Posts

There are a myraid of ways to deploy Kubernetes clusters these days. Kubernetes the Hard Way Cluster API Kubeadm Kubespray kops Those are just a few of the ways and I’m sure you’ll have a favorite. But for the work I’ve been doing lately, I don’t want to spend a bunch of time cloning repos, updating configs, running ansible scripts and the like, just to get another clean kubernetes cluster in my lab to break. So, I took the individual parts of a Kubernetes build and created a list of ordered jobs in my Jenkins server. ...

Deploying Kubernetes clusters may be the biggest hurdle in learning Kubernetes and one of the challenges in managing Kubernetes. ClusterAPI is a project designed to ease this burden and make the management and deployment of Kubernetes clusters simpler. The Cluster API is a Kubernetes project to bring declarative, Kubernetes-style APIs to cluster creation, configuration, and management. It provides optional, additive functionality on top of core Kubernetes. kubernetes-sigs/cluster-api This post is designed to dive into ClusterAPI to investigate how it works, and how you can use it. ...

In the traditional server world, we’ve taken great lengths to ensure that we can micro-segment our servers instead of relying on a few select firewalls at strategically defined chokepoints. What do we do in the container world though? This is where network policies come into play. Network Policies - The Theory In a default deployment of a Kubernetes cluster, all of the pods deployed on the nodes can communicate with each other. Some security folks might not like to hear that, but never fear, we have ways to limit the communications between pods and they’re called network policies. ...

In programming, we sometime set breakpoints as a way of debugging our code. Maybe a small piece of our routine isn’t functioning optimally and we want the program to pause, part way through, so we can identify the issues with that one section of code. These breakpoints might be great for coding, but we can apply this to our own lives as well. I’ve recently switched jobs and between ending my previous job and starting the new one, I took some time off. My own personal breakpoint where I paused the larger routine (in this metaphor, the routine is my work life) so that I could focus on pieces of my life that might need more attention. ...

I’m not going to lie to you, as of the time of this writing, maybe the biggest hurdle to learning Kubernetes is getting a cluster stood up. Right now there are a myriad of ways so stand up a cluster, but none of them are really straight forward yet. If you’re interested in learning how Kubernetes works, and just want to setup a basic cluster to poke around in, this post is for you. ...

So Long AHEAD I have been fortunate to work for a fantastic company the past five and half years. While starting at AHEAD I had ambitions to be a top caliber VMware expert and work with people who would challenge me. Part of my decision to join the AHEAD team was to see how good I really was. AHEAD had plenty of talent and three VCDXs when I started and I needed to know how I stacked up. In the end, I think I did OK. ...

If you’ve just gotten started with Kubernetes, you might be curious to know how the desired state is achieved? Think about it, you pass a YAML file to the API server and magically stuff happens. Not only that, but when disaster strikes (e.g. pod crashes) Kubernetes also makes it right again so that it matches the desired state. The mechanism that allows for Kubernetes to enforce this desired state is the control loop. The basics of this are pretty simple. A control loop can be though of in three stages. ...

I don’t know about you, but I learn things best when I have a visual to reference. Many of my posts in this blog are purposefully built with visuals, not only because I think its helpful for the readers to “get the picture”, but also because that’s how I learn. Kubernetes can feel like a daunting technology to start learning, especially since you’ll be working with code and the command line for virtually all of it. That can be a scary proposition to an operations person who is trying to break into something brand new. But last week I was introduced to a project from VMware called Octant, that helps visualize whats actually going on in our Kubernetes cluster. ...

DaemonSets can be a really useful tool for managing the health and operation of the pods within a Kubernetes cluster. In this post we’ll explore a use case for a DaemonSet, why we need them, and an example in the lab. DaemonSets - The Theory DaemonSets are actually pretty easy to explain. A DaemonSet is a Kubernetes construct that ensures a pod is running on every node (where eligible) in a cluster. This means that if we were to create a DaemonSet on our six node cluster (3 master, 3 workers), the DaemonSet would schedule the defined pods on each of the nodes for a total of six pods. Now, this assumes there are either no taints on the nodes, or there are tolerations on the DaemonSets. ...

Today Sysdig announced a new update to their Cloud Native Visibility and Security Platform, with the release of Sysdig Secure 2.4. The new version of the Secure product includes some pretty nifty enhancements. Runtime profiling with machine learning - New containers will be profiled after deployment to give insights into the processes, file system activity, networking and system calls. Once the profiling is complete, these profiles can be used to create policy sets for the expected behavior. Sysdig also offers a confidence level of the profile. Consistent behavior generating a higher confidence level whereas variable behavior would have a lower level. ...