Gunaseela Perumal M’s Post

We’ve just published our newest Linkerd Edge Release Roundup, covering all the latest and greatest new features, bugfixes, and other changes happening in the Linkerd repo over the past few weeks. #linkerd #servicemesh #opensource #cloudnative

I added a regular proxmox module for normal VM deployment using cloudinit. This module utilizes count for a more efficient module declaration. #terraform #proxmox #cloudinit #homelab

Starts with Troubleshooting Day:2 Real time troubleshooting in Kubernetes ---------------------------------------------------------------------------------- Error: Insufficient resources to schedule pod Troubleshooting: ▪ Check resource requests and limits in the pod specification. ▪ Verify node resources using kubectl describe node. o Example Commands: kubectl describe pod <pod-name> kubectl describe node <node-name> ------------------------------------------------------------------------------- Error: ImagePullBackOff o Troubleshooting: ▪ Verify the image name and availability. ▪ Check image pull credentials using kubectl describe pod. o Example Commands: kubectl describe pod <pod-name> kubectl get pods --namespace <namespace> - o=jsonpath='{.items[*].status.containerStatuses[*].state}'

Front-end devs, please test your code for memory leakage. Right now LinkedIn is chewing up > 1Gb regularly and YahooMail is even worse. Looks like some devs aren't letting go of subscriptions or other dangling references. Here's an article on memory profiling: https://lnkd.in/e4sG_EPN For particularly troublesome third-party leakage (hint: google maps) you may get some benefits from WeakMap usage: https://lnkd.in/eYtU_YkM Please stop crashing my browser :)

How to prevent unsigned Docker images from being pulled

𝗪𝗵𝗮𝘁 𝗶𝘀 𝗮 𝗦𝗶𝗱𝗲𝗰𝗮𝗿 𝗖𝗼𝗻𝘁𝗮𝗶𝗻𝗲𝗿?           On a motorcycle, a sidecar is a small compartment attached to the side of a motorcycle and it provides extra passenger space. In Kubernetes, a sidecar container is a separate container that runs alongside the main application container within the Kubernetes pod.           Unlike a motorcycle sidecar, it doesn't directly carry passengers/perform application functions. Instead, it provides essential 𝙨𝙪𝙥𝙥𝙤𝙧𝙩 𝙛𝙪𝙣𝙘𝙩𝙞𝙤𝙣𝙨 𝙛𝙤𝙧 𝙩𝙝𝙚 𝙢𝙖𝙞𝙣 𝙖𝙥𝙥𝙡𝙞𝙘𝙖𝙩𝙞𝙤𝙣, such as logging, security, and monitoring.           Sidecar Containers enable 𝙢𝙤𝙙𝙪𝙡𝙖𝙧 𝙖𝙣𝙙 𝙙𝙚𝙘𝙤𝙪𝙥𝙡𝙚𝙙 approach, by separating additional functionalities into sidecars and the main application container focuses on core functions. This simplifies the development and also provides a 𝙧𝙚𝙪𝙨𝙖𝙗𝙡𝙚 𝙘𝙤𝙙𝙚 that can be attached to any other main application without duplicating the efforts. 𝗦𝗶𝗱𝗲𝗰𝗮𝗿 𝗖𝗼𝗻𝘁𝗮𝗶𝗻𝗲𝗿 𝗡𝗮𝗺𝗲𝘀𝗽𝗮𝗰𝗲𝘀: 𝗦𝗵𝗮𝗿𝗶𝗻𝗴 𝘃𝘀. 𝗜𝘀𝗼𝗹𝗮𝘁𝗶𝗼𝗻           Linux Namespaces play a key role in container isolation and understanding how these are shared vs isolated between the side & main container is important. 𝗦𝗵𝗮𝗿𝗲𝗱 𝗡𝗮𝗺𝗲𝘀𝗽𝗮𝗰𝗲𝘀:           🔶 𝙎𝙩𝙤𝙧𝙖𝙜𝙚: Both the sidecar and main container share the storage namespace. This allows them to access the same volumes for data persistence.           🔶 𝙉𝙚𝙩𝙬𝙤𝙧𝙠: They also share the network namespace, enabling communication through localhost. This simplifies communication between the containers for tasks like logging or monitoring. 𝘿𝙚𝙙𝙞𝙘𝙖𝙩𝙚𝙙 𝙉𝙖𝙢𝙚𝙨𝙥𝙖𝙘𝙚𝙨:           Sidecar containers run with their 𝙙𝙚𝙙𝙞𝙘𝙖𝙩𝙚𝙙 𝙪𝙨𝙚𝙧 𝙖𝙣𝙙 𝙥𝙧𝙤𝙘𝙚𝙨𝙨𝙚𝙨 𝙣𝙖𝙢𝙚𝙨𝙥𝙖𝙘𝙚 to maintain a clear separation from the main container. 𝗦𝗶𝗱𝗲𝗰𝗮𝗿 𝘂𝘀𝗲 𝗰𝗮𝘀𝗲𝘀           🔶 𝙇𝙤𝙜𝙜𝙞𝙣𝙜 𝙖𝙣𝙙 𝙢𝙤𝙣𝙞𝙩𝙤𝙧𝙞𝙣𝙜: Sidecar containers can handle log aggregation, log rotation, and forwarding the logs to centralized systems like Elasticsearch or Splunk. They can also collect metrics/traces and export them to observability platforms such as Prometheus.           🔶 𝙎𝙚𝙘𝙪𝙧𝙞𝙩𝙮 𝙖𝙣𝙙 𝘼𝙪𝙩𝙝𝙚𝙣𝙩𝙞𝙘𝙖𝙩𝙞𝙤𝙣: Sidecar containers can handle security-related tasks such as SSL termination, authentication, and authorization. They can implement protocols like OAuth, JWT, or OpenID Connect to secure communication between services.           🔶 𝙎𝙚𝙧𝙫𝙞𝙘𝙚 𝙈𝙚𝙨𝙝 𝙄𝙣𝙩𝙚𝙜𝙧𝙖𝙩𝙞𝙤𝙣: Sidecar containers are a crucial component of service mesh implementations like Istio. They handle traffic management, load balancing, circuit breaking, and secure communication between services, offloading these responsibilities from the main application. #kubernetes #Container #SRE #Containerization

sigstore to sign permitted container images per namespace is a welcome feature. This allows for approved artifacts to run in a namespace, reduce chances for outages, unauthorized, or other unpredicatble events. You would have test, stage, prod, and promote the artifact through CD pipelines by adjusting policies. Or you can had tenant namespaces, wherebcustomers can have a role in what is approved to run in their namespace. Of course this needs to be tooled in by talented experts, no shoetcuts.

Explore how Kubernetes gathers and uses APM tool metrics for resource optimization with Prometheus, CAdvisor, and Kube-State-Metrics. In this video, Reid Vandewiele breaks down how these metrics work together under the hood to help manage your clusters effectively. 📺 https://lnkd.in/eH8vedKV

#Day 21 of #365daysofcodescaler Problem: longest increasing subsequence!(medium) #scalerdiscord #codewithscaler #365daysofcodescaler #365daysofcode

Improve your Kubernetes Performance