard

1. Manage k8s apps
2. troubleshoot issue with k8s apps
3. manage entire k8s cluster. 

It is add-on for Minikube and application for real K8s cluster. It needs kubectl proxy. 

https://github.com/kubernetes/dashboard

kubefed

1. sync resources across clusters
2. cross-cluster discovery (DNS and load balancer) 

With federated clustered we can have hybrid cloud and multi-vendor cloud. 

https://kubernetes.io/docs/tasks/federation/set-up-cluster-federation-kubefed/

Kompose

converts Docker compose to K8s objects like deployments and services

Docker -> Compose
K8s -> Replication Controller = deployments + replica sets
Rancher -> Cattle
Stack Engine -> applications and deployments


Github link: https://github.com/kubernetes/kompose
Architecture: http://kompose.io/architecture/

Helm

Installations and management of K8s apps. it is like package manager. 
chart = pre-configured k8s resources
Helm (client at local host) -> Tiller (server at K8s cluster) 

chart = 
1. chart.yml
2. Templates
3. values.yml

Kubernetes/Charts at github has list of important projects https://github.com/helm/charts

Helm charts: https://github.com/kubernetes/helm/blob/master/docs/charts.md
Stable charts: https://github.com/kubernetes/charts/tree/master/stable

Draft, Gitkube, Helm, Ksonnet, Metaparticle and Skaffold are some of the tools around that help developers build and deploy their apps on Kubernetes

kubectl

3 namespace always exists
1. default
2. kube-public
3. kube-system

Auto Complete

https://blog.hasura.io/kubectl-bash-completion-on-coreos-b147ae94ff10/
https://www.cyberciti.biz/faq/add-bash-auto-completion-in-ubuntu-linux/


Reference 

Kelsey Hightower: https://twitter.com/kelseyhightower
Kubernetes Docs: https://kubernetes.io/docs/home/
Kubernetes Slack: http://slack.k8s.io/
The CNCF: https://www.cncf.io/
CNCF Meetups: https://www.meetup.com/pro/cncf/
Kubeconf: http://events.linuxfoundation.org/events/kubecon
The agile admin: https://theagileadmin.com/

Identity and Access Management


Directory

1. Active Directory : Windows solution
2. LDAP Directory

Safeguard personal information Legal

1. Safe Harbor (US)
2. TRUSTe
3. GDPR (Europe) 

Programms

1. penetration tests
2. network scans
3. bug bounty 

Vulnerabilities

1. Open Web Application Security Project (OWASP) for Web Application Security
2. SANS Institute

Other initiatives

1. Health Insurance Portability and Accountability Act HIPAA to protect patient data
2. Gramm-Leach-Bliley Act GLBA for consumer financial information. Federal Financial institutions Examination Council FFIEC provides guidelines for it
3. National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity 
4. Family Educational Rights and Privacy Act (FERPA) to protect the privacy of student education records.
5. G-Cloud by UK government for cloud services. 
6. Federal Information Security Management Act (FISMA) defines a comprehensive framework to protect government information

Open Standards

1. Security Assertion Markup Language (SAML) for web browser Single Sign-On (SSO) using secure tokens. XML based protocol. No password needed. 
2. OpenID : Decentralized authentication protocol by 3rd party
3. OAuth. OpenID is built on OAuth. REST API using JSON
4.  System for Cross-Domain Identity Management SCIM to exchange user identity information. REST API using JSON or XML

KubeCon Seattle 2018 - Announcements


KubeCon Seattle 2018 - Announcements
(via CNCF)

Kubecon seattle 2018 recap


https://blog.openshift.com/openshift-commons-gathering-at-seattle-kubecon-2018-recap-with-video-and-slides/

https://www.cncf.io/blog/2018/12/14/closing-out-2018-with-a-top-notch-cloud-native-community-event/

https://www.forbes.com/sites/jasonbloomberg/2018/12/15/top-nine-vendor-highlights-from-kubecon/

https://aws.amazon.com/blogs/opensource/kubecon-seattle-2018-recap/

https://blogs.oracle.com/cloudnative/kubecon-2018-cloud-native-recaps-and-highlights

https://blog.openshift.com/podcast-podctl-reviewing-kubecon-seattle-2018/

https://www.storagereview.com/kubecon_2018_bits

https://www.ibm.com/blogs/bluemix/2018/12/highlights-ibm-cloud-kubecon-2018/

https://blog.openshift.com/podcast-podctl-reviewing-kubecon-seattle-2018/

https://medium.com/awesome-tech-confs/all-things-kubecon-and-cloudnativecon-seattle-2018-db84eb121217

https://chrisshort.net/my-kubecon-cloudnativecon-na-2018-recap/

https://thenewstack.io/this-week-on-the-new-stack-kubecon-highlights/

https://vexxhost.com/blog/recap-kubecon-2018-seattle/

https://diamanti.com/main-blog/kubecon-2018-recap/

UDS