kubernetes (k8s)

Tags: computers, distributed systems

• https://github.com/ramitsurana/awesome-kubernetes
• https://k8s.af/
• https://deploy.live/blog/kubernetes-networking-problems-due-to-the-conntrack/

Tracing

• Need

  securityContext: capabilities: add:

  • SYS_PTRACE

  added to the pod to allow for strace and ptrace to work. Example:

  
  apiVersion: v1
  kind: Pod
  metadata:
    name: <POD_NAME>
    namespace: default
  spec:
    containers:
      image: <IMAGE>
      imagePullPolicy: IfNotPresent
      name: web
      command: ["/bin/sleep"]
      args: ["1000000"]
      securityContext:
        capabilities:
          add:
  ​        - SYS_PTRACE
      ports:
  ​    - containerPort: 80
        name: http
        protocol: TCP
      resources:
        limits:
          cpu: "40"
          memory: 100G
        requests:
          cpu: "38"
          memory: 100G
      terminationMessagePath: /dev/termination-log
      terminationMessagePolicy: File
      volumeMounts:
  ​    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
        name: kube-api-access-qtpks
        readOnly: true
  

Kubernetes get all logs for pods of a specific type

Kube 1.24 and 1.25 major changes

• https://kubernetes.io/blog/2022/04/07/upcoming-changes-in-kubernetes-1-24/
• https://kubernetes.io/blog/2022/08/04/upcoming-changes-in-kubernetes-1-25/

Things to worry about

• volumesnapshot?

Cloud Native postgres

• https://cloudnative-pg.io/

Kubeshark (API traffic analyzer for kube)

• https://github.com/kubeshark/kubeshark

BSD Jails vs cgroups and namespaces

• BSD jails, solaris zones, and linux cgroups + namespaces all do the same thing
• Containers are built on top of cgroups and namespaces