#kubernetes (2021-01)

kubernetes

Archive: https://archive.sweetops.com/kubernetes/

2021-01-22

rei avatar

Has anyone used this flag new-pod-scale-up-delay with the cluster-autoscaler?

Matt Gowie avatar
Matt Gowie

Anyone using pritunl? Any feedback on this tool / the paid options?

I’m getting pushback from a client’s auditing team that Tailscale is not PCI compliant (still working through that with them). But I’m looking for any ammo from real experience on why not to use pritunl . I feel like I’ve heard folks discuss it here before and weigh in on pros / cons, but can’t seem to find it.

Jonathan Le avatar
Jonathan Le

Pritunl is great. I only used the OVPN side of it though. Didn’t touch Pritunl Zero.

Anyone using pritunl? Any feedback on this tool / the paid options?

I’m getting pushback from a client’s auditing team that Tailscale is not PCI compliant (still working through that with them). But I’m looking for any ammo from real experience on why not to use pritunl . I feel like I’ve heard folks discuss it here before and weigh in on pros / cons, but can’t seem to find it.

1

2021-01-20

Haroon Rasheed avatar
Haroon Rasheed

Hi All - I am trying to setup dual stack IPv6/IPv4 setup.. I am trying to use below kubeadm config file. When try to run kubeadm init with this config file I get below error. Could anyone please help on sorting out this issue and What am I doing wrong?

roth.andy avatar
roth.andy

A word of advice: If you use Shortcuts -> Create a text snippet it will let the snippet shrink so the readers aren’t overwhelmed by a wall of text.

The Shortcuts button is the one that looks like a lightning bolt when you are writing a message.

Haroon Rasheed avatar
Haroon Rasheed

Updated it.Thanks for the suggestion I was not aware of this option

Haroon Rasheed avatar
Haroon Rasheed
Haroon Rasheed avatar
Haroon Rasheed
roth.andy avatar
roth.andy

Was this config written by you or provided as an example somewhere?

Normally when setting out on doing something I’ve never done before (in this case, the dual ipv4/ipv6 stuff), I’ll start from an example on a docs website, medium article, etc that I know works (or is supposed to at least) and work my way up from there.

Haroon Rasheed avatar
Haroon Rasheed

I am not able to get any proper working config. I have built it myself by referring multiple links. Thats why wanted to confirm is this config correct?

roth.andy avatar
roth.andy

sorry, no idea

Haroon Rasheed avatar
Haroon Rasheed

hmm no probs thanks for looking into it.

roth.andy avatar
roth.andy

A quick search resulted in this article that has an example kubeadm config file (though the config file looks really small, but maybe that’s all you need to get a working cluster started that you can then add to)

How to enable IPv6 on Kubernetes (aka dual-stack cluster) attachment image

After spending three sleepless nights trying to get my Kubernetes cluster to handle IPv4 and IPv6 connections, and since there’re…

Haroon Rasheed avatar
Haroon Rasheed

I stumbled upon this one as well. Managed to deploy but during K8s Service deployment did not get IPv6..

Haroon Rasheed avatar
Haroon Rasheed

2021-01-19

2021-01-18

mfridh avatar
mfridh

In an environment with high churn pods, Prometheus metrics might get bloated with lots of quite “temporarily pod-labeled” metrics… does anyone else do something to tackle this or just live with it?

I feel a per-pod metric, outside of its deduplication purpose, is of very little interest really except possibly in a very narrow “live” monitoring sense…

Meanwhile it’s not as impactful for statefulsets, can give them a not-so-dynamic number label instead…

Asis avatar

Timeseries database?

1
mfridh avatar
mfridh

Prometheus is, yeah?

Was wondering if anyone did something creative outside of just keeping retention low in the first layer Prometheus (due to the potential amplification of number of time series caused by pod names being unique).

mfridh avatar
mfridh

Have been on Aurora too historically where it was never an issue because every instance (“pod”) was numbered rather than uniquely named so number of time series never really had a unique contributor like it does when including a pod name (which potentially can have a really high churn).

mfridh avatar
mfridh

Node IPs would be a factor if those are included in labels but that’s also a bit of a limited problem because nodes are usually from a limited IP pool and thus would also see re-use rather than being uniquely fabricated.

2021-01-15

2021-01-14

Pierre-Yves avatar
Pierre-Yves

Hello, can someone share experience on ArgoCD ? or similar product ?

