- 24
- 101 212
Lukonde Mwila
Приєднався 17 сер 2011
Welcome to my personal UA-cam channel!
I have experience in application development, solution architecture, cloud engineering, and DevOps workflows. I'm a life-long learner and I'm passionate about sharing knowledge.
On this channel, you'll find content based on cloud-native technology, containers, Docker, Kubernetes, Terraform, AWS, DevOps workflows, and more.
I hope you enjoy the content and learn a lot!
I have experience in application development, solution architecture, cloud engineering, and DevOps workflows. I'm a life-long learner and I'm passionate about sharing knowledge.
On this channel, you'll find content based on cloud-native technology, containers, Docker, Kubernetes, Terraform, AWS, DevOps workflows, and more.
I hope you enjoy the content and learn a lot!
Optimizing Istio Ingress Gateway Performance
How do you optimize the Istio ingress gateway? When and why would you need to perform this? In this video, I discuss scenarios where a single Istio ingress gateway may not be suitable for your Kubernetes environment because of the degraded performance from bearing the load of many service proxy configurations. You may be running multiple unrelated workloads (in a multi-tenant environment) with varying configurations and requirements. In situations like this, it may be better to have multiple ingress gateways that serve the different types of applications in your Kubernetes cluster. In addition to that, to avoid stressing a single ingress gateway with all the configurations for every proxy in the Istio service mesh, you can optimize each gateway's performance by filtering the proxies it should know about.
#kubernetes #istio
Timestamps:
00:00 - Introduction
00:20 - Running multiple gateways for different purposes
00:55 - Improving ingress gateway performance by creating multiple gateways
01:59 - Improving ingress gateway performance by filtering the virtual services attached to it
02:18 - The cost implication of running multiple gateways in a cloud environment
02:35 - Code-walk-through and demo
Other resources:
Using Istio Gateway to Route Traffic to Microservices on Amazon EKS - ua-cam.com/video/_ImVPrUZ6yY/v-deo.html
Secure Istio Gateway Traffic with TLS Encryption on Amazon EKS - ua-cam.com/video/sn4_j_E62VE/v-deo.html
Connect:
GitHub: github.com/LukeMwila
Twitter: LuKE9ine
Medium: medium.com/@outlier.developer
LinkedIn: www.linkedin.com/in/lukonde-mwila-25103345/
If you found this video helpful, please like the video and subscribe to the channel!
#kubernetes #istio
Timestamps:
00:00 - Introduction
00:20 - Running multiple gateways for different purposes
00:55 - Improving ingress gateway performance by creating multiple gateways
01:59 - Improving ingress gateway performance by filtering the virtual services attached to it
02:18 - The cost implication of running multiple gateways in a cloud environment
02:35 - Code-walk-through and demo
Other resources:
Using Istio Gateway to Route Traffic to Microservices on Amazon EKS - ua-cam.com/video/_ImVPrUZ6yY/v-deo.html
Secure Istio Gateway Traffic with TLS Encryption on Amazon EKS - ua-cam.com/video/sn4_j_E62VE/v-deo.html
Connect:
GitHub: github.com/LukeMwila
Twitter: LuKE9ine
Medium: medium.com/@outlier.developer
LinkedIn: www.linkedin.com/in/lukonde-mwila-25103345/
If you found this video helpful, please like the video and subscribe to the channel!
Переглядів: 1 735
Відео
Taints and Tolerations in Kubernetes
Переглядів 1,3 тис.Рік тому
What are taints and tolerations in Kubernetes? In this video, I discuss and demonstrate how you can apply taints to the nodes in your cluster, and how to run workloads on dedicated nodes by applying matching tolerations to pods. In Kubernetes, you can use taints to tell your nodes to repel or reject certain pod placements, as well as influence how strictly the scheduler should take the effects ...
