I will be listing down my articles about K8s best practices here, so we will have one stop place to access all as I write more in future.

More to follow :)…


I hope to discuss about the process that will make the system secure. I will not go too deep on individual sections, but I will glance thru and will discuss them later in different articles.

Image for post
Image for post

This is a methodological well defined process and following that is one of the most important things for an architect.

What is the secure architecture process?

It is a well-defined process for ensuring the system is as secure as possible. It is important to know that the process can not guarantee that the system is 100% secure. However It will help to achieve a very secure system.

The process begins at a very early phase in the system life-cycle and actually never really ends. …

Software Security is very big topic and you will be easily get lost in it. There are lots of information about security. Starting from highly successful startups to terrible news on shocking security breaches. Lets discuss some basic concepts and terminology.

Image for post
Image for post

What is Software Security?

Lets have some common answers from IT folks.

  1. Protect system from someone logs in to the system with fake identity.
  2. Protect attackes like DDOS.
  3. Find out if someone’s identity was stolen.

These are kind of true but do not capture the essence.

What do we want to protect using the software security? Using software security we protect against,

  1. Data…

First thing to discuss is whats is the difference between Service and Ingress? What is the difference between two?

Lets start with a simple scenario.

We are working on an application and that has an online store selling products. It is available at my-online-store.com. It s built into a Docker image and deployed on a Kubernetes cluster as POD in a deployment. We need a database and we deployed MySQL database as a POD and created a service of type cluster IP called MySQL service to make it accessible to the application.

Application is now up and running. We need…

Kubernetes services enable communication between various components within and outside of the application. Kubernetes services helps us connect applications together with other applications or users. Lets assume our application has groups of pods running various sections such as a group for serving our front end load to users and other group for running back end processes. Then third group connecting to an external data source.

It is services that enable connectivity between these groups of pods. Services enable the front end application to be made available to end users. …

Lets discuss about the POD to Node relationship and how you can restrict what pods are placed on what nodes. The concept of taints and tolerations can be a bit confusing at first.

Lets take the example and using a analogy of a bug approaching a person.

Image for post
Image for post

To prevent the bug from landing on the person, we sprayed the person with a repellent spray or a taint as we will call it. The bug is intolerant to the smell.

Lets forget about pods, replicasets and other Kubernetes concepts for a minute. Lets talk about how you deploy your application in production environment.

Lets you have a web server that needs to be deployed in a production environment. You need many such instances of that web server running. Also when newer version of the application becomes available, you need to upgrade your instances seamlessly. When you upgrade, you do not need to upgrade all of them at once. This may impact users accessing the application and you might need to upgrade them one after the other. …

In this article we will discuss about Kubernetes controllers. Controllers are the brain behind Kubernetes. They are the processes that monitor Kubernetes objects and respond accordingly.

Replication controller is one controller in particular that I would like to discuss.

What is a replica and why do we need a replication controller?

Lets go back our first scenario where we had a single pod running our application.

What if for some reason our application crashes and the pod fails? Then the users will no longer be able to access out application. We would like to have more than one instance of…

As we discussed before with Kubernetes, it is our ultimate aim is to deploy our application in the form of containers on a set of machines that are configured as worker nodes in a cluster.

However, kubernetes does not deploy containers directly on the worker nodes. The containers are encapsulated into a kubernetes object knows as POD.

A pod is a single instance of an application. A pod is a smallest object that you can create in kubernetes.

Here we see the simplest of simplest cases where you have a single node kubernetes and cluster with a single instance of…

Image for post
Image for post


Node is a machine, physical or virtual one which Kubernetes is installed. Node is a worker machine and that is where containers will be launched by Kubernetes. It was also knows as minion’s in the past.

Ishan Liyanage

Passionate Technical Lead, Senior Software Developer and free and open source software advocate

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store