Information Technology Stories

Recap on Requests and Limits Requests Pods are allocated to nodes based solely on the specific CPU and Memory requirements. In other words, a pod is assigned for a node if the available capacity on that node can accommodate the additional CPU and Memory requested by the pod.  Limits Pod Scheduling does not take limits into account, but limits play a crucial role for different purposes. They establish an upper limit on the resources a pod can acquire before facing throttling or running out of memory. This precautionary measure prevents a single pod from monopolizing all resources on a node due to any deficiencies.  it is crucial to understand that reaching the CPU limit does not result in pod eviction; instead, it leads to throttling, potentially causing application failure. However, surpassing the Memory limit results in an out-of-memory (OOM) condition, necessitating pod eviction.  [example of overcommit] Now, if the node is anywhere close to reservation capacity then na...

  What is AWS CloudFormation? AWS CloudFormation is a service that helps you model and set up your Amazon Web Services resources so that you can spend less time managing those resources and more time focusing on your applications that run in AWS. You create a template that describes all the AWS resources that you want (like Amazon EC2 instances or Amazon RDS DB instances), and AWS CloudFormation takes care of provisioning and configuring those resources for you. AWS CloudFormation Basics: In CloudFormation, you work with Templates and Stacks. Template:  JSON or YAML formatted text file which is a blueprint of your AWS resources. Stack:  In CloudFormation, you manage resources as a single unit called a Stack. All the resources in a stack are defined by the stack’s Template. Hence the AWS CloudFormation workflow can be summarized as the below image  reference: docs.aws.amazon.com. example of cloud formation configuration which is I made it by myself.

  ClusterIP A ClusterIP service is the default Kubernetes service. It gives you a service inside your cluster that other apps inside your cluster can access. There is no external access. The YAML for a ClusterIP service looks like this: apiVersion: v1 kind: Service metadata:     name: my-internal-service spec:   selector:         app: my-app   type: ClusterIP   ports:     - name: http     port: 80     targetPort: 80     protocol: TCP Start the Kubernetes Proxy: $ kubectl proxy --port=8080 Now, you can navigate through the Kubernetes API to access this service using this scheme: http://localhost:8080/api/v1/proxy/namespaces/<NAMESPACE>/services/<SERVICE-NAME>:<PORT-NAME>/ So to access the service we defined above, you could use the following address: http://localhost:8080/api/v1/proxy/namespaces/default/services/my-internal-service:http/ NodePort A NodePort service i...

Each Microservice that constitutes the Microservice architecture identifies each service for communication between Microservices, identifies routes, performs load balancing, and serves as a circuit break for the entire service. It is Service Mesh that integrates these functions into a single layer. Istio is an open-source solution for implementing Service Mesh (Service Mesh) developed by IBM, Redhat, VMware, and Google. Istio distributes Envoy, a proxy that can communicate all networks between microservices, to microservices in a sidecar pattern, stores and manages/supervises the settings of proxies and serves as a controller to deliver the settings to proxies. Istio Architecture Istio is divided into Data Plan and Control Plan , and each architecture is shown in the figure below. Mesh-Agnostic Code (istio/envoy) vs Mesh-Aware Code(Eureka) Architecture The two most commonly used methods of configuring Service Mesh, Mesh-Agnostic Code (istio/envoy) using Proxy as a Sidecar format, an...

VGW(Virtual Private Gateway): It's the oldest way, and it was first announced. DGW(Direct Connect Gateway): It was announced in 2017. TGW(Transit Gateway): It was released in 2018. *** VPC peering *** It provides a 1:1 connection between VPCs and establishes a private connection between VPCs in the same account or in different accounts. Using Private IP It is possible to connect not only within the same region but also within different regions. Does not support peering between VPCs if IP is reduplication Only one peering resource can be set up between two VPCs Does not support multiple peering relationships between VPCs Internet Gateway (IGW) or Virtual Private Gateway (VGW) is not required Provides high availability connectivity Maintain Traffic on a Global AWS Backbone Use Case: Provides 1:1 connection between VPCs Use Case: Business Expansion Case Using VPC Peering AWS Direct Connect & VGW(Virtual Private Gateway) A VGW is an endpoint that provides a connection with a VPC wh...

Outline  HPA refers to the replica expansion of the Pod inside the K8S node. The goal is to designate replication of deployed POD according to CPU usage so that the service can operate smoothly. (This is different from Instance Autoscaling, which increases instances of work nodes to be described later.) Apply sequence (based on AWS EKS) 1. Create a Kubernetes metrics server. Metrics Server aggregates resource usage data across the Kubernetes cluster. Metrics such as CPU and memory usage of a worker node or container are collected through 'kubelet' installed on each worker node. kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml If the installation is complete, please check the command below for proper installation kubectl get deployment metrics-server -n kube-system 2. Create a replica of the pod that you want to use HPA. Create one of the default values here. Please refer to deployment.yaml below deployment.yaml --- api...