Pod Topology Spread Constraints in Kubernetes
Переглядів 3,9 тис.Рік тому
How do you configure pod topology constraints in Kubernetes? In this video, I'll address this very topic so that you can learn how to spread out your application workloads in Kubernetes for high availability and better resource utilization. In this video, I will also compare pod topology constraints to pod anti-affinity rules, and why topology constraints are a better option for application ava...
How to Setup External CA Integration in Istio
Переглядів 3,2 тис.Рік тому
Wondering how to set up an external CA (certificate authority) in Istio? In this video, I give a detailed walk-through on why it can be helpful to set up an external root certificate authority for your Istio service mesh, as well as a walk-through of the setup process. The external CA used in this video is AWS Private CA. Certificate management in Istio is at the heart of issuing identities to ...
Security with Istio: Using Authorization Policies
Переглядів 4,6 тис.Рік тому
When securing your container workloads in Kubernetes, it's important to have defence in depth. This. means having layers of security. As important as it is to have mTLS enabled in the Istio service mesh, you should also implement access control between services. To do this in Istio, you make use of Authorization Policies. After we've validated the identity of a service, we should check whether ...
How to Configure mTLS in Istio for Secure Kubernetes Workload Communication
Переглядів 7 тис.Рік тому
To secure network communication between container applications in the Istio service mesh, you can make use of mutual Transport Layer Security (mTLS). With mTLS, you can validate the sender of any request in your application network environment, as well as encrypt the network traffic from being understandable to any other party that might intercept it. Istio automatically enables mTLS in the ser...
GitOps Canary Deployments to Kubernetes with Istio, Argo CD and Flagger
Переглядів 5 тис.2 роки тому
Deploying a new version of a software application is the bread and butter of the development lifecycle. However, you still have to think through and strategize around how you're going to get this newly deployed version into the hands of your end users or whatever clients will be consuming it. In this video, I'll discuss how you can make use GitOps with a canary strategy to release newly deploye...
Secure Istio Gateway Traffic with TLS Encryption on Amazon EKS
Переглядів 6 тис.2 роки тому
In this video, I discuss and demonstrate how you can mitigate the risks of network interception attacks by encrypting the traffic that comes into the Istio service mesh with TLS. This video is a follow-up to a previous video titled Using Istio Gateway to Route Traffic to Microservices on Amazon EKS (link provided below). As much as a single point of entry provides a superior measure of security...
Using Istio Gateway to Route Traffic to Microservices on Amazon EKS
Переглядів 15 тис.2 роки тому
One of the glaring challenges of deploying microservices to Kubernetes is figuring out optimal and secure network communication from outside the cluster to your services inside of it and network communication between the services themselves. In some scenarios, we can use Kubernetes services like LoadBalancers and NodePorts to expose our applications to the world. However, there are use cases wh...
Secure Your Kubernetes Software Supply Chain using Snyk, Amazon Inspector, Datree and NeuVector
Переглядів 3292 роки тому
Security around containers and Kubernetes is a very hot topic at the moment because of the increasing awareness of the vulnerabilities that exist in these technologies. To improve your container and Kubernetes security posture, you should start by identifying the vulnerabilities and then pick a tool or tools that will help you address the identified weaknesses and risks. The software supply cha...
Container Best Practices with Datree
Переглядів 2632 роки тому
Getting started with containers is relatively straightforward. If you have an environment like your personal laptop with a container runtime such as docker or containerd, the docker CLI, and a docker file for your application then you can have a container up and running in no time. However, there's still a lot of groundwork that has to be done to configure your containers to be considered optim...
Scaling Kubernetes with Karpenter: Advanced Scheduling with Pod Affinity & Volume Topology Awareness
Переглядів 1,6 тис.2 роки тому
One feature that draws people to Kubernetes is its ability to scale automatically. Auto-scaling Kubernetes is an essential part of your cloud-native strategy. In addition, you may be dealing with use cases requiring advanced Kubernetes scheduling requirements like pod affinity, pod anti-affinity, and volume topology awareness. In this video, I'll show you how to automatically scale the compute ...
