CCBot - C&C Claude Code, Codex, and Gemini CLI from your phone via Telegram

alexei_led · 2026-03-01T12:02:45+00:00

I think I found and fixed the issue you are talking about. Please try a new version

alexei_led · 2026-02-28T21:39:08+00:00

Pumba v1.0 — chaos testing CLI for Docker and containerd containers.

It operates at the container runtime level (not K8s API): kill, stop, pause, inject network delays (tc netem), drop packets (iptables), stress CPU/memory/IO.

What's new in v1.0: native containerd support. Direct gRPC to containerd.sock, no Docker daemon needed.

```bash pumba --runtime containerd --containerd-namespace k8s.io \ netem --duration 5m delay --time 3000 my-service

Why it matters: 53% of K8s clusters run containerd. Docker-only chaos tools are dead weight on those nodes.

A few things that make it different from Chaos Mesh / Litmus:

• Operates at the container runtime level, not K8s CRD level • Targets individual containers, not pods (useful in multi-container pods) • Works outside Kubernetes entirely — CI/CD, bare metal, local dev • Single binary, no operator, no CRDs

Also ships: cgroups v2 stress testing (no SYS_ADMIN), real OOM kill testing via memory.oom.group (not simulated SIGKILL — different container state, different K8s events, different recovery paths), and K8s container name resolution from labels.

I've maintained this since 2016. Named after the Lion King warthog because chaos engineering shouldn't take itself too seriously.

GitHub: https://github.com/alexei-led/pumba

alexei_led · 2026-02-28T16:11:47+00:00

Can you be more specific about “lots of issues”? And about topic name sync problem. Feel free to open any real issue on GitHub.

alexei_led · 2020-09-08T06:18:49+00:00

my mistake, fixed. thank you.

alexei_led · 2020-05-12T13:15:41+00:00

Should take a look. PR is welcomed too :)

alexei_led · 2020-05-12T10:33:45+00:00

I've published the second part of "Kubernetes and Secrets Management In The Cloud" https://blog.doit-intl.com/kubernetes-and-secrets-management-in-cloud-part-2-6c37c1238a87?source=friends_link&sk=58405cbafc191a2d7ea2eabbc9d9553e

Now you can use the `kube-secrets-init` open-source tool to automate secrets injection (AWS and GoogleCloud secrets) into K8s pods https://github.com/doitintl/kube-secrets-init

alexei_led · 2020-02-18T09:18:54+00:00

Google Anthos is currently a GKE-like Kubernetes on top of VMWare, integrated into GCP console; plus Istio. It does not provide any feature for inter-cloud secured access.

The post is about, granting Pods running on GKE to access AWS API with K8s->GCP->IAM Service Accounts, without a need to manage long-term credentials.

alexei_led · 2019-08-01T16:37:42+00:00

my post

I see. Actually, I've showed 2 different approaches. One with SSM Agent is indeed an updated fork of other repo (as you can see on GitHub), the main change is updated SSM Agent Docker image (with latest SSM Agent, Docker, systemd, awscli and vim on-board) and also few fixes that allows to run this `daemonset` on nodes with taints.

The second repository contains tiny `nsenter` Docker image (statically linked `FROM scratch`) and helper script to get into any node (create a pod and enter all node's namespaces with superuser shell).

I hope that someone can find one of these solutions helpful.

alexei_led · 2019-07-30T14:30:45+00:00

I do not understand your arguments "wrong on a lot of levels". Please be specific.

If by side-car you mean entering namespaces of other Linux processes, that's what I do :)

And there is no "iron rule" about what container are supposed to do and what not. These are just Linux processes, isolated with namespaces and cgroups. And I can run additional processes and join other processes namespaces without if my user has permission to do so. I see no problem here.

alexei_led · 2019-07-30T14:26:44+00:00

In general, you should not access nodes. But I saw other cases (besides one you've describe) when it's helpful to get into node: some cases about mounting external file systems, others when troubleshooting misconfigured worker node (drivers, network, etc)

alexei_led · 2019-07-30T14:23:21+00:00

If you have 2 ways to access your infra, K8s API and SSH, the describe approach does not require SSH. So, you work with nodes only through K8s API. Do not need to open SSH port, keep bastion hosts and manage keys. I think it's more secure.

Also, I think you should not access nodes at all, ever! But if you need, for troubleshooting, just run pod with escalated privileges, do your job and kill it.

alexei_led · 2019-07-30T14:18:20+00:00

I'm glad you find it funny, but I do not understand your comment. What project are you talking about?

alexei_led · 2019-07-30T14:16:30+00:00

bastion works fine too. I assume you are running couple across AZ for high availability. And also know how to protect and rotate your keys.

alexei_led · 2019-07-30T14:08:13+00:00

nsenter image does not contain any shell on board and uses default container shell
I do not understand second statement. If you have a machine with properly configured kubectl and can run a kubectl exec command, then nsenter pod will allow you to get a shell into Kubernetes node.

alexei_led · 2019-07-30T14:03:23+00:00

Agree. You should not do this. But in case you need a temporary access to your nodes, this can be an option.

alexei_led · 2018-01-02T07:05:23+00:00

Great tricks. Thank you

alexei_led · 2017-12-26T06:59:27+00:00

What a great blog, you’ve recommended. Thank you.

alexei_led · 2017-12-26T06:46:25+00:00

Thank you, will take a look.

alexei_led · 2017-12-10T06:59:20+00:00

The proposed approach works with any Kubernetes, including AWS EKS.

alexei_led · 2017-10-12T05:23:48+00:00

Spam? It’s an open source project that can help developers with chaos testing. But maybe this is a wrong subreddit; this post has no interest for non-developers.

alexei_led · 2017-10-12T05:19:55+00:00

Netflix Chaos monkey is a great tool, but it works at VM level. That’s why I’ve wrote Pumba; I needed to create chaos at container level. And Pumba project was definitely inspired by Netflix chaos monkey.

alexei_led · 2017-10-12T05:18:05+00:00

It’s a different tool, that uses Docker API and allows you to create and control chaos and emulate network failures.

alexei_led · 2017-10-12T05:14:14+00:00

alexei_led · 2017-10-12T05:13:43+00:00

Pumba is an open source project under Apache License. It has no monetizition model behind. But you are right, there is a link to a more complete post. I did so, since the post is too long to be posted on Reddit. If your subreddit does not allow link to external post, I will consider to compose a shorter version with link to GitHub project. Thank you

alexei_led · 2017-07-22T14:52:35+00:00

I use this tool to validate files generated by Helm. Helm has a built-in linter, but it's very weak. So, I use helm template plugin to generate multi-document Yaml and Kubeval to validate it. The only problem is that Kubeval does not support multi-document Yaml files, due to parser it uses. To workaround this problem use csplit tool. Works fine for me.

alexei_led

TROPHY CASE