In the era of distributed architectures, fast and efficient logs search remains a challenge, involving solutions that are sometimes complex to deploy and …| blog.ogenki.io
This documentation section clarifies all the terms specific to Traefik Enterprise.| doc.traefik.io
Traefik Enterprise's architecture consists of nodes spread into two different planes: the control plane and the data plane. Learn more in the documentation.| doc.traefik.io
Fang-Pen Lin's blog about programming| Fang-Pen's coding note
Pods are the smallest deployable units of computing that you can create and manage in Kubernetes. A Pod (as in a pod of whales or pea pod) is a group of one or more containers, with shared storage and network resources, and a specification for how to run the containers. A Pod's contents are always co-located and co-scheduled, and run in a shared context. A Pod models an application-specific "logical host": it contains one or more application containers which are relatively tightly coupled.| Kubernetes
Node affinity is a property of Pods that attracts them to a set of nodes (either as a preference or a hard requirement). Taints are the opposite -- they allow a node to repel a set of pods. Tolerations are applied to pods. Tolerations allow the scheduler to schedule pods with matching taints. Tolerations allow scheduling but don't guarantee scheduling: the scheduler also evaluates other parameters as part of its function.| Kubernetes
How can security teams lock down Kubernetes? By default, Kubernetes security lacks controls, and any pod can talk freely to any other pod.| TrueFort
Kubernetes contributor Chris Short recounts how the open source project, its community, and access to mental health resources through an employer likely saved his life while struggling with PTSD, anxiety, and depression.| Chris Short
When you need to run something just once, but on each node| Haim Gelfenbeyn's Blog
In this blog post, we share our journey to build a ClickHouse-powered logging solution that today stores over 19 PiB of data (1.13 PiB compressed) in our AWS regions alone, and costs 200x less than Datadog.| ClickHouse
Understand different ways Karpenter disrupts nodes| karpenter.sh
In September 2019 I had the honour to present at Open Networking Summit in Antwerp. My talk was about meshnet CNI plugin, k8s-topo orchestrator and how to use them for large-scale network simulations in Kubernetes. During the same conference, I attended a talk about Network Service Mesh and its new kernel-based forwarding dataplane which had a lot of similarities with the work that I’ve done for meshnet. Having had a chat with the presenters, we’ve decided that it would be interesting to ...| networkop
In this post, we discuss the risks of the AWS Instance Metadata service in AWS Elastic Kubernetes Service (EKS) clusters. In particular, we demonstrate that compromising a pod in the cluster can have disastrous consequences on resources in the AWS account if access to the Instance Metadata service is not explicitly blocked. Introduction For the purposes of this post, we’ll use an EKS cluster running Kubernetes v1.17.9 and created with eksctl. We could also have created the cluster using Ter...| Christophe Tafani-Dereeper
A standard interface for service meshes on Kubernetes| smi-spec.io
Working with container images is pretty much a fact of life in modern day infrastructure, especially with Kubernetes. Make your life easier by using tools such as skopeo and crane.| D2iQ Engineering
A ReplicaSet's purpose is to maintain a stable set of replica Pods running at any given time. Usually, you define a Deployment and let that Deployment manage ReplicaSets automatically.| Kubernetes
With contributions from Adriana Villela (Lightstep from ServiceNow). For the OpenTelemetry (OTel) End User Working Group’s fourth End User Q&A session of 2023, we spoke with Jacob Aronoff, Staff Software Engineer at Lightstep from ServiceNow and an OpenTelemetry Operator Maintainer. Read on if you are interested in learning how a vendor is using OTel in-house! This series of interviews is a monthly casual discussion with a team that’s using OpenTelemetry in production. The goal is to shar...| OpenTelemetry
In this article, you will learn about the 3 components that enable the running of containerized applications in a Kubernetes cluster.| EverythingDevOps
Labels are key/value pairs that are attached to objects such as Pods. Labels are intended to be used to specify identifying attributes of objects that are meaningful and relevant to users, but do not directly imply semantics to the core system. Labels can be used to organize and to select subsets of objects. Labels can be attached to objects at creation time and subsequently added and modified at any time.| Kubernetes
Step by step guide to get started with Istio ambient mesh.| Istio
You can constrain a Pod so that it is restricted to run on particular node(s), or to prefer to run on particular nodes. There are several ways to do this and the recommended approaches all use label selectors to facilitate the selection. Often, you do not need to set any such constraints; the scheduler will automatically do a reasonable placement (for example, spreading your Pods across nodes so as not place Pods on a node with insufficient free resources).| Kubernetes
)
+ tl;dr - UDP support is coming to traefik soon, so I’m updating my cluster’s traefik to be ready to take advantage of it and all the other new features. Going from v1 -> v2.2 (the latest) requires some config changes so I detail them below. NGINX is one of the most venerated load balancers on the internet and when I first set up my tiny kubernetes cluster I used it.| vadosware.io
)
+ tl;dr - I upgraded traefik and added some resources (IngressRoute, Middleware) to get a better security score from Mozilla’s (HTTP) Observatory. The upgrade from 2.2.0-rc1 to 2.3.2 came with a few breaking changes so it was a bit involved (see Traefik v1 to v2 docs and also the general v2.x migration docs) I recently came across an insanely helpful and concise Written by Sam Texas from simplecto.com post while surfing r/Traefik subreddit.| vadosware.io
)
+ / / tl;dr - I did another round of drive testing (originally I only tested OpenEBS and hostPath), this time with some rented Hetzner machines and Ansible-powered automation. The GitLab repository isn’t ready for mass consumption yet but I’ll update here (and this tl;dr) when it is, along with the results. UPDATE (04/09/2020) The GitLab repository is up! You can skip this entire article and just go there. NOTE: This a multi-part blog-post!| vadosware.io
)
+ / / tl;dr - In order to test storage performance I set up a completely automated test bed for all the storage plugins, this article chronicles the installations of some of the plugins. It’s particularly long because I made lots of mistakes. Mostly useless sections are prefaced with a notice on why you can skip them, skim the ToC and click on anything you like. UPDATE (04/09/2020) The GitLab repository is up!| vadosware.io
)
- tl;dr - My cluster-wide prometheus scraping config was picking up port 25 as a good place to send GET /metrics requests, and broke my surprisingly fragile email setup (Haraka -> Maddy), simply by inundating it with invalid HTTP requests to a port meant for SMTP. My mailer setup makes use of two pretty good F/OSS tools that I rarely have problems with: Haraka Maddy They work great, and I don’t spend much time thinking about them – I often set up a new maddy instance with separate backups...| vadosware.io
)
+ tl;dr - Ceph (Bluestore) (via Rook) on top of ZFS (ZFS on Linux) (via OpenEBS ZFS LocalPV) on top of Kubernetes. It’s as wasteful as it sounds – 200TPS on pgbench compared to ~1700TPS with lightly tuned ZFS and stock Postgres. The setup is at least usable and can get up to 1000TPS (2 replica ceph block pool) with synchronous_commit=off and some other less risky optimizations. Check out the numbers at the end in context and since this post is very Kubernetes heavy, if you don’t run Kub...| vadosware.io
