Sign in

Lead Engineer at Salesforce AI | savithru.me

At Salesforce, we use Kubernetes to orchestrate our services layer and recently ran into a use case where we wanted to apply and manage certain common objects across Kubernetes namespaces. Since there’s no native solution to share objects across namespaces or the concept of a global object, we used Kubernetes extensibility to solve the problem. In this post, I’ll shed light on how we accomplished this.

Image for post
Image for post

Namespaced objects in Kubernetes aren’t designed to be shared across logical boundaries. If you want to share a certain object across multiple namespaces, you must scope the object at the cluster level. The inability…


Image for post
Image for post
Fig1. Kubectl plugins

Plugins are a native way of extending the kubectlclient functionality in Kubernetes. kubectl CLI client written in Golang to interact with the Kubernetes control plane. Its simple to use, modular & extensible.

This means that a Kubernetes developer can build custom plugins to add new features to thekubectl client's functionality. Plugins extend kubectl with new sub-commands, allowing for new and custom features not included in the main distribution of kubectl.

Since the functionality of the client can be extended to pretty much anything that exposes a programmatic interface (APIs), I thought why not write a plugin to control a Tesla…


3rd week of January, 2020 has been quite productive. I managed to clear both Kubernetes certifications offered by the Cloud Native Computing Foundation (CNCF); Certified Kubernetes Application Developer (CKAD) & Certified Kubernetes Administrator (CKA).

Image for post
Image for post

Both these exams are quite different from other industry certifications; mainly due to the fact that both are performance-based exams & will test your problem-solving skills while debugging real issues. There are NO multiple-choice questions & each exercise requires you to interact with the Kubernetes cluster in some way.

Ever since I posted on LinkedIn, some of my connections wanted to understand how I managed to…


Image for post
Image for post
Fig1: Helm v3

Helm (a tiller or wheel & any associated equipment for steering a ship or boat) is a package manager for Kubernetes. It was inspired by the Homebrew project & helps developers to easily package & distribute complex microservices that run on the Kubernetes platform.

Some history…


Image for post
Image for post

Amazon Elastic Kubernetes Service (EKS) makes it easy to deploy, manage, & scale containerized applications using Kubernetes on AWS.

EKS uses Identity & access management (IAM) to provide authentication to your Kubernetes (K8s) cluster through the AWS IAM Authenticator for Kubernetes, but it still relies on native K8s Role-Based Access Control (RBAC) for authorization.

This means that IAM is only used for authentication of valid IAM entities. All permissions for interacting with your EKS cluster’s K8s APIs are managed through the native K8s RBAC system.


Image for post
Image for post
Amazon EKS now supports K8s v1.13

Amazon Elastic Kubernetes Service (EKS) is a service under the AWS umbrella that provides managed Kubernetes service. It significantly reduces the time to deploy, manage, & scale the infrastructure required to run containerized applications.

AWS has simplified EKS networking significantly with its container network interface (CNI) plugin. With no network overlays, Kubernetes pods (containers) & services (L4 load-balancers) get IPs from the same VPC allocated subnet as would an EC2 instance get.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store