myapp 0/1 Evicted 0 10s

You might have seen pods in the above state on Kubernetes cluster. Eviction is the process of terminating one or multiple pods on K8s nodes which could be because of lack of resources like CPU, memory, disk space, and filesystem inodes etc. It is mostly due to resource planning difficulty and pod needs to be rescheduled from high to low pressure node.

When any of the node in the cluster is under high pressure, it starts to cleanup unused Kubernetes resources like killed container, old container images etc. …

Whether it be logging cluster activity or debugging problem in application, logging is the first step. On Kubernetes world, containers are temporary entities which looses logs after a restart for any reason. So, I would prefer to have a proper logging setup of the cluster before running real applications. There are many enterprise solutions for that like,, papertrail, logDNA etc. On Google Kubernetes Engine(GKE), the logs of containers are captured from its own logging service which can be enabled or disabled from cluster settings.

In this post, I am going to walk through logging architecture using open source applications…

Containers are ephemeral

Keeping logs of the containers is challenging because of their temporary nature. Although we can use volume map or other ways to make the logs with persistent, its hard to keep track of logs overtime as well as get the metrics out of the logs.

Elasticsearch, a Lucene based search engine library to store, search, and analyze large amounts of structured and unstructured data. With the integration of open-source UI — Kibana, Elasticsearch is a good choice for storing bigger or smaller sized logs and get the metrics visualized with Kibana.

In this post, we use a…

Image: Google Cloud Tech Youtube

Docker is becoming a de facto for modern software deployment as well as development. From the build pipeline to CI/CD, the adoption of docker is increasing rapidly. Even the workflow automation like Github Actions is fully dependent in docker.

But with the recent change in the Docker Hub pull request limitation, a big number of users are going to be impacted. The cap of 100 and 200 pulls per 6 hours for anonymous and authenticated users respectively is surely gonna impact existing workflow. …

SSH has become trivial but still a truth. In this post, we will talk about securing the ssh connection to compute engine instance as well as centralizing the access control by the use of Idenity-Aware Proxy(IAP). It is a part of BeyondCorp security model also known as zero trust to protect access to GCP’s internal resources through context-aware access capabilities.

image credit:

The IAP model allows access to compute instance without the use of vpn by easing the process with a single point of control for managing user access to web applications and cloud resources without exposing them to public internet. …

Quality of Service(QoS) by its name suggests the way service is provided based on need and also in adverse situation. The quality is in terms of the resource(cpu, memory etc.). In this post, we will talk about the QoS of pod in Kubernetes cluster.

While configuring or scheduling pod, we pass 2 parameters which determines the usage of node resources: Requests and Limits. These two parameters are provided for each containers in pod and are mainly dealt with CPU and Memory(RAM). “Request” specifies the minimum resource allocated to container which is reserved whether the container actually uses or not. And…

image credit:

While creating a docker image, we might need to use secrets for various purposes like:

  • pulling private packages(npm, gradle etc.)
  • git clone or any git actions
  • get private object storage files
  • ssh/rsync

There mostly, there are two ways for using secrets:

  • environment variable
  • file

In this post we will dig into various ways of using the secrets along with the operation from security perspective. So, please read till the end to get idea of various ways. Here is the git repo with all Dockerfiles used in this post:

Way 1(Passing environment variable on Dockerfile)

# Dockerfile.1
FROM alpine:3.12
ENV MY_SECRET superSecret
CMD tail -f /dev/null

I often get question: How much will it cost to learn Kubernetes? There are various options, providers and tools for creating a cluster including cloud and in local system. Before diving into GKE(Google Kubernetes Engine), I would like to present other few options which are good for starting phase but may not give a good glimpse of connecting points.

image credit:

Local System

Minikube is popular one but I started to fall in love with microk8s not only because of its easy installation(snap install microk8s) but also it provides easy integration with Istio as well out of the box. …

Github Package Registry, announced in early 2019 is a fully Github integrated package management service where we can store package of npm, gem, mvn, nuget, gradle. By the effective usage of Github Actions and Package, we can build a good flow of release and package.

In this post, we are going to deal with the whole lifecycle of a npm package. Here’s what we will achieve:

  1. Create a nodejs project as a module
  2. Use published module in app
  3. Configure Github Actions for new tag and publish package with auto-increment in version
  4. Use the npm package in docker build
  5. Create docker…

We have come up with this new way of knowledge sharing platform where we will be writing weekly updates in the DevOps community and industry. If you want to share your interesting reads and learning, feel free to mention us. Enjoy this first weekly reading!


Helm Graduation: Helm, a package manager for Kubernetes has graduated from the incubating level as a CNCF project. Helm makes it super easy for installation, upgrade, and deletion of bundles of Kubernetes resource definitions. Also, it makes redistribution of application easier, you can consider it as Docker :). Read more on:

New in Market

GitHub Codespaces: Github…

Raju Dawadi

DevOps | SRE | #GDE

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store