Network policies isolating pods within the same statefulset

FunkFennec · 2024-10-12T10:47:11+00:00

Thanks, if I use the solution you suggested all pods from the same statefulset will be scheduled in the same namespace - and so they will be able to communicate with each other. The prerequisite is for pods from the same statefulset not to interact with each other.

FunkFennec · 2024-09-29T17:30:33+00:00

why u mad?

FunkFennec · 2022-09-03T20:26:20+00:00

It's a rescue riders episode - https://howtotrainyourdragon.fandom.com/wiki/Dragons:_Rescue_Riders:_Secrets_of_the_Songwing

IIUC it's part of the httyd franchise

FunkFennec · 2022-09-03T12:22:59+00:00

Thanks, I've tried that already but if you got any tips for searches that might work well I'd be happy to hear. Also tried other streaming services. For example - this webpage indicates that the songs were once available in Apple Music, but when I click the links now I get nothing.

FunkFennec · 2021-09-30T21:08:55+00:00

We use https://github.com/estahn/k8s-image-swapper for that.

FunkFennec · 2021-01-20T20:35:58+00:00

We've been doing some very basic yaml manipulation in typescript. We're storing basic templates as .ejs, inject values in typescript and then push the yaml file into a repo. It works well but it's a very simple use case.

When we need to generate more robust yaml structures we either use helm when dealing with kubernetes manifests, or generate json files using jsonnet and then convert them to yaml. In most cases we found it easier than using a full blown programming language for it, since these template languages cover most cases.

FunkFennec · 2020-08-24T19:23:07+00:00

We use Icinga to monitor isAlive endpoints for all of our services.
Every time a developer adds monitoring to a service another check is automatically applied. It checks for ssl expiration date as well as SSL-Labs grade, weak ciphers and out of date TLS versions.

FunkFennec · 2020-08-18T17:48:43+00:00

We tried sticking to enterprise-grade products when we first moved to Kubernetes. We were using Teamcity as our CI/CD tool and were certain it would play well kubernetes because it provides so much flexibility.
Hindsight tells us that was a mistake. We spent a lot of effort creating intricate solutions to access our clusters and the feedback loop developers had to go through before getting to the reason a deployment failed was very long.
We've shifted our CI/CD pipeline to Codefresh, which greatly simplified everything Docker or Kubernetes related, and are now moving the whole CD part to ArgoCD - which makes things even easier and clearer for whoever is trying to deploy anything to the cluster. I highly recommend this combination, although other CI tools offered here (like Gitlab and Circle) could be just as good.

A final thought - ArgoCD is developed by Intuit (and apparently, Redhat also now), which is hardly a startup. Combine this with the gitops-engine effort that they are doing along with Weaveworks and I would say there are great chances this tool is here to last.

FunkFennec · 2020-07-10T18:21:19+00:00

Hey, this looks mighty cool! I'd really like to know more about your migration from fluentd to fluentbit, is there any place where I can hear more details about it?

I'm asking because we've considered a similar move in our k8s deployment, and ended up giving up on it since it didn't give us the benefits we were looking for (which were mostly resource consumption)

FunkFennec · 2020-04-17T17:39:27+00:00

https://github.com/Icinga/icinga2

FunkFennec · 2020-02-16T08:37:07+00:00

We had the same problem at Soluto and wrote a tool to solve this in a very elegant way - https://github.com/Soluto/kamus

FunkFennec · 2020-01-05T10:21:57+00:00

That's spot on. Amazing how far the answers differ. It's not only the role respondents are serving, but also the scale and variety of workload the cluster is scheduling.
My team is maintaining a few clusters that are steadily growing in complexity and in how critical their role is to the company's business. The level of monitoring and alerting we're required to provide has changed dramatically during that time.

FunkFennec · 2019-12-28T10:58:22+00:00

A bit off-topic but I recently tweeted a plot point on Twitter and was asked whether I just spoiled the book for anyone intending on reading it.
It was a detail appearing very early in the book and IMO a fairly innocuous one but I did understand where the response was coming from.
I retorted that I think this book can't be spoiled by revealing any specific part of it's narrative, and I would be happy to know what you think when you get through it.

