Using k8s kind "rootlessly" without Docker

So you probably already heard the news Docker Desktop is no longer free. While this mostly affect macOS and Windows users and I use Pop!_OS, I still would like to see if we can get by without Docker at all. I’ve been using nerdctl for quite awhile now and while nerdctl mostly fill my needs for docker CLI, I “kinda” need kind CLI to create test cluster for testing purpose. However kind still needs docker.

Làm quen với Pod Security Admission (PSA)

K8s 1.22 giới thiệu Pod Security Admission (sau này gọi tắt là PSA) phiên bản alpha, để thay thế cho Pod Security Policy (PSP). Bài viết này sẽ hướng dẫn qua cách bạn setup PSA và sử dụng PSA 1 cách cơ bản nhất. Enable PSA Để cho mục đích lab đơn giản, mình sẽ sử dụng kind để tạo 1 cluster local. Mình sẽ tạo 1 cluster và enable PSA lên với config như sau

kubectl run generators removed

Đây là merged pull request liên quan. Tóm tắt lại, trước đây nếu cần tạo deployment, bạn chỉ cần kubectl run nginx --image=nginx:alpine --port=80 --restart=Always Tính năng này được sử dụng rất nhiều vì 1 minimal deployment YAML khá dài. Đây là ví dụ apiVersion: apps/v1 kind: Deployment metadata: name: nginx labels: app: nginx spec: replicas: 1 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:alpine ports: - containerPort: 80 Trước đây, để tạo 1 deployment và expose thì chỉ cần đơn giản 2 lệnh là

Using Synology NFS as external storage with Kubernetes

For home usage, I highly recommend microk8s. It can be installed easily with snap. I’m not sure what’s the deal with snap for Ubuntu desktop users but I’ve only experience installing microk8s with it. And so far, it works well for the purpose. Initially, I went with Docker Swarm because it’s so easy to setup but Docker Swarm feels like a hack. Also, it seems Swarm is already dead in the water.

Debugging Kubernetes: Unable to connect to the server: EOF

We had an EC2 instance retirement notice email from AWS. It was our Kubernetes master node. I thought to myself: we can simply just terminate and launch a new instance. I’ve done it many times. It’s no big deal. However, this time, when our infra engineer did that, we were greeted with this error when trying to access our cluster. Unable to connect to the server: EOF All the apps are still fine.

Kubernetes-hosted application checklist (part 1)

At work, we’ve been running Kubernetes (k8s) in production for almost 1 year. During this time, I’ve learnt a few best practices for designing and deploying an application hosted on k8s. I thought I might share it today and hopefully it will be useful to newbie like me. Liveness and readiness probes Liveness probe: check whether your app is running Readiness probe: check whether your app is ready to accept incoming request Liveness probe is only check after the readiness probe passes.

Kubernetes-hosted application checklist (part 2)

This part is about how to define constraint to the scheduler on where/how you want your app container to be deployed on the k8s cluster. Node selector Simpleast form of constraint for pod placement. You attach labels to nodes and you specify nodeSelector in your pod configuration. When to use you want to deploy redis instance to memory-optimized (R3, R4) instance group for example. Affinity and anti-affinity Affinity and anti-affinity is like nodeSelector but much more advanced, with more type of constraints you can apply to the default scheduler.

Setting up traefik as Ingress controller for Kubernetes

Just my own experience setting up traefik as Ingress controller on Kubernetes. Install helm brew install kubernetes-helm Init helm helm init Install traefik chart with helm Download the default values.yaml file and edit it depends on your needs. Then issue the below command. I want to install it to kube-system namespace hence the --namespace kube-system. helm install --name my-traefik --namespace kube-system --values values.yaml stable/traefik If you make a mistake and want to remove it