Charles Xu
Essays, books, wiki on technologies, career, markets, and more.
Archive of posts with category 'kubernetes'
In a large, busy cluster, how do you scale Istio to address Istio-proxy Container being OOM-Killed and Istiod crashes if too many connected istio-proxies?
AWS EKS on VPC networks need AWS Security Group Rules (SG) to receipt ingress traffic. But what if you reach the max rules count in your SG?
Your Kubernetes cluster probably has a shared ingress for north-south traffic, coming from a cloud load balancer and lands on your favorite proxies like Envoy, or Istio gateways, or Nginx....
We go from containers and network namespace to Pod-to-Pod, Pod-to-Service, and external-client-to-Service networking.
My team at Cruise operates tens of Kubernetes clusters with 10,000s cores and 100s of TB of RAM. Since migration to GCP, we have hit several interesting scaling issues. One...
Pods in Kubernetes are the smallest orchestration unit and are ephemeral by definition: Deployment/StatefulSet/DaemonSet/ReplicaSet updates or patches Nodepool downscaling (compaction) or upgrades (cordoned and drained)
Summary To achieve zero-downtime service update, Kubernetes rolling update implies the API must be both forward and backward compatible. Forward compatibility is hard if at all makes sense. Blue-green update...
It is common to extract the application configuration to a separate file as a runtime dependency of the container image that includes the application binary. As a result, the same...
Introduced in version v17.05, multi-stage builds feature in Dockerfiles enables you to create smaller container images with better caching and smaller security footprint. Fundamentally, the new syntax allows one to...
Never miss a story from me, subscribe to my newsletter