So Long AHEAD I have been fortunate to work for a fantastic company the past five and half years. While starting at AHEAD I had ambitions to be a top caliber VMware expert and work with people who would challenge me. Part of my decision to join the AHEAD team was to see how good I really was. AHEAD had plenty of talent and three VCDXs when I started and I needed to know how I stacked up. In the end, I think I did OK. ...
If you’ve just gotten started with Kubernetes, you might be curious to know how the desired state is achieved? Think about it, you pass a YAML file to the API server and magically stuff happens. Not only that, but when disaster strikes (e.g. pod crashes) Kubernetes also makes it right again so that it matches the desired state. The mechanism that allows for Kubernetes to enforce this desired state is the control loop. The basics of this are pretty simple. A control loop can be though of in three stages. ...
I don’t know about you, but I learn things best when I have a visual to reference. Many of my posts in this blog are purposefully built with visuals, not only because I think its helpful for the readers to “get the picture”, but also because that’s how I learn. Kubernetes can feel like a daunting technology to start learning, especially since you’ll be working with code and the command line for virtually all of it. That can be a scary proposition to an operations person who is trying to break into something brand new. But last week I was introduced to a project from VMware called Octant, that helps visualize whats actually going on in our Kubernetes cluster. ...
DaemonSets can be a really useful tool for managing the health and operation of the pods within a Kubernetes cluster. In this post we’ll explore a use case for a DaemonSet, why we need them, and an example in the lab. DaemonSets - The Theory DaemonSets are actually pretty easy to explain. A DaemonSet is a Kubernetes construct that ensures a pod is running on every node (where eligible) in a cluster. This means that if we were to create a DaemonSet on our six node cluster (3 master, 3 workers), the DaemonSet would schedule the defined pods on each of the nodes for a total of six pods. Now, this assumes there are either no taints on the nodes, or there are tolerations on the DaemonSets. ...
Today Sysdig announced a new update to their Cloud Native Visibility and Security Platform, with the release of Sysdig Secure 2.4. The new version of the Secure product includes some pretty nifty enhancements. Runtime profiling with machine learning - New containers will be profiled after deployment to give insights into the processes, file system activity, networking and system calls. Once the profiling is complete, these profiles can be used to create policy sets for the expected behavior. Sysdig also offers a confidence level of the profile. Consistent behavior generating a higher confidence level whereas variable behavior would have a lower level. ...
One of the best things about Kubernetes, is that I don’t have to think about which piece of hardware my container will run on when I deploy it. The Kubernetes scheduler can make that decision for me. This is great until I actually DO care about what node my container runs on. This post will examine one solution to pod placement, through taints and tolerations. Taints - The Theory Suppose we had a Kubernetes cluster where we didn’t want any pods to run on a specific node. You might need to do this for a variety of reasons, such as: ...
You’ve been dabbling in the world of Kubernetes for a while now and have probably noticed there are a whole lot of vendors packaging their own version of Kubernetes. You might be having a fun time comparing the upstream Kubernetes version vs the packaged versions put out by Redhat, VMware, and others. But how do we know that those packaged versions are supporting the required APIs so that all Kubernetes clusters have the same baseline of features? ...
Any system that’s going to be deployed for the enterprise needs to have at least a basic level of monitoring in place to manage it. Kubernetes is no exception to this rule. When we, as a community, underwent the shift from physical servers to virtual infrastructure, we didn’t ignore the new VMs and just keep monitoring the hardware, we had to come up with new products to monitor our infrastructure. Sysdig is building these new solutions for the Kubernetes world. ...
We’re getting into the habit of tagging everything these days. It’s been drilled into our heads that we don’t care about names of our resources anymore because we can add our own metadata to resources to later identify them, or to use for automation. But up until June 6th, AWS wouldn’t let us tag one of the most important resources of all, our accounts. On June 6th though, our cloud world changed when AWS announced that we can now add tags to our accounts through organizations. ...
The Kubernetes series has now ventured into some non-native k8s discussions. Helm is a relatively common tool used in the industry and it makes sense to talk about why that is. This post covers the basics of Helm so we can make our own evaluations about its use in our Kubernetes environment. Helm - The Theory So what is Helm? In the most simplest terms its a package manager for Kubernetes. Think of Helm this way, Helm is to Kubernetes as yum/apt is to Linux. Yeah, sounds pretty neat now doesn’t it? ...