Using Argo CD and Rancher for Kubernetes Multi-tenancy & GitOps
Переглядів 6 тис.2 роки тому
Kubernetes multi-tenancy is one of the biggest challenges when operating Kubernetes at scale. It's not easy figuring out the best way to manage, organize and isolate teams and unrelated workloads on shared clusters. In some cases, you might have one big cluster, and in other cases, you might have multiple big clusters housing different teams and workloads. In this video, I talk about how organi...
Multicloud Kubernetes with Rancher
Переглядів 1,3 тис.2 роки тому
Multicloud strategies are becoming increasingly popular, with a number of companies looking to adopt this model and distribute their architecture across different cloud environments. For organizations running containerized workloads at scale, this can work especially well because of the infrastructure agnosticism that Kubernetes offers. In this video, I talk about the pros and cons of multiclou...
Prevent Kubernetes Misconfigurations in Argo - Using Datree with Argo CD & Argo Rollouts
Переглядів 5 тис.2 роки тому
In this video, I demonstrate how you can make use of Datree's new Argo policy rules as a defensive strategy from misconfigurations. This video follows up on a previous video where I walked through a GitOps CI/CD pipeline with AWS CodeBuild and Argo CD for deployments to an Amazon EKS cluster. In that video, I used Datree to ensure best practices are upheld and to protect from common container a...
Managing Sensitive Data in Kubernetes with Sealed Secrets and External Secrets Operator (ESO)
Переглядів 6 тис.2 роки тому
Managing Sensitive Data in Kubernetes with Sealed Secrets and External Secrets Operator (ESO)
Using Argo CD & Datree for Stable Kubernetes CI/CD Deployments
Переглядів 2,3 тис.2 роки тому
Using Argo CD & Datree for Stable Kubernetes CI/CD Deployments
Getting Started with ArgoCD for GitOps Deployments
Переглядів 7 тис.2 роки тому
Getting Started with ArgoCD for GitOps Deployments
Using Skaffold and GitHub Actions for Deployments to Amazon EKS
Переглядів 2,1 тис.2 роки тому
Using Skaffold and GitHub Actions for Deployments to Amazon EKS
CI/CD Deployments with AWS CodeBuild and GitOps to EKS and AKS Kubernetes Clusters
Переглядів 2,9 тис.3 роки тому
CI/CD Deployments with AWS CodeBuild and GitOps to EKS and AKS Kubernetes Clusters
Create an RKE Kubernetes Cluster in AWS with Terraform
Переглядів 2,3 тис.3 роки тому
Create an RKE Kubernetes Cluster in AWS with Terraform
Port Forwarding in Kubernetes with kubectl
Переглядів 4,9 тис.3 роки тому
Port Forwarding in Kubernetes with kubectl
Manage Amazon EKS Cluster with Rancher
Переглядів 7 тис.3 роки тому
Manage Amazon EKS Cluster with Rancher
Local Kubernetes Development with RKE (Rancher Kubernetes Engine)
Переглядів 4,5 тис.3 роки тому
Local Kubernetes Development with RKE (Rancher Kubernetes Engine)
I am new in Kubernetes and IT in general, so what exactly port-forward do, expose the node with port 8080?
I faced with a problem. As it is a self-signed certificate; the connection requests from ALB are not being allowed by envoy (or by Istio gateway)., connections are refused. Is there a solution/workaround for this?
Clean presentation. Easy to follow and demystifies a lot of concepts other tutorials take for granted.
wonderful explaination, Thanks
Hi, where do I get the live iron man wallpaper from? 😊
Can we use traefik ingress controller instead of istio-ingress gateway? Traffic coming from traefik routers fails when the peerauthentication mode is STRICT in all namespace
Brilliant! THanks for a clear and easy to understand explanation of what I've seen perceived as a relatively obscure and underappreciated setting, but a very important one!
Please make a video for Let's Encrypt as external CA.