Issif avatar
Issif
How we scaled our staging deployments with ArgoCD attachment image

How do we deploy a full environment composed of ~100 containers in around 3 minutes?

4
1
kskewes avatar
kskewes

Thanks, will read. How do people promote? Separate MR with semver to use? Seems… toilsome?

Pierre-Yves avatar
Pierre-Yves

thanks @Issif

Issif avatar
Issif

@kskewes we deploy last version in master branch, the ref is the commit id

2021-01-12

2021-01-11

johntellsall avatar
johntellsall

I just took the CKAD certification exam! Ask me anything! (The material is under NDA, so I can’t be specific, but general is okay)

6
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Congrats!

1
kskewes avatar
kskewes

Way to go. Did you work through Linux foundation training course? I’m wondering what gaps I might have as just started study for it (bought course and exam on discount). Been running managed k8s for company couple years now and kubespray etc at home too.

joey avatar

yeah, what was your study program, if any?

johntellsall avatar
johntellsall

Recently I took the Certified Kubernetes Application Developer (CKAD). I used a number of things to study:

Learning Path: Certified Kubernetes Application Developer (CKAD) Prep Course attachment image

Microservices architecture is one of the hottest areas of application development today, particularly for cloud-based enterprise-scale applications. The benefits of building applications using small, single-purpose services are well documented and…

bmuschko/ckad-prep

Exercises demonstrated as part of the video course “Certified Kubernetes Application Developer (CKAD) Prep Course” published by O’Reilly Media. - bmuschko/ckad-prep

johntellsall avatar
johntellsall
The Linux Foundation

The Linux Foundation online learning classes

dgkanatsios/CKAD-exercises

A set of exercises to prepare for Certified Kubernetes Application Developer exam by Cloud Native Computing Foundation - dgkanatsios/CKAD-exercises

johntellsall avatar
johntellsall

You have to be FAST. I wasn’t enough, I didn’t pass Which is cool, I want my passing grade to mean something when I re-take it

johntellsall avatar
johntellsall

@kskewes if you study AND you’ve been using K8s for a while you might be okay

johntellsall avatar
johntellsall

I’m now building another Study Path, focusing on about 50/50 AWS and Kubernetes, with focus on real-world developer/devops experience. Yesterday was AWS Lightsail. Did you know you can now use it with containers? For me Lightsail isn’t useful but I was very happy to learn what it’s useful for in comparison with other tools.

kskewes avatar
kskewes

Thanks heaps John!

johntellsall avatar
johntellsall

you’re welcome, good luck!

1

2021-01-10

2021-01-08

2021-01-07

2021-01-06

sarkis avatar
sarkis

TIL … https://medium.com/better-programming/amazon-eks-is-eating-my-ips-e18ea057e045, was wondering where all our IP addresses were going

Amazon EKS Is Eating My IPs! attachment image

Understand how AWS EKS manages IP addresses and what you can do about it

2
slack1270 avatar
slack1270

Easy workaround: just use IPv6-only k8s clusters and AWS VPCs.

Amazon EKS Is Eating My IPs! attachment image

Understand how AWS EKS manages IP addresses and what you can do about it

slack1270 avatar
slack1270

Oh, wait.

sarkis avatar
sarkis

I got in touch with support - they also recommended tuning MINIMUM_IP_TARGET and WARM_IP_TARGET on the aws-node daemonset as another option. Downside of this option is the risk of the EC2 api calls may get throttled if not set properly or there is a lot of pod churn.

joey avatar

kind of related.. i thought i’d posted this in here but i don’t see it? https://ec2throughput.info/ https://github.com/jfreeland/ec2-network-monitor <- i use datadog and these metrics from ethtool aren’t being exposed by dd agent yet

2
sarkis avatar
sarkis

Interesting - is it possible to get number of IPs used from these metrics?

sarkis avatar
sarkis

I don’t see that in ethtool

sarkis avatar
sarkis

I might just not be looking hard enough though

joey avatar

no i don’t think you can get the number of ip’s unfortunately

joey avatar

it’s only “kind of” related

joey avatar

but relevant to ec2/eks networking in general

joey avatar

and something that bit me in december and amazon only announced that ethtool is surfacing these metrics on december 10

2021-01-05

2021-01-04

2021-01-02

2021-01-01

    keyboard_arrow_up