RSInfoMinds

  1. What are the key differences between a Deployment and a StatefulSet in Kubernetes? -> Deployment is stateless(nothing stored), StatefulSet stores data in the volume to process. -> Deployment pod name does not follow order, StatefulSet follows ordering of numbers. -> Deployment pod scaling are random, StatefulSet pod scaling follows strict order (new to old). -> Replaced pod get new name, StatefulSet pod gets the same name. -> Rolling updates can be fast and parallel, stateful deployments are ordered and controlled. 2. How would you safely perform a node upgrade in a Kubernetes cluster? -> Considering the question refers to node in Data plane. -> Cordon the node first to mark it as SCHEDULING DISABLED. -> Drain the node to let the pods to be created across other nodes. -> While draining we can ignore "daemon-sets". kubectl cordon: Prevent New Pods - Purpose: Marks a node as unschedulable. - Effect: No new pods will be scheduled on the node. - Ex...

  The AWS service most commonly associated with immutable deployments is AWS Elastic Beanstalk . Immutable deployment is often confused with blue/green deployment strategy. The word immutable means something that is unchanging over time or unable to be changed . It’s often used to describe things that are fixed, permanent, or resistant to modification. Let's say your application is deployed as below: So, we have a load balancer with a target group attached to a auto scaling group and there are 3 instances serving traffic for an application version1. Now, you want to deploy application of version2 without any downtime using Immutable deployment strategy.  This starts by creating a another ASG with one instance deployed with application version2. At this moment, there are totally 4 instances. And the load balancer routes traffic to all the 4 instances in round robin fashion. Once the new instances look good, ASG count on v2 version increased by 2 and the ASG count on v1 is s...

  Amazon CloudFront is a content delivery network (CDN)  service. You can speed up the delivery of static files using HTTP or HTTPS protocols. Each CloudFront distribution has a unique  cloudfront.net   domain name that can be used to reference objects through the global network of edge locations. AWS CloudFront uses a global network of edge locations for content delivery. You can also monitor and receive notifications on the operational performance of CloudFront distributions using CloudWatch, and track trends in data transfer and requests checking the usage charts. Lets start by creating a S3 bucket and I upload a image. Now, lets create a CDN. Next, I select S3 as my Origin. Origin refers to where my actual content exists. Select the bucket which we created earlier. Next, Enable the option of " Allow private S3 bucket access to CloudFront". This updates the S3 bucket policy to ensure the S3 objects are accessible only from CDN. We are do...

  RUN - Specify commands to make changes to your Image and subsequently the Containers started from this Image. This includes updating packages, installing software, adding users, creating an initial database, setting up certificates, etc. These are the commands you would run at the command line to install and configure your application. Let's start with a basic dockerfile , where we are building an image with ubuntu as base image. Let's build the image. The size of the image which we build is "78.1" MB. I am going to install packages like "curl", "wget" on the base image. Now, the image size has increased from 78MB to 136MB. RUN command add another layer to the base image. RUN is primarily used for software installation and any configuration changes. ENTRYPOINT - Must be used if you want to start or a define a container main application or command. It always runs regardless of an additional CMD parameters. This image is build using base "a...

  etcd is a "strongly consistent , distributed key-value store". Why etcd? 1. Consistency : Since the API server is the central coordination point of the entire cluster; strong consistency is essential. It would be a disaster if, say, two nodes tried to attach the same persistent volume over iSCSI because the API server told them both that it was available. 2. Availability: API downtime means that the entire Kubernetes control plane comes to a halt, which is undesirable for production clusters. The  CAP theorem  says that 100% availability is impossible with strong consistency, but minimizing downtime is still a critical goal. 3. Consistent Performance: The API server for a busy Kubernetes cluster receives a fair amount of read and write traffic. The secret behind etcd's balance of strong consistency and high availability is the  Raft algorithm . Raft solves a particular problem: how can multiple independent processes decide on a single value for somethin...

  In the previous blog we saw about role and role binding. In this post, we will see how to create a user and group. Technically, there is no concept called "User" and "Group" in K8s.   But, K8s provides ways to authenticate an external user/group with K8s. In this blog, we will see how to use certificate based authentication. Below are steps to onboard a user: 1) Create a private key. 2) Create a certificate signing request (CSR) using the above private key. 3) Generate a CSR request. 4) Approve the CSR request. 5) Extract the approved CRT file from the approved CSR request. 6) Build the config file. When we create a CSR, we mention the USERNAME and GROUPNAME . Let's see practically. Generating a private key. I am going to create a user called " demouser ". Now, we have the private key. Using that we are going to create a CSR. Note the highlighted portion, which is the subject where CN(Common Name) refers to username and O(Organization) refers to grou...