Steps to prepare single control plane image is quite simple:
One unanswered question is: How to add additional control plane nodes and worker nodes which required tokens and certificates to be preset when joining the cluster?
Continue reading Build Kubernetes control plane image with PackerI have published practical guide to Kubernetes Certified Administration exam https://github.com/vorozhko/practical-guide-to-kubernetes-administration-exam
If your are also working on preparation to Kubernetes Certified Administration exam lets combine our efforts by sharing the practical side of exam.
There are many possible root causes why control plane might become unavailable. Lets review most common scenarios and mitigation steps.
Mitigation steps in this article build around AWS public cloud features, but all popular public cloud offerings have similar functionality.
Benefits are:
Disadvantages are:
Conclusions:
Middleware is a function which wrap http.Handler to do pre or post processing of the request.
Chain of middleware is popular pattern in handling http requests in go languge. Using a chain we can:
Go context package help to setup communication between middleware handlers.
Continue reading Go http middleware chain with context packageegrep -c ‘(svm|vmx)’ /proc/cpuinfo
An output of 1 or more indicate that CPU can use virtualization technology.
sudo kvm-ok
Output “KVM acceleration can be used. ” indicate that the system has virtualization enabled and KVM can be used.
Continue reading How to enable minikube kvm2 driver on Ubuntu 18.04There are several ways to inject istio sidecar configuration into Pods. For example: automated injection, YAML/JSON deployment update, using Helm or Kustomize and update of existing live deployment. We will look into each of them.
Istio uses ValidatingAdmissionWebhooks for validating Istio configuration and MutatingAdmissionWebhooks for automatically injecting the sidecar proxy into user pods.
For automatic side car injection to work admissionregistration.k8s.io/v1beta1 should be enabled:
$ kubectl api-versions | grep admissionregistration.k8s.io/v1beta1
admissionregistration.k8s.io/v1beta1Step two is to verify MutatingAdmissionWebhook and ValidatingAdmissionWebhook plugins are listed in the kube-apiserver –enable-admission-plugins. That can be done by cluster administrators.
Continue reading Istio sidecar injectionThere are two main objectives:
Kubernetes namespaces help to setup boundaries between groups of users and applications in a cluster.
To make it more pleasant and secure for your users to work in shared cluster Kubernetes has a number of policies and controls.
RBAC primary objective is authorize users and applications to do specific operations in the namespace or in whole cluster. Use RBAC to give your users enough permissions in the namespace, so they can do day to day operations on their own.
Network Policy control how pods can communicate with each other. Use it to firewall traffic between namespaces or inside namespace to critical components like Databases.
My journey with Kubernetes started with Google Kubernetes Engine then one year later with self managed kuberntes and then with migration to Amazon EKS.
EKS as a managed kubernetes cluster is not 100% managed. Core tools didn’t work as expcted. Customers expectation was not aligned with functions provided. Here I have summarized all our experience we gained by running EKS cluster in Staging.
To run EKS you still have to:
In bookmarks – production readiness checklist.
Very good job by Gruntwork !