I’ve always been intrigued by how kubernetes pods relate to containers. As you probably know, containers running on the same host, share the Linux kernel. That’s why a container image does not contain a kernel, only software and tools that make up a distro like for example a package manager. …

Today, I had a few minutes to take the less then 100 seconds challenge to install Robusta, an open source platform for Kubernetes troubleshooting and automation with some pretty cool integration options like Slack, Teams, etc … Robusta is capable of handling application error (ex. Java), track kubernetes changes (ex…

Why consider a service mesh? I’ve always been very intrigued by the service mesh concept. It can offer quite some intriguing features, but often they are perceived as a nice to have, rather then a must have if you’re just experimenting with kubernetes. …

Introduction Startup, readiness, and liveness probes are very well described in the Kubernetes documentation. kubelet uses these probes defined in the pod manifest to verify whether a pod is booting, ready to accept traffic and still alive. It is kubelet who actually executes the probes (and not the pod itself). There…

1. Lets create a TOR socks proxy image This should be easy via this Dockerfile FROM ubuntu ENV DEBIAN_FRONTEND=noninteractive RUN apt-get update RUN apt-get install -y bash curl privoxy tor tzdata vim net-tools COPY config /etc/privoxy/config COPY start.sh . CMD [ "/start.sh"] and some (probably to enhance) script to run the proxies in the container/pod. See https://github.com/xxradar/torproxy …

Wireshark in a terminal …

I stumbled on pixielabs while investigating #eBPF. It is extremely powerful tool showing a lot of eBPF capabilities in a nice UI on a kubernetes cluster. 1. Setting up a k8s cluster For the sake of this demo I will be using a managed kubernetes cluster on the DigitalOcean platform…

Intrigued by the evolution of proxy, gateway, edge-router, API gateway, Load Balancer, Ingress and web application firewall technology, I decided to update this story with my learnings. Most of the…

In order to use ephemeral containers, the K8S cluster needs to be created using the EphemeralContainers feature gate. This technique makes using tcpdump inside a pod quite easy without the need to restart or patch a pod or deployment. Create a cluster enabling EphemeralContainers The following configuration cluster.yaml helps installing a K8S cluster using kubeadm. …