• Dealing with zombie processes in containers

    3 min read

    zombie container init golang

    When we run a process in a container, it becomes the init process. This means that it is responsible for reaping any child processes that exit. If it doesn't do this, they become zombies.

    Having some zombies are not a problem, but if you have too many of them, you can run out of resources (PIDs, memory, disk space...). This is what is going to cause issues in your host system: the zombies won't be a problem, but the resources they consume will.

    02/10/2024

    Read more...
  • Build container images (and push them to a registry) in Kubernetes with Tekton

    5 min read

    tekton build push Kubernetes

    We can build containers from within a Kubernetes cluster using Kaniko using Pods or use some framework to streamline the process such as Shipwright that uses tekton pipelines to actually run the process. We can skip Shipwright and create directly tekton pipelines.

    04/01/2023

    Read more...
  • Build container images (and push them to a registry) on Kubernetes

    3 min read

    shipwright docker build Kubernetes

    Shipwright is a framework that allow us to build container images and push them to remote registries from within a Kubernetes clusters. It supports popular tools such as Kaniko, Cloud Native Buildpacks and Buildah

    30/05/2022

    Read more...
  • Building container images on Kubernetes with Kaniko

    3 min read

    kaniko docker build Kubernetes

    When trying to build container images on Kubernetes we might be tempted to use the Docker in Docker approach: To do this you'll need to:

    • Run a docker daemon on the nodes, either as a service or as a container runtime (which it is deprecated since 1.20)
    • Allow the Pod to communicate with docker's socket

    This approach is considered a security risk and it should be avoided.

    As alternative, we can use kaniko: It is a tool to build container images inside containers (hence, Kubernetes clusters)

    04/04/2022

    Read more...
  • How to build a multi architecture container using rootless nerdctl

    3 min read

    nerdctl rootless buildkit

    One of the great things about using nerdctl is that it does not try to include everything you might need. This means that if you try to build a container using nerdctl you'll realize you still need to install the buildkit (unless you have installed the "nerdctl-full" version)

    Moreover it's something you don't actually need to have installed locally:

    $ nerdctl build --help | grep buildkit
    Build an image from a Dockerfile. Needs buildkitd to be running.
          --buildkit-host string     BuildKit address [$BUILDKIT_HOST] (default "unix:///run/user/1000/buildkit/buildkitd.sock")
    

    09/02/2022

    Read more...

From pet to cattle
Treat your kubernetes clusters like cattle, not pets