NAME READY STATUS RESTARTS AGE
myapp 0/1 Evicted 0 10s
You might have seen pods in the above state on Kubernetes cluster. Eviction is the process of terminating one or multiple pods on K8s nodes which could be because of lack of resources like CPU, memory, disk space, and filesystem inodes etc. It is mostly due to resource planning difficulty and pod needs to be rescheduled from high to low pressure node.
When any of the node in the cluster is under high pressure, it starts to cleanup unused Kubernetes resources like killed container, old container images etc. …
Whether it be logging cluster activity or debugging problem in application, logging is the first step. On Kubernetes world, containers are temporary entities which looses logs after a restart for any reason. So, I would prefer to have a proper logging setup of the cluster before running real applications. There are many enterprise solutions for that like, logz.io, papertrail, logDNA etc. On Google Kubernetes Engine(GKE), the logs of containers are captured from its own logging service which can be enabled or disabled from cluster settings.
In this post, I am going to walk through logging architecture using open source applications…
Containers are ephemeral
Keeping logs of the containers is challenging because of their temporary nature. Although we can use volume map or other ways to make the logs with persistent, its hard to keep track of logs overtime as well as get the metrics out of the logs.
Elasticsearch, a Lucene based search engine library to store, search, and analyze large amounts of structured and unstructured data. With the integration of open-source UI — Kibana, Elasticsearch is a good choice for storing bigger or smaller sized logs and get the metrics visualized with Kibana.
In this post, we use a…
Docker is becoming a de facto for modern software deployment as well as development. From the build pipeline to CI/CD, the adoption of docker is increasing rapidly. Even the workflow automation like Github Actions is fully dependent in docker.
But with the recent change in the Docker Hub pull request limitation, a big number of users are going to be impacted. The cap of 100 and 200 pulls per 6 hours for anonymous and authenticated users respectively is surely gonna impact existing workflow. …
SSH has become trivial but still a truth. In this post, we will talk about securing the ssh connection to compute engine instance as well as centralizing the access control by the use of Idenity-Aware Proxy(IAP). It is a part of BeyondCorp security model also known as zero trust to protect access to GCP’s internal resources through context-aware access capabilities.
The IAP model allows access to compute instance without the use of vpn by easing the process with a single point of control for managing user access to web applications and cloud resources without exposing them to public internet. …
Quality of Service(QoS) by its name suggests the way service is provided based on need and also in adverse situation. The quality is in terms of the resource(cpu, memory etc.). In this post, we will talk about the QoS of pod in Kubernetes cluster.
While configuring or scheduling pod, we pass 2 parameters which determines the usage of node resources: Requests and Limits. These two parameters are provided for each containers in pod and are mainly dealt with CPU and Memory(RAM). “Request” specifies the minimum resource allocated to container which is reserved whether the container actually uses or not. And…
While creating a docker image, we might need to use secrets for various purposes like:
There mostly, there are two ways for using secrets:
In this post we will dig into various ways of using the secrets along with the operation from security perspective. So, please read till the end to get idea of various ways. Here is the git repo with all Dockerfiles used in this post: https://github.com/dwdraju/docker-build-time-secrets
ENV MY_SECRET superSecret
CMD tail -f /dev/null
I often get question: How much will it cost to learn Kubernetes? There are various options, providers and tools for creating a cluster including cloud and in local system. Before diving into GKE(Google Kubernetes Engine), I would like to present other few options which are good for starting phase but may not give a good glimpse of connecting points.
Minikube is popular one but I started to fall in love with microk8s not only because of its easy installation(
snap install microk8s) but also it provides easy integration with Istio as well out of the box. …
Github Package Registry, announced in early 2019 is a fully Github integrated package management service where we can store package of npm, gem, mvn, nuget, gradle. By the effective usage of Github Actions and Package, we can build a good flow of release and package.
In this post, we are going to deal with the whole lifecycle of a npm package. Here’s what we will achieve:
We have come up with this new way of knowledge sharing platform where we will be writing weekly updates in the DevOps community and industry. If you want to share your interesting reads and learning, feel free to mention us. Enjoy this first weekly reading!
Helm Graduation: Helm, a package manager for Kubernetes has graduated from the incubating level as a CNCF project. Helm makes it super easy for installation, upgrade, and deletion of bundles of Kubernetes resource definitions. Also, it makes redistribution of application easier, you can consider it as Docker :). Read more on: https://helm.sh/blog/celebrating-helms-cncf-graduation/