Thank you very much - This helped me set it up in our project! Can you please tell me what is that beautiful VSCode Theme?
Hi, is there any way to make sure skaffold dev does not delete your persistent volumes? I find this is a deal-breaker when trying to set up a k8s local environment since it erases all of your data everytime.
Thanks so much!
Hi you explained very well but i have one doubt that where destination rule configuration Please reply me back that helps me to go further in understanding istio
How do we connect to product service from order pod when strict mode was enforced for both services? How do we get the client certificates ?
Thanks for the video, I'm new to Istio and it's very helpful. You've changed the Istio ingress controller service to NodePort and created another service of LoadBalancer. Why not changing the Istio ingress controller service to LoadBalancer with ALB annotation and avoid the need to another service?
How do you get autocomplete in your terminal
How to generate loadbalancer using aws ingress
Great example, finally got working my project 🎉
Your content on istio is the best
Like your videos, because you explain the important things in a good way. Can you do also a video about the descheduler? Because if you use Anti-Affinity or Topology Spread Contraints this is only for the scheduler. If you scale down an application (manual or autoscaling), this rules will not be taken in consideration by the descheduler to keep the high-availability. So imo there is a need to keep also a look at the descheduler if you want high availability when autoscaling.
Your content is superb
Do you think having a gateway for each environment (Dev,uat, prod) is a good decision? Thank you!
This was an excellent explanation know I understand the benefit of istio
Thank you for the video, so helpful
Solid video, really appreciate the overview explanation at the beginning. Subscribed!
Can you answer a question, is it possible to use jaeger + istio, for every request and response event of each microservice? automatic without changing microservice/pod code? How can I look for the configuration I should do?
What protocol you use between communication between services? Rest or gPRC?
Hey dude, you really helped me with setting this up, even better than AWS's Containers from the Couch. You'll probably never see this, but I really appreciate it!
Great video, I'm subscribing ! I was wondering if I could use topology spread constaints to deploy Pods which consume EBS volumes accross multiple availabilty zones ? Say you have 3 redis replicas and you want to spread them into 3 zones so they'll be able to consume their respective volume if a zone goes down ?
Wow. That was a lot to unpack. very well articulated and delivered. Keep up the good work.
Subscribed 😊
Nice work, Mr. Mwila. It would be great if you could provide a walkthrough of the app you're going to mesh!
I have kube installed on my bare metal . I have a rest service running on master mode machine ( not in kube). In kube i have some pods which want to access the rest service. How do pods communicate with on kube rest service on one of the node(master node). Pods are getting host not resolved error.
Great content, thanks a lot :)
about the bridging configuration I didn't have to do it when configuring a cluster without RKE, does kubeadm do it for you when creating a cluster? and even though RKE does all the configuration it doesn't know how to configure the bridging?
if anyone knows please...does istio uses workload to register/deploy application?
Thank @Lukonde for istio content, it helps me
Awesome. please carry on. Ty
Great videos. Keep going :)
Thank you so much for what you doing. That very helpful! Great!
if we scale the nodes do they add to rancher directly?
great video but the guy clearly doesn't reply on his content, I see 2 comments below and still no reply
Do you know how does it work during AZ failure or when specific AWS has capacity issue in a specific AZ?
Nice concise, simple. Great vid. thanks
how can we do it for multi setup environments where clusters resides on different region or different aws accounts?
I saw you on AWS couch channel but didn’t realize you had your own channel. Thanks to ESO page that pointed to this channel…love your content 🙌🏽🚀🔥
Nice explnation and demo!
thanks Lukonde for the excellent content, very well explained.
Please make an video with let's encrypt for ssl. for parent as well as subdomains. Thanks.
Excellent demo. Are you able to do the same for a Multi Cluster Mesh ?
I'm just here to say congrats Luke! You taught me Flutter years ago 😄Your growth in tech has been an inspiration to me and many others 💯 Kubernetes is the new frontier and I'm glad to see that you already have experience in this field 🔥