A multi-tenant cluster is shared by multiple users and/or workloads which are referred to as “tenants”. The operators of multi-tenant clusters must isolate tenants from each other to minimize the damage that a compromised or malicious tenant can do to the cluster and other tenants. Also, cluster resources must be fairly allocated among tenants.
There are many articles discussing multi-tenancy on Kubernetes clusters. Typically, Kubernetes Namespace is used for setting up multi-tenancy in Kubernetes clusters. …
VirtualBox is a free and open-source hosted hypervisor for x86 virtualization, developed by Oracle Corporation. I used it for running a VM of Windows on my MacOS. But Windows kept eating disk spaces and 50GB becomes inadequate recently.
Therefore I have to enlarge the disk size of my VM but it is not straightforward since the size is not configurable in the setting of VirtualBox.
Kubernetes Patterns, like Design Patterns, abstracts Kubernetes primitives into some repeatable solutions to solving problems.
This post is to introduce Declarative Deployment pattern, which mostly focuses on the Kubernetes’ Deployment resource. The following points would be discussed:
Declarative Deployment pattern encapsulates the upgrade and rollback processes of a group of containers and makes its execution a repeatable and automated activity.
A cloud-native application or service are commonly deployed in multiple Pods in order for high availability. …
You might have various kinds of resources in the AWS account, such as EC2, S3, RDS, DocumentDB, etc and you always don’t want to expose public accesses for them, so how would you or developers access to them securely?
The Bastion server is a common solution which is like a recipient or front desk of your private resources in AWS. It makes sure the visitor is authorized or authenticated to access the office or the people inside the building.
A bastion host is a server whose purpose is to provide access to a private network from an external network, such…
Kubernetes Patterns, like Design Patterns, abstracts Kubernetes primitives into some repeatable solutions to solving problems. Here is the previous post for an introduction of Kubernetes Patterns in details.
Predictable Demands pattern is about how the application requirements should be declared.
The requirement for a container running in Kubernetes are mostly including runtime dependencies (like file storage) and resource profiles (CPU, Memory, etc).
File storage is one of the typical runtime dependencies of applications for saving states. …
I browsed lots of online resources and instructions to setup Kuberhealthy with Prometheus and Grafana together on a local Kubernetes environment like Minikube, but unfortunately, none of them works for me.
Most of the instructions and articles listed installation steps for each of them but seldom showed the steps for:
There are some extra steps needed for most cases after you installed them and this post would…
This article introduces a network issue I met when I was using Minikube as a developing environment for running and testing Kuberhealthy locally and how I did troubleshooting about it.
The phenomenon is the Pod running a KHCheck (a customized resource in Kuberhealthy, like a probe, running tests and reporting results back to Kuberhealthy service) was unable to send the result back to the Kuberhealthy service in the same namespace of a Kubernetes cluster on Minikube. The details are illustrated in the section of Issue below.
Before starting, I just clarify my environment first:
OS: macOS Catalina version 10.15.7 Minikube…
This article is talking about the book of Kubernetes Patterns, Reuseable Elements for Designing Cloud-Native Applications by Bilgin Ibryam & Roland Huß.
As a developer with cloud-native applications, I can’t wait for sharing my ideas about this book. Like the book of Design Patterns: Elements of Reusable Object-Oriented Software by the Gang of Four, this book introduces some common use cases, best practices and principles for Kubernetes. No matter what kind of Kubernetes you are working on, managed (by cloud platforms, eg: AWS, GCP, etc.) or on-premise, it could be definitely helpful.
I would try to summarize the points I…
Dockerfile is the basic concept for building Docker images. It is better to understand it if you want to dig into Docker image building scenarios a bit more deeply.
Dockerfile is a text file that contains a list of commands (instructions), which describes how a Docker image is built based on them. The command
docker build tells Docker to build the image by following the content (instructions) inside the Dockerfile.
Dockerfile starts with a
FROM command which indicates the base image. The subsequent commands in the Docker file are executed on the base image which must be a valid image.
When I tried something with Docker volume, I wanted to check the volume contents from the host file system. Here is the command I used to create the container with a data volume specified:
docker container run -it --name mycntnr -v /mydata ubuntu:latest /bin/bash
Then, I also created 3 empty file in the volume /mydata:
touch a b c
However, I followed the instruction to check the volume from the Docker host system (my Mac OS) with the following command:
sudo screen ~/Library/Containers/com.docker.docker/Data/vms/0/tty
It returned me a message of “Operation not permitted” and then quitted from the screen. …