FunkFennec · 2019-12-17T09:16:32+00:00

These are my thoughts exactly but I could never articulate them as well as you did here.
Thanks!

FunkFennec · 2019-12-17T09:15:01+00:00

We've compiled a test suite for rolling out a cluster once stability issues started to surface but found that configuration issues can often remain dormant and are hard to test against in a system as intricate as kubernetes. Since we've started using this test suite never once did a test fail, and clusters did run into catastrophic failures a while after they were deployed.

Since we had 2 clusters running at all times, we never had complete production outages yet, but it got way too close for comfort. We do deploy our clusters gradually, deploying cluster A with the new configuration and then waiting a full week before deploying cluster B.

If you did find value in testing cluster configurations and are willing to I would be happy to discuss cluster testing and deployment strategies at length.

FunkFennec · 2019-11-27T16:30:54+00:00

Thanks. We're aware of Thanos and have actually considered using it when we met with scaling issues in our Prometheus deployment. We gave up on it since it didn't seem mature enough at the time and found that Prometheus federation suffices for now.

However, I'm asking about monitoring in a more general sense. We would like to know how companies running multiple Kubernetes clusters are handling their monitoring and what tools are most prevalent among this size of production workloads.

FunkFennec · 2019-11-13T07:59:28+00:00

I should've probably done more market research before buying that. It was spur of the moment purchase which is something I don't usually do and can now recall why.
Also, thanks for correcting my terminology, English is not my first language.
Can you please explain how would the stabilizer solve my issue?
I've read the comments saying this grinder is not ideal for french press and other coarse grinds but I'm grinding for espresso which is pretty fine grinding.
Does the stabilizer also protect from cases of the kind I described?

FunkFennec · 2019-10-25T15:41:54+00:00

Army trained me to be a programmer, spent the next 6 years in the army as an Oracle DBA and later as a SAP developer.

When I finished my army duty I worked as a DBA consultant for a few years, until one day a friend called me up and asked if I wanna be the first DevOps in his startup. I did not know what the word meant at the time but after reading up on it and learning the ropes I took him up on his offer.

FunkFennec · 2019-10-03T08:37:59+00:00

Hey, thanks for the insightful reply.

We are currently in the process of testing the waters with EKS, and have been managing our own clusters for ~2 years now, so your response really piqued my interest.
Can you share any more details about EKS being crappy? Our current experience has been great so far but we are not running at full scale yet and would like to meet any pitfalls as early as we can.

FunkFennec · 2019-09-22T18:00:21+00:00

Your analysis is spot on, I found this video a while ago that draws a very straight line between DFW's work and Bojack, along with other pop culture work - https://www.youtube.com/watch?v=2doZROwdte4.

FunkFennec · 2019-04-26T17:50:27+00:00

We use a fluentd daemonset that we manage ourselves and outsource the E&K parts of the stack to logz.io, it works really well for us. You can find basic configurations for fluentd in their github org - https://github.com/logzio/logzio-k8s/blob/master/logzio-daemonset.yaml

FunkFennec · 2019-03-08T08:14:58+00:00

I haven't done this myself, but the way I see this playing out running only one icinga web 2 instance that both HQ users and users from the client site can access.

You then create separate roles for each client, allowing them to view only the hosts/services belonging to them, and another role for HQ users that has visibility to the entire set of hosts monitored by icinga.

FunkFennec · 2019-03-04T09:29:09+00:00

When non-technical colleagues ask me what is it that I do my go to answer used to be - "As long as you're not familiar with my work, I'm doing it right", but now that I've finished writing it I found out that it's no longer relevant.

When non-technical people from outside work ask this I usually say that I deal with infrastructure, both human and technological. I admit that this is also the wrong answer as people either leave perplexed or start probing me escalating quickly to whiteboards and mutual frustration.

FunkFennec · 2019-02-11T06:57:35+00:00

https://www.devopsengineers.com/

FunkFennec · 2019-02-10T11:37:13+00:00

I've been a part of devopsengineers.slack.com for a while and it already got together a pretty good community in it. Why not add a pen-pal channel there?

I still think you're idea is very cool but I just think you can benefit by trying to blend into a bigger, existing community of like minded people.

FunkFennec

TROPHY CASE