-
Auto Scaling in Kubernetes 1.9
I updated my Kubernetes cluster from 1.8 to 1.9 recently, the upgrade process is very smooth, however the auto-scaling part seemed to be failing. Below are some notes on how I troubleshoot this issue. First to ensure I have both kops and kubectl upgraded to 1.9 on my laptop: Install kubectl 1.9: curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.9.10/bin/linux/amd64/kubect…
-
Playing with Kubernetes Ingress Controller
It’s very very easy to use Kubernetes(K8s) to provision an external service with AWS ELB, there’s one catch though(at least for now in 2018). AWS ELB is usually used with an auto scaling group and a launch configuration. However with K8s, EC2 instances won’t get spun directly, only pods will, which is call Horizontal Scaling.…
-
Kubernetes Log Aggregation with Filebeat and Logstash
Following last blog, Filebeat is very easy to setup however it doesn’t do log pattern matching, guess I’ll need Logstash after all. First is to install Logstash of course. To tell Filebeat to feed to Logstash instead of Elasticsearch is straightforward, here’s some configuration snippets: Filebeat K8s configMap: — apiVersion: v1 kind: ConfigMap metadata: name:…
-
Kubernetes Cluster Log Aggregation with Filebeat
Finally the Kubernetes cluster I was working on went live, and I didn’t provide a log aggregation solution yet. I had a look at dynaTrace, which is a paid SaaS. However it requires to install some agent in every container. It’s fun when there’s only several to play with but I wouldn’t rebuild dozens of…
-
Kubernetes External Service with HTTPS
This is a quick example to assign an SSL certificate to a Kubernetes external service(which is an ELB in AWS). Tested with kops 1.8 and kubernetes 1.8. — apiVersion: v1 kind: Service metadata: name: my-https-service namespace: my-project labels: app: my-website-ssl annotations: service.beta.kubernetes.io/aws-load-balancer-ssl-cert: “arn:aws:acm:ap-southeast-2:xxx:certificate/xxx…” service.beta.kubernetes.io/aws-load-balancer-backend-protocol: “http” service.beta.kubernetes.io/aws-load-balancer-ssl-ports: “https” service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: ‘3600’ spec: type: LoadBalancer selector: app: my-website…
-
Get access to a container in Kubernetes cluster
With Kubernetes(K8s), there’s no need to do ssh user@host anymore since everything is running as containers. There are still occasions when I need shell access to a container to do some troubleshooting. With Docker I can do docker exec -ti <container_id> /bin/bash It’s quite similar in K8s kubectl exec -ti <container_id> — /bin/bash However in…
-
Internal Service in Kubernetes Cluster
In Kubernetes(K8s) cluster, 1 or more containers form a pod and every container in the pod can access other container’s port just like apps in the same local host. For example: – pod1 – nginx1 – gunicorn1, port:8000 – pod2 – nginx2 – gunicorn2, port:8000 So nginx1 can access gunicorn1’s port using localhost:8000 and nginx2…
-
Kops: Add Policies for Migrated Apps
When migrating some old applications to a Kubernetes(k8s) cluster provisioned by kops, a lot of things might break and one of them is the missing policy for the node. By default, nodes of a k8s cluster have the following permissions: ec2:Describe* ecr:GetAuthorizationToken ecr:BatchCheckLayerAvailability ecr:GetDownloadUrlForLayer ecr:GetRepositoryPolicy ecr:DescribeRepositories ecr:ListImages ecr:BatchGetImage route53:ListHostedZones route53:GetChange // The following permissions are…