Everyone can contribute! Learn DevOps and Cloud Native in our cafe ☕

Highlights

We are learning how to deploy and secure Kubernetes into Hetzner cloud in this series:

• 14. cafe: Provisioned the server and agent VMs with Terraform and Ansible in the first session with Max.
• 15. cafe: Deployed k3s as Kubernetes distribution with Max.
• 16. cafe: Learned about pods and the Hetzner load balancer with Max.
• 17. cafe: Ingress controller for load balancer cost savings with Max.
• 18. cafe: Get to know Kubernetes user authentication and authorization with RBAC with Niclas Mietz.
• 19. cafe: Break into Kubernetes Security with Philip Welz.
• 20. cafe: Securing Kubernetes with Kyverno with Philip Welz.
• 21. cafe: Secure Kubernetes with OpenID with Niclas Mietz.

In this session, we install Kiosk into an existing Kubernetes cluster.

• The Kubernetes cluster was prepared before the session, deployed with KubeOne/Terraform.
• Install Kiosk with Helm
• Kiosk account is similar to role binding
• Create spaces, and let Kiosk manage the required resources
• kubectl api-resource --namespaced to see API resources requiring a namespace definition in #kubernetes 💡
• Create deletable spaces
• Replicate certificates between Kubernetes namespaces with Kubed 🏗
• John wants to create multiple namespaces. We can limit him to only create 2 as quota. Quota management in multi-tenancy environments.
• Unlimited compute resources are the default. Again, quota management with resource and account quotas - allow only 2 pods, but request 3 - prohibited. 🔥

In the future, we’ll explore more Kubernetes topics:

• Automate our Kubernetes setup so that everyone can contribute :)
• CI/CD, IaC and GitOps with the GitLab Kubernetes Agent
• Hetzner storage volumes
• Monitoring with Prometheus, GitLab CI/CD deployments and much more :)

Insights

• Miro board
• Kubernetes group repos
• Repository with the Kubernetes cluster
• Twitter thread

Recording

Enjoy the session! 🦊

---

Date published: March 24, 2021