AWS VPC CNI NetworkPolicy support has been available for a while. I will demonstrate how to activate the NetworkPolicy plugin in an EKS cluster. You may activate VPC CNI with the following command: eksctl create addon --name vpc-cni --version v1.15.0-eksbuild.2 --cluster YOUR_CLUSTER_NAME --service-account-role-arn arn:aws:iam::account:role/AmazonEKSCNIAccess --force You may not be able…

A Kubernetes cluster’s pod removal process could take longer than anticipated. By default, removing a pod from a Kubernetes cluster takes 30 seconds: ➜ ~ time kubectl delete -f 01-pod-create.yaml pod "web1-pod" deleted kubectl delete -f 01-pod-create.yaml 0.10s user 0.07s system 0% cpu 31.277 total You can forcefully delete your…

Many applications depend on external services to function correctly. Thanks to the init containers, you can delay the startup process until the external service is up and running. Some applications need to retrieve data from external services during startup. Thanks to the init containers, you can read secret credentials from…

One of the challenges in Kubernetes is debugging a process in Pod. I will deploy two pods (web1-pod, web2-pod), and one service (web1-service): 00-multiple-pods.yaml --- apiVersion: v1 kind: Pod metadata: name: web1-pod labels: app: web1-pod spec: containers: - image: webratio/nodejs-http-server name: web1-container --- apiVersion: v1 kind: Service metadata…

A running Kubernetes pod may be reached through several different ways. Kubectl provides two methods for interacting with a Pod: kubectl exec and kubectl attach Before starting the article, I would like to point out that I created a container image for this article: ailhan/control Here is the source code …

Part 2: How do Containers Communicate via localhost in a Kubernetes Pod? When you try to deploy a container or multiple containers in a Pod, Kubernetes creates a Pause container in the Pod. The containers you deploy will be attached to the Pause container’s ipc , uts , network namespaces. …

Part 1: What is the Purpose of the Pause Container? In my Kubernetes Core Concepts: Pod article, I stated that containers in the same Pod can access each other via localhost How does it work? When you create two containers on Docker, these containers cannot communicate via localhost. Because they run in different network…

One of the challenges in the containerization world is to use system resources efficiently. You can limit the system resources per pod/container. Here’s how you can set memory/CPU limits: apiVersion: apps/v1 kind: Deployment metadata: name: blog-test-deployment spec: replicas: 1 selector: matchLabels: app…

As stated in the previous post, the number of pods that can run a Node is limited. The total number of ENIs and IP addresses per ENI are used to compute the number of pods that may operate a Node. (More details here: Terminology Confusion on EKS: WARM_ENI_TARGET, WARM_IP_TARGET, MINIMUM_IP_TARGET) …