Quick links to my most popular articles
----- Kubernetes -----Run Kubernetes On Your MachineCreate Pods With Imperative CommandsK3s Cluster Made Easy With Multipassk0s: Kubernetes in a Single BinaryUsing a ServiceAccountGive Access To Your Cluster With A Client CertificateEtcd: The Brain Of A Kubernetes ClusterBackup and Restore Etcd----- Docker -----About /var/run/docker.sockRunning a Container With a Non Root UserAbout <none> imagesClean Up Your Local Machine
Scroll down to see the latest ones…
Let’s focus on the application and forget about Kubernetes internals and complexity
If you are a developer, chances are you have already been asked to deploy your applications on a Kubernetes cluster. You have probably figured out this is not an easy task, especially if you don’t know Kubernetes that much. Kubernetes is a huge beast, and knowing how to define (YAML all the way) and manipulate the basic resources it offers (Pod, Deployment, Service, ConfigMap, Secret, …) is not straightforward, left alone the more advanced resources (NetworkPolicies, RBAC related ones, …).
Today there is no doubt Kubernetes is the solution of choice to run containerized applications. But, as a developer, most…
Several ways to deploy an application in Kubernetes
In this article we will use the VotingApp, a sample microservices application, to illustrate several of the ways an application can be deployed in a Kubernetes cluster:
The VotingApp
The VotingApp is an application created by Docker, it is mainly used to illustrate Docker and Kubernetes functionalities. This application follows a microservices architecture, it is made of five services as illustrated in the schema below.
An easy way to discover and play with Rook on the local machine
In a previous article, we presented Rook and used it to set up a HA Ceph cluster. In this new article, we will install Rook on a single node K3s cluster as it’s a good way to get started with this great CNCF project.
Setup of the k3s cluster
For the purpose of this article, we will use local VM provisioned on VirtualBox using Vagrant. The Vagrantfile below defines:
- the configuration of the VM that will be created: the Linux distribution used, its IP address (192.168.33.10), the amount of RAM (2G), the addition of a disk with a capacity of 10G
- setting up K3s and…
An intuitive graphical tool to define complex network policies
Cilium, the eBPF-based networking solution, just released a web editor to facilitate the creation of Kubernetes network policies. In this article, we will demo the tool and use it to define a sample network policy.
A Quick Presentation of Cilium and eBPF
“Cilium is an open source project that has been designed on top of eBPF to address the networking, security, and visibility requirements of container workloads. It provides a high-level abstraction on top of eBPF.” — Cilium blog
Cilium has a wide application domain and is commonly used as a CNI plugin in Kubernetes, as illustrated in the following schema:
Using another container runtime for better isolation and security
As not all pods can be trusted, this article will show different options to enhance process isolation through the usage of container runtimes other than the default one (runc). We will use Kubernetes k0s distribution to illustrate all of this. If you do not know k0s, you can find a quick introduction in this article.
Create a K0s Cluster
In the introduction article, we detailed the steps needed to easily setup a k0s cluster. …
Get familiar with some key concepts of cluster management
This article offers a back-to-basics approach to help you understand several actions that can be done on a cluster’s nodes.
Our Test Cluster
Let’s consider a newly created kubeadm cluster containing one master and two worker nodes:
$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-1 Ready control-plane,master 18m v1.20.0
k8s-2 Ready <none> 18m v1.20.0
k8s-3 Ready <none> 18m v1.20.0First, we will install Kubernetes Operational View (aka kube-ops-view). This application is very handy for seeing all the pods running in a cluster at a glance. There are currently 14 pods running:
- Two of them are in the default namespace and are…
An example showing how kube-proxy plays with iptables
The Kubernetes network proxy (aka kube-proxy) is a daemon running on each node. It basically reflects the services defined in the cluster and manages the rules to load-balance requests to a service’s backend pods.
Demystifying the usage of CNI plugins
When setting up a Kubernetes cluster, the installation of a network plugin is mandatory for the cluster to be operational. To keep things simple, the role of a network plugin is to set up the network connectivity so Pods running on different nodes in the cluster can communicate with each other. Depending upon the plugin, different network solutions can be provided: overlay (vxlan, IP-in-IP) or non-overlay.
To simplify the usage of a network plugin, Kubernetes exposes the Container Network Interface (aka CNI) so any network plugin that implements this interface can be used.
Kubernetes also allows the usage of kubenet…
A first look into the Vanilla Stack, a new open-source-only, cloud-native stack based on Kubernetes
A couple of weeks ago, I stumbled upon the Vanilla Stack, a technology stack based on Kubernetes and embedding many great open source components. In this article, which is mainly a presentation of the stack, we will quickly go through the installation process showing the different options available.
Vanilla Stack — A Gentle Introduction
The Vanilla Stack can be defined as a Kubernetes cluster shipped with many open source components.
Among the different solutions provided out of the box are:
- Rook to manage distributed storage (filesystem, block, object)
- OpenStack offering infrastructure as a service (IaaS)
- Cloud Foundry offering a platform as a service (PaaS)
The following…
Luc Juggery
Docker & Kubernetes trainer (CKA / CKAD), 中文学生, Learning&Sharing
