Control CPU and Memory Resources consumed by Pods in Kubernetes

By default, containers / pods are allocated unbound resources in the Kubernetes cluster. This allows them to consume as much resources as they need on a given node. However, this is a not a pretty scenario for cluster administrators. With the resource quotas, admins can restrict the amount of cpu and memory resources available, on a namespace basis. Within a namespace, the resource per container or pod can be controlled by using limit ranges.

Limit Range policy can be also be used to minimum and maximum storage request per PersistentVolumeClaim as well.

If no resource requests or limits are defined by the pod/container, limit range policy can be used to do the default allocation.

Read More »

Create and Manage Pods in Kubernetes

A pod is a group of one or more containers in Kubernetes and it is the smallest unit of deployment for compute. The containers in a pod lives in their own cgroups but share a number of linux namespaces. Applications running in the same Pod share the same IP address and port space (network namespace), have the same hostname (UTS namespace), and can communicate using native interprocess communication channels over System V IPC or POSIX message queues (IPC namespace). 

The containers in the pod are not managed individually, they are managed at pod level. The pod may also include init containers, sidecar containers and ephemeral containers, other than containers running actual application processes.

Read More »

Building and managing container images with Buildah

buildah is a open source tool which can be used to build OCI compliant container images without using docker engine. It can also be run in a rootless mode, thereby reducing the attack surface area and also inside a container image itself.

You can use buildah to built container images from existing container images, from Dockerfiles and from scratch (read empty images) as well. OCI images built using buildah are portable and can be run on different hosts as well with different container engines such as CRI-O, Podman, Docker Engine, etc.

Read More »

Using Skopeo to work with Container Images in a dockerless world

Skopeo is one of the specialized tool that performs various operations on container images and image repositories.

Skopeo can perform operations which consist of:

  • Copying an image from and to various storage mechanisms. For example you can copy images from one registry to another, without requiring privilege.
  • Inspecting a remote image showing its properties including its layers, without requiring you to pull the image to the host.
  • Deleting an image from an image repository.
  • Syncing an external image repository to an internal registry for air-gapped (aka offline) deployments.
  • When required by the repository, skopeo can pass the appropriate credentials and certificates for authentication.
Read More »

Working with pods with podman generate and podman play

Podman pods are a way to manage group of application containers together as one pod. It is similar in that way to Kubernetes pods. While you may add many containers as you need with a pod, it would be easier if you can export and import pod manifests entirely. This would allow you to easily create pod with requisite containers rather than running a bunch of commands. You can also use generated manifest to create kubernetes pods. podman generate is a way to generate pod definition manifest yaml format. Similarly, podman play is to import pod definition and spin up a pod for you.

Read More »

Auto Update Container Images for Kubernetes workloads with Argo CD Image Updater

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It follows the GitOps pattern of using git repositories as the source of truth for defining the desired application state. With ArgoCD, application deployments can be automated and updates to application can be made at the simple git commit events without the need of any complicated Continuous Integration and/or Deployment Pipelines.

This is our sixth post in the series of blog post on deploying and managing application with Kubernetes and Argo CD. You can find the series index here.

Read More »

Deploy Application with Kustomize Manifests on Kubernetes Clusters with Argo CD

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It follows the GitOps pattern of using git repositories as the source of truth for defining the desired application state. With ArgoCD, application deployments can be automated and updates to application can be made at the simple git commit events without the need of any complicated Continuous Integration and/or Deployment Pipelines.

This is our fifth post in the series of blog post on deploying and managing application with Kubernetes and Argo CD. You can find the series index here.

Read More »

Deploy Helm Charts on Kubernetes Clusters with Argo CD

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It follows the GitOps pattern of using git repositories as the source of truth for defining the desired application state. With ArgoCD, application deployments can be automated and updates to application can be made at the simple git commit events without the need of any complicated Continuous Integration and/or Deployment Pipelines.

This is our fourth post in the series of blog post on deploying and managing application with Kubernetes and Argo CD. You can find the series index here.

Read More »