So you probably already heard the news Docker Desktop is no longer free. While this mostly affect macOS and Windows users and I use Pop!_OS, I still would like to see if we can get by without Docker at all. I’ve been using nerdctl for quite awhile now and while nerdctl mostly fill my needs for docker CLI, I “kinda” need kind CLI to create test cluster for testing purpose. However kind still needs docker.
K8s 1.22 giới thiệu Pod Security Admission (sau này gọi tắt là PSA) phiên bản alpha, để thay thế cho Pod Security Policy (PSP). Bài viết này sẽ hướng dẫn qua cách bạn setup PSA và sử dụng PSA 1 cách cơ bản nhất. Enable PSA # Để cho mục đích lab đơn giản, mình sẽ sử dụng kind để tạo 1 cluster local. Mình sẽ tạo 1 cluster và enable PSA lên với config như sau
kubectl run generators removed from kubectl 1.18, except one for generating pod.
A step by step guide on how to use Synology NFS as external storage with Kubernetes
We had an EC2 instance retirement notice email from AWS. It was our Kubernetes master node. I thought to myself: we can simply just terminate and launch a new instance. I’ve done it many times. It’s no big deal. However, this time, when our infra engineer did that, we were greeted with this error when trying to access our cluster. Unable to connect to the server: EOF All the apps are still fine.
At work, we’ve been running Kubernetes (k8s) in production for almost 1 year. During this time, I’ve learnt a few best practices for designing and deploying an application hosted on k8s. I thought I might share it today and hopefully it will be useful to newbie like me. Liveness and readiness probes # Liveness probe: check whether your app is running Readiness probe: check whether your app is ready to accept incoming request Liveness probe is only check after the readiness probe passes.
This part is about how to define constraint to the scheduler on where/how you want your app container to be deployed on the k8s cluster. Node selector # Simpleast form of constraint for pod placement. You attach labels to nodes and you specify nodeSelector in your pod configuration. When to use # you want to deploy redis instance to memory-optimized (R3, R4) instance group for example. Affinity and anti-affinity # Affinity and anti-affinity is like nodeSelector but much more advanced, with more type of constraints you can apply to the default scheduler.
Just my own experience setting up traefik as Ingress controller on Kubernetes. Install helm # brew install kubernetes-helm Init helm # helm init Install traefik chart with helm # Download the default values.yaml file and edit it depends on your needs. Then issue the below command. I want to install it to kube-system namespace hence the --namespace kube-system. helm install --name my-traefik --namespace kube-system --values values.yaml stable/traefik If you make a mistake and want to remove it
TLDR Build Price-Aware Applications Check the Price History: In general, picking older generations of instances will result in lower net prices and fewer interruptions. Use Multiple Capacity Pools: By having the ability to run across multiple pools, you reduce your application’s sensitivity to price spikes that affect a pool or two (in general, there is very little correlation between prices in different capacity pools). For example, if you run in five different pools your price swings and interruptions can be cut by 80%.
Symptom: autoscaler works (it can scale up) but for some reasons, it doesn’t scale down after the load goes away. I spent sometimes debugging and turns out, it’s not really a bug per se. More of a bad luck pod placement on my Kubernetes cluster. I first added --v=4 to get more verbose logging in cluster-autoscaler and watch kubectl get logs -f cluster-autoscaler-xxx. I notice this line from the logs
Fluentd Docker image to send Kuberntes logs to CloudWatch Very easy to setup. Good option for centralized logging if all of your infrastructures are already in AWS. echo -n "accesskeyhere" > aws_access_key echo -n "secretkeyhere" > aws_secret_key kubectl create secret --namespace=kube-system generic fluentd-secrets --from-file=aws_access_key --from-file=aws_secret_key kubectl apply -f fluentd-cloudwatch-daemonset.yaml On a side note, I think i will need to move fluend configuration file to secret as I just want to collect logs from certain namespace/filter.
Just some of my notes while learning about Kubernetes. I use Google Compute Engine to install mine. Installation # To install Kubernetes, it’s as easy as copy and paste the below command curl -sS https://get.k8s.io | bash If you want to customize some default options, you can edit environment variables curl -sS https://get.k8s.io | MULTIZONE=true KUBERNETES_PROVIDER=gce KUBE_GCE_ZONE=asia-east1-b NUM_NODES=4 bash There’re more environment variables that you can take a look in kubernetes/cluster/gce/config-default.