Try   HackMD

Office Hours for May 2020

West Side Edition

Q: I've got a storageClass that I initially set with ReclaimPolicy=Delete, trying to edit the resource to "Retain" doesn't seem to work, do I need to recreate the class then or am I doing something wrong?
A: NerdyShawn

https://github.com/digitalocean/csi-digitalocean/issues/126

Q: What approach would you take to a large "jump" update of Kubernetes version? We run bare metal clusters that are still on v1.13.x, and are ready for an update. I recently read a recommendation that clusters should be rebuilt from scratch for situations like this, transferring data with something like Velero. Any other recommendations?
A: Tim Hunter

https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.16.md#deprecations-and-removals
https://relnotes.k8s.io/

Q: Anyone running Kubernetes at home; what kind of storage do you recommend using? Nfs , iscsi, hostpath? What is most suitable for those kind of workloads?
A: meauses

From: Aamir
Q:clusterIP type services in minikube
I have a microservice and I have a helm chart to deploy it. There is a service defined for it as well that exposes a port for udp packets. This works well in a proper K8S cluster.
I can see the service using kubectl.
I can also see that under the hood that ipvs is properly configured on the worker node
I can ping the service ip from within the pod
Unfortunately this doesnt work well when i do helm install in my local testing env that uses minikube. I can list the service using "kubectl get services". But beyond that nothing works. I cant ping the service ip from within the pod. and I realized that I dont have ipvs installed so :
How does minikube implement service under the hood ? Do services work better in micro8s or any other variant for local testing?
A:
kubectl port-forward , kubectl port-forward <pod_name> <local-port>:<pod-port>

From: Nathan. 4
Q:if you're currently using helm, and starting a move to kustomize, is there anything that you feel helm is better for than kustomize. for example perhaps elasticsearch for helm, and kustomize for your custom services.
A:
https://github.com/thomastaylor312/advanced-helm-demos/tree/master/post-render
https://operatorhub.io/
https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-upgrading-eck.html

From: Juan

Q:Hey there! How i can scheduler diferents pods in diferents nodes by metrics. For example: I don’t want more than 3 pods in the same node? I don’t wan’t to use daemonset. Please help me, i have lot of night with out sleep. haha
A:
https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/

Q: Following up; where do you run databases if not kube?
A: dbentley

From: Kelly 7
Q: What is your opinions on NodeGroups in multiple availability zones? Should NodeGroups just be on one AZ? Pros and Cons? I have EKS in 3az and therefore each NG has three AZ
A:

From: Jim Angel:
Q: Anyone using Vault / KMS seamlessly in CI/CD (or GitOps) with k8s. Using Vault Agent Auto-Auth, mutating webhooks, or?
A:

Links:

https://cloud.google.com/compute/docs/disks#repds
https://cloud.google.com/kubernetes-engine/docs/how-to/persistent-volumes/regional-pd
https://containo.us/maesh/
https://servicemesh.es/
https://www.thoughtworks.com/radar/platforms/istio
https://martinfowler.com/articles/microservices.html
https://www.thoughtworks.com/radar/platforms/kubernetes
https://www.thoughtworks.com/radar/techniques/service-mesh
https://istio.io/
https://github.com/linkerd/linkerd2/blob/master/SECURITY_AUDIT.pdf
https://github.com/Kong/kuma
https://www.consul.io/docs/k8s
https://kubernetes-sigs.github.io/service-apis/
https://github.com/goharbor/harbor/issues/8082
https://github.com/kubernetes-sigs/service-apis
https://github.com/kubernetes/kubernetes/issues/67577
https://www.slideshare.net/try_except_/optimizing-kubernetes-resource-requestslimits-for-costefficiency-and-latency-highload
https://medium.com/omio-engineering/cpu-limits-and-aggressive-throttling-in-kubernetes-c5b20bd8a718
https://status.quay.io/incidents/db87fh7b3s83
https://github.com/kubernetes/ingress-nginx/blob/c1ed6db4687f7ec004dcb9e1b5ab007f66eb09b5/docs/how-it-works.md#building-the-nginx-model
https://www.openpolicyagent.org/docs/latest/kubernetes-tutorial/
https://stackoverflow.com/a/39756233
https://spot.io/

