Control CPU and Memory Resources consumed by Pods in Kubernetes

By default, containers / pods are allocated unbound resources in the Kubernetes cluster. This allows them to consume as much resources as they need on a given node. However, this is a not a pretty scenario for cluster administrators. With the resource quotas, admins can restrict the amount of cpu and memory resources available, on a namespace basis. Within a namespace, the resource per container or pod can be controlled by using limit ranges.

Limit Range policy can be also be used to minimum and maximum storage request per PersistentVolumeClaim as well.

If no resource requests or limits are defined by the pod/container, limit range policy can be used to do the default allocation.

Read More »

Manage Passwords in Linux Ecosystem with Pass Utility

Password based authentications are very common. However storing and securing passwords is an hassle. There are already too many offline and online only services, which does this work for you. Others are more feature-rich and offer lot of other features. If you work in an offline (or air-gap, disconnected from internet, etc) environment, you can use a simple open source utility called pass. It can be used to store each password as a separate file with gpg encryption. It is CLI based, but there are GUI extensions available and has a lot of support in the community.

Also with git, you can choose to sync the encrypted passwords with internal source repos as well, so that you can get all benefits of gitops as well.

Read More »

Create and Manage Pods in Kubernetes

A pod is a group of one or more containers in Kubernetes and it is the smallest unit of deployment for compute. The containers in a pod lives in their own cgroups but share a number of linux namespaces. Applications running in the same Pod share the same IP address and port space (network namespace), have the same hostname (UTS namespace), and can communicate using native interprocess communication channels over System V IPC or POSIX message queues (IPC namespace). 

The containers in the pod are not managed individually, they are managed at pod level. The pod may also include init containers, sidecar containers and ephemeral containers, other than containers running actual application processes.

Read More »

Building and managing container images with Buildah

buildah is a open source tool which can be used to build OCI compliant container images without using docker engine. It can also be run in a rootless mode, thereby reducing the attack surface area and also inside a container image itself.

You can use buildah to built container images from existing container images, from Dockerfiles and from scratch (read empty images) as well. OCI images built using buildah are portable and can be run on different hosts as well with different container engines such as CRI-O, Podman, Docker Engine, etc.

Read More »

Using Skopeo to work with Container Images in a dockerless world

Skopeo is one of the specialized tool that performs various operations on container images and image repositories.

Skopeo can perform operations which consist of:

  • Copying an image from and to various storage mechanisms. For example you can copy images from one registry to another, without requiring privilege.
  • Inspecting a remote image showing its properties including its layers, without requiring you to pull the image to the host.
  • Deleting an image from an image repository.
  • Syncing an external image repository to an internal registry for air-gapped (aka offline) deployments.
  • When required by the repository, skopeo can pass the appropriate credentials and certificates for authentication.
Read More »

Get a grip on searching file contents with grep

Who doesn’t have to search files for specific content in them. At some point, when working with computers, you would like to find files containing specific text/data/string/content/information or whatever term you use. Linux users have always boasted of being able to use grep utility. Windows users have relied on finding files using easy user interface and Select-String cmdlet. With WSL2, you can use traditional linux utilities to assist with your work on Windows OS as well. Let’s see the few variants of grep to help us searching the information that we seek.

Read More »

Working with pods with podman generate and podman play

Podman pods are a way to manage group of application containers together as one pod. It is similar in that way to Kubernetes pods. While you may add many containers as you need with a pod, it would be easier if you can export and import pod manifests entirely. This would allow you to easily create pod with requisite containers rather than running a bunch of commands. You can also use generated manifest to create kubernetes pods. podman generate is a way to generate pod definition manifest yaml format. Similarly, podman play is to import pod definition and spin up a pod for you.

Read More »

Error Handling Improvements in PowerShell 7

PowerShell 7 has made some improvements in the way error handling and made it more useful. This includes changes in the default error view, new error action preference and introduction of new cmdlet, Get-Error as well.

Changes in the Error View

A new view called $ConciseView has been created to improve the readability of the errors. This generates a single line error. Before PowerShell 7, the default view used to be $NormalView, which used to generate multi-line error and enhanced view. We can view the current default by using variable $errorview:

Read More »