CKAD Prep Part 10 – Kubernetes Liveness & Readiness Probes

Kubernetes Liveness & Readiness Probes Liveness Probe A Liveness probe indicates whether or not a container is healthy and is used by Kubernetes to determine when a container should be terminated and restarted. You define your own custom criteria for determining container health. For example, if your container is running a microservice, that application will likely have a HTTP health check endpoint. The health check endpoint can be used as the Liveness probe to determine the containers health status. In other words, if the microservice is deemed healthy, the container is healthy. The Pod definition below creates a file called health.txt and write it to [...]

By |2021-06-23T22:11:17+01:00May 27th, 2021|Kubernetes|0 Comments

CKAD Prep Part 9 – Kubernetes Multi Container Pods

Kubernetes Multi Container Pods There are some use cases where you may want to run multiple containers inside the same Pod. For example, you could have a microservice running in one container that writes logs to a volume. A second container running a log agent could capture and push those logs to a centralised logging solution. In this instance both containers run inside the same Pod and work as a unit. Containers Communicating within a Pod Shared Network - containers running in the same Pod share the same network space and can access one another via localhost. In the diagram below Container 1 can access [...]

By |2021-06-23T22:12:39+01:00May 24th, 2021|Kubernetes|0 Comments

CKAD Prep Part 8 – Kubernetes Service Accounts

Kubernetes Service Accounts As a developer or a cluster admin, you interact with the Kubernetes apiserver via kubectl. A ServiceAccount is a Kubernetes object that allows an application running inside a Pod to access the Kubernetes apiserver. This is useful for applications that need to interact directly with the Kubernetes API, such as monitoring tools.  A ServiceAccount allows an application to talk to the apiserver securely with the appropriate permissions. A ServiceAccount is defined as follows. apiVersion: v1 kind: ServiceAccount metadata: name: sample-service-account The ServiceAccount itself is of little use unless you associate it with a set of roles. To do this you'll need to create a [...]

By |2021-06-23T22:14:21+01:00May 17th, 2021|Kubernetes|0 Comments

CKAD Prep Part 7 – Kubernetes Secrets

Kubernetes Secrets A Secret is a Kubernetes object that encapsulates sensitive data such as a password or key. A Secret can be consumed by a container so that applications can access the sensitive data at runtime. Defining a Secret A sample Secret definition is shown below. apiVersion: v1 kind: Secret metadata: name: sample-secret #stringData: #databasePassword: password11 data: databasePassword: cGFzc3dvcmQxMQ== The Secret value can be set as either a plain string or a Base64 encoded string. The example above uses the data attribute with a Base64 encoded value for the key databasePassword. Base64 encoding is useful if you want to specify binary data such as a certificate. [...]

By |2021-06-23T22:15:10+01:00May 16th, 2021|Kubernetes|0 Comments

CKAD Prep Part 6 – Container Resource Requirements

Container Resource Requirements Kubernetes allows you to specify the CPU and memory requirements for a container. As part of the Pod  spec you can specify CPU and memory requests and limits.  requests the CPU and memory resources required to run a container used by Kubernetes to decide what worker Node a Pod should be deployed to. This ensures there are sufficient resources on the Node to run the Pod.  limits an upper limit for the resource usage of a container if a container exceeds these limits it will likely be destroyed. stops individual containers monopolising resources on a Node. requests and limits are defined beneath resources [...]

By |2021-06-23T22:15:51+01:00May 10th, 2021|Kubernetes|0 Comments

CKAD Prep Part 5 – Kubernetes SecurityContexts

Kubernetes SecurityContext A SecurityContext is a Kubernetes object, defined as part of the Pod spec, that describes the privileges and access control settings for a Pod. The primary settings for a SecurityContext are runAsUser - allows you to run containers as a specified user runAsGroup - allows you to run containers as a specified group fsGroup allows you to run containers with and a specific file system group These settings can be applied at the Pod or container level. If applied at the Pod level the settings will apply to all containers in the Pod. If the SecurityContext is defined at both the Pod and [...]

By |2021-06-23T22:18:10+01:00May 10th, 2021|Kubernetes|0 Comments
Go to Top