Posts

[Kubernetes] Node Overcommitted

-
Image
Recap on Requests and Limits Requests Pods are allocated to nodes based solely on the specific CPU and Memory requirements. In other words, a pod is assigned for a node if the available capacity on that node can accommodate the additional CPU and Memory requested by the pod.  Limits Pod Scheduling does not take limits into account, but limits play a crucial role for different purposes. They establish an upper limit on the resources a pod can acquire before facing throttling or running out of memory. This precautionary measure prevents a single pod from monopolizing all resources on a node due to any deficiencies.  it is crucial to understand that reaching the CPU limit does not result in pod eviction; instead, it leads to throttling, potentially causing application failure. However, surpassing the Memory limit results in an out-of-memory (OOM) condition, necessitating pod eviction.  [example of overcommit] Now, if the node is anywhere close to reservation capacity then naturally the su
Post a Comment
Read more

[AWS] What is the Cloud Formation?

-
Image
  What is AWS CloudFormation? AWS CloudFormation is a service that helps you model and set up your Amazon Web Services resources so that you can spend less time managing those resources and more time focusing on your applications that run in AWS. You create a template that describes all the AWS resources that you want (like Amazon EC2 instances or Amazon RDS DB instances), and AWS CloudFormation takes care of provisioning and configuring those resources for you. AWS CloudFormation Basics: In CloudFormation, you work with Templates and Stacks. Template:  JSON or YAML formatted text file which is a blueprint of your AWS resources. Stack:  In CloudFormation, you manage resources as a single unit called a Stack. All the resources in a stack are defined by the stack’s Template. Hence the AWS CloudFormation workflow can be summarized as the below image  reference: docs.aws.amazon.com. example of cloud formation configuration which is I made it by myself.
Post a Comment
Read more

Kubernetes NodePort vs LoadBalancer vs Ingress?

-
Image
  ClusterIP A ClusterIP service is the default Kubernetes service. It gives you a service inside your cluster that other apps inside your cluster can access. There is no external access. The YAML for a ClusterIP service looks like this: apiVersion: v1 kind: Service metadata:     name: my-internal-service spec:   selector:         app: my-app   type: ClusterIP   ports:     - name: http     port: 80     targetPort: 80     protocol: TCP Start the Kubernetes Proxy: $ kubectl proxy --port=8080 Now, you can navigate through the Kubernetes API to access this service using this scheme: http://localhost:8080/api/v1/proxy/namespaces/<NAMESPACE>/services/<SERVICE-NAME>:<PORT-NAME>/ So to access the service we defined above, you could use the following address: http://localhost:8080/api/v1/proxy/namespaces/default/services/my-internal-service:http/ NodePort A NodePort service is the most primitive way to get external traffic directly to your service. NodePort, as the name implies
Post a Comment
Read more

[Service Mesh] Istio vs Envoy

-
Image
Each Microservice that constitutes the Microservice architecture identifies each service for communication between Microservices, identifies routes, performs load balancing, and serves as a circuit break for the entire service. It is Service Mesh that integrates these functions into a single layer. Istio is an open-source solution for implementing Service Mesh (Service Mesh) developed by IBM, Redhat, VMware, and Google. Istio distributes Envoy, a proxy that can communicate all networks between microservices, to microservices in a sidecar pattern, stores and manages/supervises the settings of proxies and serves as a controller to deliver the settings to proxies. Istio Architecture Istio is divided into Data Plan and Control Plan , and each architecture is shown in the figure below. Mesh-Agnostic Code (istio/envoy) vs Mesh-Aware Code(Eureka) Architecture The two most commonly used methods of configuring Service Mesh, Mesh-Agnostic Code (istio/envoy) using Proxy as a Sidecar format, an
Post a Comment
Read more

Connectivity Between VPCs - Comparison of VPC Peering, VGW, DGW, and TGW

-
Image
VGW(Virtual Private Gateway): It's the oldest way, and it was first announced. DGW(Direct Connect Gateway): It was announced in 2017. TGW(Transit Gateway): It was released in 2018. *** VPC peering *** It provides a 1:1 connection between VPCs and establishes a private connection between VPCs in the same account or in different accounts. Using Private IP It is possible to connect not only within the same region but also within different regions. Does not support peering between VPCs if IP is reduplication Only one peering resource can be set up between two VPCs Does not support multiple peering relationships between VPCs Internet Gateway (IGW) or Virtual Private Gateway (VGW) is not required Provides high availability connectivity Maintain Traffic on a Global AWS Backbone Use Case: Provides 1:1 connection between VPCs Use Case: Business Expansion Case Using VPC Peering AWS Direct Connect & VGW(Virtual Private Gateway) A VGW is an endpoint that provides a connection with a VPC wh
Post a Comment
Read more

how to apply K8S HPA(Horizontal Pod Autoscaling)

-
Image
Outline  HPA refers to the replica expansion of the Pod inside the K8S node. The goal is to designate replication of deployed POD according to CPU usage so that the service can operate smoothly. (This is different from Instance Autoscaling, which increases instances of work nodes to be described later.) Apply sequence (based on AWS EKS) 1. Create a Kubernetes metrics server. Metrics Server aggregates resource usage data across the Kubernetes cluster. Metrics such as CPU and memory usage of a worker node or container are collected through 'kubelet' installed on each worker node. kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml If the installation is complete, please check the command below for proper installation kubectl get deployment metrics-server -n kube-system 2. Create a replica of the pod that you want to use HPA. Create one of the default values here. Please refer to deployment.yaml below deployment.yaml --- api
Post a Comment
Read more

What is IP Class, Subnet mask and CIDR?

-
Image
  IP Class IPv4 consists of a logical address system consisting of 255.255.255.255 32 bits (4 bytes) in length, and one IP consists of a Network Address and a Host Address. In particular, here, Network Address divides its scope into areas that are easy to manage, and we call it Class. This class consists of five classes from A to E as follows, and the Network Address area and Host Address area of each class are shown in the figure.  The starting range of each class is easy to remember by calculating the following equation. There are 256 ranges to input into IP (0 to 255) Divide by 2 from 256. 256 / 2 = 128 - 1 = 127 (range of A class: 0 ~ 127) 128 / 2 = 64 + 127 = 191 (range of B class: 128 ~ 191) 64 /2 = 32 + 191 = 223 (range of C class: 192 ~ 223) the rest of the number of 32 is divided by 16 and separated into a D class and an E class each.  Subnet Subnet Mask is used to raise or lower the Network Address value by masking the value to Network Address. In other words, the Subnet mask
Post a Comment
Read more