• How kubernetes hides away the volumeMounts complexity

    If we try compare volumeMounts with the actual mounts that we have on a pod using, for example, df it can be quite confusing due to the usage of the overlay filesystem

    Let's consider the volumeMounts section of a deploy:

    $ kubectl get deploy pet2cattle -o yaml
              - mountPath: /opt/pet2cattle/conf
                name: config
              - mountPath: /opt/pet2cattle/data
                name: pet2cattle
                subPath: data
              - mountPath: /opt/pet2cattle/lib
                name: pet2cattle
                subPath: lib
              - mountPath: /tmp
                name: tmp-dir

    And compare it with the filesystem we see on the pod:

    $ kubectl exec pet2cattle-8475d6697-jbmsm -- df -hP
    Filesystem      Size  Used Avail Use% Mounted on
    overlay         100G  9.7G   91G  10% /
    tmpfs            64M     0   64M   0% /dev
    tmpfs           3.9G     0  3.9G   0% /sys/fs/cgroup
    /dev/xvda1      100G  9.7G   91G  10% /tmp
    shm              64M     0   64M   0% /dev/shm
    /dev/xvdcu       20G  2.5G   18G  13% /opt/pet2cattle/lib
    tmpfs           3.9G   12K  3.9G   1% /run/secrets/kubernetes.io/serviceaccount
    tmpfs           3.9G     0  3.9G   0% /proc/acpi
    tmpfs           3.9G     0  3.9G   0% /proc/scsi
    tmpfs           3.9G     0  3.9G   0% /sys/firmware


  • Using the nodeSelector for selecting a kubernetes cluster partition

    On a kubernetes cluster not all nodes are expected to have the same amount of resources so we might need to schedule some pods on specific nodes due to the resources they have (for example access to a GPU) or due to the network connectivity they have (for example edge nodes). Using nodeSelector we can the scheduler how we want out pods to be scheduled


  • kubernetes: Pods can be composed of multiple containers

    One common misunderstanding with kubernetes is mistakenly assume "a pod" really means "a container".

    A pod is the minimal unit we take into account in kubernetes but this does not mean that a pod is a container: A pod can be composed of several containers working together. We can easily see this on the READY column that are going to tell us for a given pod from how many containers it is composed:

    $ kubectl  get pods
    NAME                                     READY   STATUS      RESTARTS   AGE
    ampa-7dcbfd689f-59ghw                    2/2     Running     0          5d1h


  • Setting secret into a environment variable

    Although it's not a best practice to feed secrets into environment variables it's still something that it is possible to do. Let's take a glance on how to do it


  • Kubernetes Security Context: set uid for a Pod

    By default, any container that we launch will run as root. Most of the processes we launch don't really require, for example, to be able to install packages on the container. We can reduce it's privileges by setting the SecurityContext at the Pod level or at the container level.



From pet to cattle
Treat your kubernetes clusters like cattle, not pets