Is It a Best/Recommended Practice to Run “sudo systemctl start docker”?

0 Comments

Problem scenario
You read that you should not run a Docker container as root or with sudo privileges. Can you start the docker service with sudo systemctl start docker?

Solution
Yes, it is acceptable. You can use this:

sudo systemctl start docker

This solution was taken from https://docs.docker.com/config/daemon/systemd/.

Continue reading “Is It a Best/Recommended Practice to Run “sudo systemctl start docker”?”

What is a Validation Webhook?

0 Comments

Question
In the context of Kubernetes, what is a validation webhook?

Answer
They are an API invocation to confirm a resource was created properly. Unlike a mutating webhook, validation webhooks make no changes to resources deployed in Kubernetes. Also unlike a mutating webhook, validation webhooks happen at a different step in the admission controller process. The admission controller process starts with an API request and ends with persisting data to etcd.

Continue reading “What is a Validation Webhook?”

In Kubernetes, What Happens when an API Server or Admission Controller Receives a kubectl Command and Updates etcd?

0 Comments

Problem scenario
You know that an admission controller in the API server has various stages to process a kubectl command in Kubernetes. You want to know how the API server or relevant admission controller works in the correct sequence. The sequence starts with a request (HTTP POST from a kubectl command) and ends with updating etcd. How does this happen in detail?

Solution
The API server’s process of handling a kubectl command is very similar to what are called “admission controller phases.”*

It is not clear what is the difference (if there is any).

Continue reading “In Kubernetes, What Happens when an API Server or Admission Controller Receives a kubectl Command and Updates etcd?”

How Do You Troubleshoot the Kubernetes Error “cluster unreachable”?

0 Comments

Problem scenario
You get a message “kubernetes cluster unreachable” when running a helm, kubectl, az, or eks command. What should you do?

Possible solution #1
Has a router been reconfigured? Has a new firewall rule been imposed? Has a data center gone down that housed the cluster? Did you receive an email about a maintenance window or a configuration change?

Possible solution #2
What are the permissions of the relevant .yaml file?

Continue reading “How Do You Troubleshoot the Kubernetes Error “cluster unreachable”?”

How Do You Find the Requests, Limits, and Replicas of Pods Deployed from Helm Charts?

0 Comments

Problem scenario
You do not have the YAML (.yml or .yaml) files for your Helm deployments.

How do you find the pod manifests for the yaml files when you do not have access to the Helm repos?

Solution
Run this:

helm ls -a -A

The output will show a “Name” on the left most column and a namespace in an inner column.

Continue reading “How Do You Find the Requests, Limits, and Replicas of Pods Deployed from Helm Charts?”

What Are Common Use Cases of Daemonsets in Kubernetes?

0 Comments

Question
DaemonSets will bypass the scheduler and deploy to nodes that are designated as “unschedulable”; however you can use a DaemonSet to deploy to a subset of all the nodes (according to page 109 of Kubernetes in Action). In the real world, what are daemonsets used for in Kubernetes?

Answer

  • Monitoring of pods/nodes (such as Prometheus Node Exporter,

Continue reading “What Are Common Use Cases of Daemonsets in Kubernetes?”

How Do You Troubleshoot “conntrack not found in system path” when You Run a kubeadm Command?

0 Comments

Problem scenario
You try to run “kubeadm init”, but you receive this error:

[ERROR FileExisting-conntrack]: conntrack not found in system path
[preflight] If you know what you are doing, you can make a check non-fatal with –ignore-preflight-errors=…

What should you do?

Solution
Install conntrack.

If you are using SUSE Linux run this:

sudo zypper -n install conntrack-tools

If you are using Debian/Ubuntu Linux:

sudo apt -y install conntrack

Continue reading “How Do You Troubleshoot “conntrack not found in system path” when You Run a kubeadm Command?”

How Do You Troubleshoot “timed out waiting for the condition” after Running “kubeadm init”?

0 Comments

Problem scenario
You run “sudo kubeadm init”, and you get this message:

[kubelet-check] It seems like the kubelet isn’t running or healthy.
[kubelet-check] The HTTP call equal to ‘curl -sSL http://localhost:10248/healthz’ failed with error: Get “http://localhost:10248/healthz”: dial tcp 127.0.0.1:10248: connect: connection refused.

[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory “/etc/kubernetes/manifests”. This can take up to 4m0s
[kubelet-check] Initial timeout of 40s passed. …

Continue reading “How Do You Troubleshoot “timed out waiting for the condition” after Running “kubeadm init”?”

What Are cgroups?

0 Comments

Question
You know cgroups provide isolation (along with namespaces in the context of containers). But what exactly are cgroups?

Answer
cgroups enforce hard limits of subsystems to allow efficient allocation of resources of the super-system.

Cgroups allow you to allocate resources — such as CPU time, system memory, network bandwidth, or combinations of these resources — among user-defined groups of tasks (processes) running on a system.

Continue reading “What Are cgroups?”