https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
https://github.com/digitalocean/csi-digitalocean/issues/126
https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.16.md#deprecations-and-removals
https://relnotes.k8s.io/
https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
https://docs.tilt.dev/choosing_clusters.html
https://github.com/thomastaylor312/advanced-helm-demos/tree/master/post-render
https://operatorhub.io/
https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-upgrading-eck.html
https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ https://github.com/kubernetes/enhancements/blob/master/keps/sig-scheduling/20190926-default-even-pod-spreading.md
http://www.databasesoup.com/2018/07/should-i-run-postgres-on-kubernetes.html
https://learnk8s.io/how-many-clusters
https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler
https://github.com/FairwindsOps/goldilocks
https://www.openshift.com/blog/how-full-is-my-cluster-part-4-right-sizing-pods-with-vertical-pod-autoscaler
https://www.sonatype.com/nexus-repository-oss
https://docs.docker.com/ee/dtr/

Last changed by 
Kubernetes
Production grade container orchestration, made with love
0
386

Read more

Lessons Learned from 3 years of Kubernetes Office Hours

Date: 23 August 2020 Authors: Jorge Castro (VMware), Josh Berkus (Red Hat), Chris Carty (Google), Dan &quot;POP&quot; Papandrea (Sysdig), David McKay (Equinix Metal) Today we celebrate three years of the Kubernetes Office Hours. This is a monthly event where we take a panel of volunteers, stick them on a live stream, and then see how many questions we can field from the community. I started the show for one reason. I had recently started my Kubernetes journey and was learning all these new concepts while rewiring my traditional sysadmin brain to be more cloud native. So the idea was if I&apos;m going to dig into this stuff and bother my new coworkers with silly questions, we might as well do it together and on the air to share our experiences and do it in a way that is fun and useful for others. Give away some tshirts, fame and fortune would surely follow. After 65 episodes we&apos;ve decided to take a look at some of the more common problem areas that we&apos;ve been tackling, and put together a quick summary for you on things where you might want to invest your attention. You will find many articles on &quot;Top X things to know about Kubernetes&quot;. We&apos;ve specifically avoided those and went back into our archives because what people think you need to know and what you actually need to know can be different.

Mar 18, 2021
Office Hours Feb 2021

EU Edition Panelists Person: Andrew Question: We&apos;re writing a controller with controller-runtime, and trying to use the Generation/ObservedGeneration pattern to avoid reconciling if there isn&apos;t any change (not using the predicate provided by controller-runtime for that purpose yet though). My question is how can that work with the possibility of a stale cache? When we write the ObservedGeneration to the Status of our CR, it triggers another reconcile immediately, but in some cases, the cache is stale and the CR it &quot;Get&quot;s still has the old Status, and therefore the old ObservedGeneration. What is the recommended strategy of dealing with this? Thanks! Person: Simone Baracchi Question: I&apos;d like to configure my small cluster as &quot;highly available&quot; with no single master / single point of failure and make the best use of all the cluster resources. My current plan is to make 3 nodes run as masters and be able to schedule pods on the masters. From my research the issues in doing so are 1) security issues about sensitive data on master which could be read from malicious pods and 2) pods competing for resources (especially in case of a node failure). I&apos;m not too concerned about security atm, and I can think of limiting the max number of pods / resources used. Is there any other red flag in doing so? Person: Jesper Berg Axelsen

Feb 17, 2021
Contributors Awards Ceremony Playbook

awards/ README.md -- list of everyone playbook.md Kubernetes has a tradition of yearly peer awards. These are commonly handed out during the end-of-year Contributor Summit. The CNCF typically has awards as part of KubeCon + CloudNativeCon, the Kubernetes awards are a compliment to those, and are meant to be peer awards. Ideals and Values Typically each SIG will nominate two(2) recipients for an award.

Feb 12, 2021
Office Hours January 2021

EU Edition Panelists Rachel Leekin, Chris Carty, Dan POP Papandrea, Saiyam Pathak Person: Mostafa Elmenbawy (https://kubernetes.slack.com/archives/C6RFQ3T5H/p1609991530274100?thread_ts=1607960423.257700&amp;cid=C6RFQ3T5H) Question: What is recommended for on premise production cluster spanning multiple hosts? Answer:

Jan 20, 2021
Read more from Kubernetes
Published on HackMD