What is Istio?
It is a completely open source service mesh that layers transparently onto existing distributed applications. It is also a platform, including APIs that let it integrate into any logging platform, or telemetry or policy system. Istio’s diverse feature set lets you successfully, and efficiently, run a distributed microservice architecture, and provides a uniform way to secure, connect, and monitor microservices.
Istio is used more and more with Kubernetes for networking management, including service discovery, load balancing, traffic routing, etc. This is very useful when implementing A/B testing, canary rolling update, rate limit, access control, etc.
Istio traffic management is good…
Can you imagine someday your Kubernetes cluster on AWS EKS running into a problem that IP addresses are exhausted? Even though you assigned a CIDR block large enough to host all of Pods, but IP address range of the CIDR block might not be that large as you thought. That is the situation what I met in one of our Kubernetes clusters recently.
After doing some research online, I am not alone with it and this could be considered as a common issue for AWS EKS Kubernetes clusters. …
CODEX
0. What is multi-tenancy?
A multi-tenant cluster is shared by multiple users and/or workloads which are referred to as “tenants”. The operators of multi-tenant clusters must isolate tenants from each other to minimize the damage that a compromised or malicious tenant can do to the cluster and other tenants. Also, cluster resources must be fairly allocated among tenants.
There are many articles discussing multi-tenancy on Kubernetes clusters. Typically, Kubernetes Namespace is used for setting up multi-tenancy in Kubernetes clusters. …
VirtualBox is a free and open-source hosted hypervisor for x86 virtualization, developed by Oracle Corporation. I used it for running a VM of Windows on my MacOS. But Windows kept eating disk spaces and 50GB becomes inadequate recently.
Therefore I have to enlarge the disk size of my VM but it is not straightforward since the size is not configurable in the setting of VirtualBox.
CODEX
Kubernetes Patterns, like Design Patterns, abstracts Kubernetes primitives into some repeatable solutions to solving problems.
Preposts
This post is to introduce Declarative Deployment pattern, which mostly focuses on the Kubernetes’ Deployment resource. The following points would be discussed:
- Rolling Update
- Fixed Update
- Blue-Green Release
- Canary Release
What is Declarative Deployment Pattern?
Declarative Deployment pattern encapsulates the upgrade and rollback processes of a group of containers and makes its execution a repeatable and automated activity.
Why Use It?
A cloud-native application or service are commonly deployed in multiple Pods in order for high availability. …
CODEX
You might have various kinds of resources in the AWS account, such as EC2, S3, RDS, DocumentDB, etc and you always don’t want to expose public accesses for them, so how would you or developers access to them securely?
The Bastion server is a common solution which is like a recipient or front desk of your private resources in AWS. It makes sure the visitor is authorized or authenticated to access the office or the people inside the building.
A bastion host is a server whose purpose is to provide access to a private network from an external network, such…
CODEX
Kubernetes Patterns, like Design Patterns, abstracts Kubernetes primitives into some repeatable solutions to solving problems. Here is the previous post for an introduction of Kubernetes Patterns in details.
Prefix
Kubernetes Patterns: 0. Introduction
What is Predictable Demands Pattern?
Predictable Demands pattern is about how the application requirements should be declared.
The requirement for a container running in Kubernetes are mostly including runtime dependencies (like file storage) and resource profiles (CPU, Memory, etc).
Runtime Dependencies
File storage is one of the typical runtime dependencies of applications for saving states. …
CODEX
I browsed lots of online resources and instructions to setup Kuberhealthy with Prometheus and Grafana together on a local Kubernetes environment like Minikube, but unfortunately, none of them works for me.
Most of the instructions and articles listed installation steps for each of them but seldom showed the steps for:
- How to connect Kuberhealthy and Prometheus? That means how to configure Kuberhealthy service to send metrics to Prometheus service successfully.
- How to configure Grafana dashboard to display the Kuberhealthy metrics collected by Prometheus.
There are some extra steps needed for most cases after you installed them and this post would…
This article introduces a network issue I met when I was using Minikube as a developing environment for running and testing Kuberhealthy locally and how I did troubleshooting about it.
The phenomenon is the Pod running a KHCheck (a customized resource in Kuberhealthy, like a probe, running tests and reporting results back to Kuberhealthy service) was unable to send the result back to the Kuberhealthy service in the same namespace of a Kubernetes cluster on Minikube. The details are illustrated in the section of Issue below.
Before starting, I just clarify my environment first:
OS: macOS Catalina version 10.15.7 Minikube…This article is talking about the book of Kubernetes Patterns, Reuseable Elements for Designing Cloud-Native Applications by Bilgin Ibryam & Roland Huß.
As a developer with cloud-native applications, I can’t wait for sharing my ideas about this book. Like the book of Design Patterns: Elements of Reusable Object-Oriented Software by the Gang of Four, this book introduces some common use cases, best practices and principles for Kubernetes. No matter what kind of Kubernetes you are working on, managed (by cloud platforms, eg: AWS, GCP, etc.) or on-premise, it could be definitely helpful.
I would try to summarize the points I…
