-
How risky it really is to run a Pod with privileged: true?
3 min read
When running containers, by default we will have an isolation between the host and the running container: you cannot access the host’s resources. But when you run a Pod with the privileged flag, you are effectively disabling this isolation making it equivalent to running that process as root on the host server.
22/12/2021
Read more... -
Network policies on Kubernetes
2 min read
Network policies are objects that allows you to control the flow of connections to and from pods. By default all pods are completely open to all communications, but as soon as a pod is selected by a policy, it is no longer be considered open: just the connections allowed by the NetworkPolicy will be allowed
20/12/2021
Read more... -
Kubernetes: Quality of Service for Pods
2 min read
On Kubernetes there are three QoS (Quality of Service) classes that a Pod can use. We can check what's the class it's using by checking the qosClass under status:
$ kubectl get pod pet2cattle-swag-746956854c-62psn -n website -o jsonpath='{.status.qosClass}' Burstable10/11/2021
Read more... -
Prevent a Pod being evicted by the cluster autoscaler
2 min read
The cluster autoscaler takes into consideration several factors when it chooses a node to remove (evicting it's Pods)
28/10/2021
Read more... -
Kubernetes: How to evict a Pod from a node
3 min read
When we don't have the Pod's resources correctly configured we might face the need of moving a Pod to a different node. Although we could change the nodeSelector or adjust the resources to that it gets scheduled on a different node, it might urge us to fix an issue. To do so we can use kubectl drain
At the end of the day what we want it really is "drain the node of that kind of Pods". As kind of by product the node ends up being cordoned so we are sure the Pod won't be scheduled again on the same node.
25/10/2021
Read more...