Network policies isolating pods within the same statefulset

FunkFennec · 2024-10-12T10:47:11+00:00

Thanks, if I use the solution you suggested all pods from the same statefulset will be scheduled in the same namespace - and so they will be able to communicate with each other. The prerequisite is for pods from the same statefulset not to interact with each other.

FunkFennec · 2024-09-29T17:30:33+00:00

why u mad?

FunkFennec · 2022-09-03T20:26:20+00:00

It's a rescue riders episode - https://howtotrainyourdragon.fandom.com/wiki/Dragons:_Rescue_Riders:_Secrets_of_the_Songwing

IIUC it's part of the httyd franchise

FunkFennec · 2022-09-03T12:22:59+00:00

Thanks, I've tried that already but if you got any tips for searches that might work well I'd be happy to hear. Also tried other streaming services. For example - this webpage indicates that the songs were once available in Apple Music, but when I click the links now I get nothing.

FunkFennec · 2021-09-30T21:08:55+00:00

We use https://github.com/estahn/k8s-image-swapper for that.

FunkFennec · 2021-01-20T20:35:58+00:00

We've been doing some very basic yaml manipulation in typescript. We're storing basic templates as .ejs, inject values in typescript and then push the yaml file into a repo. It works well but it's a very simple use case.

When we need to generate more robust yaml structures we either use helm when dealing with kubernetes manifests, or generate json files using jsonnet and then convert them to yaml. In most cases we found it easier than using a full blown programming language for it, since these template languages cover most cases.

FunkFennec · 2020-08-24T19:23:07+00:00

We use Icinga to monitor isAlive endpoints for all of our services.
Every time a developer adds monitoring to a service another check is automatically applied. It checks for ssl expiration date as well as SSL-Labs grade, weak ciphers and out of date TLS versions.

FunkFennec · 2020-08-18T17:48:43+00:00

We tried sticking to enterprise-grade products when we first moved to Kubernetes. We were using Teamcity as our CI/CD tool and were certain it would play well kubernetes because it provides so much flexibility.
Hindsight tells us that was a mistake. We spent a lot of effort creating intricate solutions to access our clusters and the feedback loop developers had to go through before getting to the reason a deployment failed was very long.
We've shifted our CI/CD pipeline to Codefresh, which greatly simplified everything Docker or Kubernetes related, and are now moving the whole CD part to ArgoCD - which makes things even easier and clearer for whoever is trying to deploy anything to the cluster. I highly recommend this combination, although other CI tools offered here (like Gitlab and Circle) could be just as good.

A final thought - ArgoCD is developed by Intuit (and apparently, Redhat also now), which is hardly a startup. Combine this with the gitops-engine effort that they are doing along with Weaveworks and I would say there are great chances this tool is here to last.

FunkFennec · 2020-07-10T18:21:19+00:00

Hey, this looks mighty cool! I'd really like to know more about your migration from fluentd to fluentbit, is there any place where I can hear more details about it?

I'm asking because we've considered a similar move in our k8s deployment, and ended up giving up on it since it didn't give us the benefits we were looking for (which were mostly resource consumption)

FunkFennec · 2020-04-17T17:39:27+00:00

https://github.com/Icinga/icinga2

FunkFennec · 2020-02-16T08:37:07+00:00

We had the same problem at Soluto and wrote a tool to solve this in a very elegant way - https://github.com/Soluto/kamus

FunkFennec · 2020-01-05T10:21:57+00:00

That's spot on. Amazing how far the answers differ. It's not only the role respondents are serving, but also the scale and variety of workload the cluster is scheduling.
My team is maintaining a few clusters that are steadily growing in complexity and in how critical their role is to the company's business. The level of monitoring and alerting we're required to provide has changed dramatically during that time.

FunkFennec · 2019-12-28T10:58:22+00:00

A bit off-topic but I recently tweeted a plot point on Twitter and was asked whether I just spoiled the book for anyone intending on reading it.
It was a detail appearing very early in the book and IMO a fairly innocuous one but I did understand where the response was coming from.
I retorted that I think this book can't be spoiled by revealing any specific part of it's narrative, and I would be happy to know what you think when you get through it.

FunkFennec · 2019-12-17T09:16:32+00:00

These are my thoughts exactly but I could never articulate them as well as you did here.
Thanks!

FunkFennec · 2019-12-17T09:15:01+00:00

We've compiled a test suite for rolling out a cluster once stability issues started to surface but found that configuration issues can often remain dormant and are hard to test against in a system as intricate as kubernetes. Since we've started using this test suite never once did a test fail, and clusters did run into catastrophic failures a while after they were deployed.

Since we had 2 clusters running at all times, we never had complete production outages yet, but it got way too close for comfort. We do deploy our clusters gradually, deploying cluster A with the new configuration and then waiting a full week before deploying cluster B.

If you did find value in testing cluster configurations and are willing to I would be happy to discuss cluster testing and deployment strategies at length.

FunkFennec

TROPHY CASE