- official doc: normally, the official doc is the best place for learning and doing
- The Kubernetes Book, 2023 Edition - Nigel Poulton and Pushkar Joglekar
- Kubernetes in Action, 2nd Edition - Marko Lukša: This 2nd edition will be released on August 29, 2023. The first edition is a little bit outdate.
- Kubernetes Design Principles: Understand the Why - Saad Ali, Google, KubeCon + CloudNativeCon North America 2018
- What is Helm in Kubernetes? Helm and Helm Charts explained, TechWorld with Nana 2020:
- Kubernetes for Sysadmins – Kelsey Hightower, PuppetConf 2016
- Cgroups, namespaces, and beyond: what are containers made from? - Jérôme Petazzoni, dockercon EU 2015
- The Kubernetes Networking Guide
- Packet Walk(s) In Kubernetes
- Kubernetes Networking 101 - Randy Abernethy, RX-M LLC, 2022
- "My CNI Plugin Did… What?!": Debugging CNI with Style and Aplomb - Douglas Smith & Daniel Mellado Area, Red Hat, KubeCon + CloudNativeCon North America 2022
- Writing a CNI - as easy as pie Write you own CNI (Container Network Interface), 2019
- Kubernetes Networking Intro and Deep-Dive - Bowei Du & Tim Hockin, Google, KubeCon + CloudNativeCon Europe 2020
- Kubernetes and Networks: Why is This So Dang Hard? - Tim Hockin, 2020
- Life of a Packet - Michael Rubin, Google, 2017
- Life of a Packet through Istio - Matt Turner,QCon London 2019
- The ins and outs of networking in Google Container Engine and Kubernetes (Google Cloud Next '17) - Tim Hockin and Michael Rubin
- Container Networking From Scratch - Kristen Jacobs, Oracle, KubeCon + CloudNativeCon North America 2018
- Container Networking Deep Dive with Amazon ECS (CON401) - Shakeel Sorathia, AWS re:Invent 2017
- Container Network Interface: Network Plugins - Eugene Yakubovich, 2015
- The Container Network Interface (CNI) - Eugene Yakubovich, 2015
- MegaEase 技术分享:Kubernetes Networking Model - 赵锟
- A Deeper Dive of kube-scheduler - Akila Welihinda, OpenAI, 2023/12/11
- Unleash the Full Potential Of Kubernetes Scheduler, KubeCon + CloudNativeCon North America 2022: Configuration, Extension And Operation In Production - Yuan Chen, Yibo Zhuang & Wei Huang, Apple; Chen Wang, IBM Research
- Huang-Wei/sample-scheduler-extender
- Kubernetes scheduler simulator
- Building a Kubernetes Scheduler using Custom Metrics - Mateo Burillo, Sysdig, KubeConEU2018, slide, code
- How the Kubernetes scheduler works - Brendan Burns at MicroSoft Azure, 2019
- Deep Dive Into the Latest Kubernetes Scheduler Features: Abdullah Gharaibeh, Google Inc, KubeCon North America 2019
- Kubernetes Storage Lingo 101 - Saad Ali, Google (Beginner Skill Level)
- Vault '20 - Understanding Kubernetes Storage: Getting in Deep by Writing a CSI Driver
- Device Plugins 2.0: How to Build a Driver for Dynamic Resource Allocation - K Klues & Alexey Fomenko
alpha at Kubernetes v1.25
Kubernetes Official Docs Conditions:
- at least Linux 6.3, as tmpfs started supporting idmap mounts in that version (the service account token that is mounted by default uses a tmpfs, Secrets use a tmpfs, etc.)
- CRI-O: version 1.25 (and later) supports user namespaces for containers
- containerd v1.7+
Limitations, if you set hostUsers: false then you are not allowed to set any of:
- hostNetwork: true
- hostIPC: true
- hostPID: true
The pod is allowed to use no volumes at all or, if using volumes, only these volume types are allowed:
- configmap
- secret
- projected
- downwardAPI
- emptyDir
K8s Proposals
- KEP-127: Support User Namespaces in stateless pods: Root Kubelet But Rootless Container, alpha at K8s 1.25
- KEP-2033: Kubelet-in-UserNS (aka Rootless mode): Rootless Kubelet and Rootless Container. In Progress, track issue
Runtime Status
- Docker Rootless GA after v20.10: Maybe some Volume and Networks limitations, test it later
- 2021 Rootless Containers from Scratch - Liz Rice, Aqua Security
- 2020/12 Rootless Containers in Gitpod
- 2021 Overview of Rootless Podman: Part 1 - Understanding Root Inside and Outside a Container
- 2021 Overview of Rootless Podman: Part 2 - How User Namespaces Work in Rootless Containers
RootlessKit
- API Codebase Tour - Stefan Schimanski, Red Hat, Kubernetes Contributor Summit 2018
- K3s Under the Hood: Building a Product-grade Lightweight Kubernetes Distro - Darren Shepherd, KubeCon + CloudNativeCon North America 2019
- Kubernetes Failure Stories and How to Crash Your Clusters - Henning Jacobs, Zalando SE, KubeCon + CloudNativeCon Europe 2019
- 10 Ways to Shoot Yourself in the Foot with Kubernetes, #9 Will Surprise You - Laurent Bernaille, KubeCon + CloudNativeCon Europe 2019
- Deep Dive: Virtual Kubelet - Jeremy Rickard, Microsoft & Lei Zhang, Alibaba Cloud, KubeCon + CloudNativeCon Europe 2019
- Deep Dive into Kubernetes Internals for Builders and Operators - Jérôme Petazzoni, LISA19
- Building a Kubernetes on Bare-Metal Cluster - Alexandros Kosiaris & Guiseppe Lavagettom, 2019
- Single Sign-On for Kubernetes - Joel Speed, Pusher
- Lessons Learned Migrating Kubernetes from Docker to containerd Runtime - Ana Calin, Paybase, KubeCon + CloudNativeCon Europe 2019
- Building a Raspberry Pi Kubernetes Cluster and running .NET Core - Alex Ellis & Scott Hanselman, NDC London 2018
- Horizontal Pod Autoscaler Reloaded - Scale on Custom Metrics - Maciej Pytel & Solly Ross, KubeCon EU 2018
- Kubernetes the Very Hard Way - LISA19