Learn Kubernetes Weekly issue 104

PID 1 process cannot be killed, zombie processes, Understanding DNS, Kubernetes self-healing in practice, topology-aware routing

6 Nov 2024

There are no "right" requests or limits in Kubernetes because, as soon as you set one, it's already wrong 😅

So, how do you set requests and limits? How do you size Kubernetes nodes for workloads with constantly changing CPU and memory profiles?

I will try to answer those hard questions tomorrow in this webinar.

Join me!

Articles

1. Why sometimes the PID 1 process cannot be killed in a container

   ByteCook

   This article explains why the PID 1 process in a container cannot be killed, covering the basics of the Linux init process and signals, and analyzing kernel code to understand signal handling behaviour in containers.

2. Causes and solutions for zombie processes in containers

   ByteCook

   This article explains zombie processes, how they are created in containers, and how to prevent them by using the wait() or waitpid() system call.

3. Understanding DNS in Kubernetes

   Povilas Versockas

   This article examines DNS resolution in Kubernetes, focusing on CoreDNS as the default provider.

   It explores various Kubernetes DNS policies, including ClusterFirst, Default, and None, and their impact on pod DNS configurations.

4. From fragile to faultless: Kubernetes self-healing in practice

   Zain Malik

   This article describes how City Storage Systems built a self-healing framework for their Kubernetes platform, automating the detection and resolution of various failure modes, including Spot node preemptions, unreachable nodes, and network issues.

5. The trouble with topology-aware routing: sacrificing reliability in the name of cost savings

   William Morgan

   This article discusses the limitations of Topology-Aware Routing in Kubernetes, which prevents cross-zone traffic but can also lead to reliability issues and limit the benefits of multi-zone clusters.

6. How to deploy loxilb in-cluster for multus based secondary services

   Nikhil Malik

   The guide demonstrates how LoxiLB can work with multiple CNIs in a Multus environment, offering load-balancing capabilities for secondary network interfaces alongside the primary Kubernetes network.

   sponsored

Articles worth checking out:

• Taming FluxCD Helm releases: the Kustomize way approach

• Helm + Kustomize + raw manifests combination

• Optimize the Kubernetes dev experience by creating silos

• Building secure Kubernetes environments, a practical guide to network policies

• Securing Kubernetes pods for production workloads

• Mastering Kubernetes networking: a journey in cloud-native packet management

• Bouncing back: how to fix your StatefulSet after PVC deletion disaster

⎈ Become an expert in Kubernetes: Advanced Kubernetes course

Learnk8s

Join Learnk8s' 4-day online Advanced Kubernetes workshop next week!_

Get your hands dirty with Kubernetes and learn what makes Kubernetes tick in a session packed with hands-on labs!

Become a Kubernetes expert

Tutorials

1. 5G service communication proxy with LoxiLB

   Nikhil Malik

   This article discusses the deployment of LoxiLB as a Service Communication Proxy (SCP) with Open5GS.

   The article aims to demonstrate how LoxiLB can be used to expose 5G core services externally in a Kubernetes environment.

2. My experience adding a MongoDB No-SQL database to my Kubernetes cluster

   Martin Hodges

   This article guides readers through adding a MongoDB database to a Kubernetes cluster, creating a Spring Boot application to interact with the database, and deploying the application to the cluster.

3. Kubernetes webhook admission controller

   Payam Qorbanpour

   Learn how to use a Kubernetes admission controller to authorize external requests by creating a custom authorization service, generating TLS certificates, and configuring deployment and service manifests.

4. Managing internal DNS in air-gapped k3s clusters with Monkale CoreDNS-Manager-Operator

   Nicholas

   This article provides a step-by-step guide on managing internal DNS in air-gapped k3s clusters using Monkale CoreDNS-Manager-Operator.

   It covers the creation of a DNSZone, and addition of records, as well as handling FQDNs and setting NS records.

5. Advanced network observability: supercharging container network observability in AKS

   Pixel Robots.

   This article explains how to set up and use Advanced Network Observability in AKS to monitor and troubleshoot network performance.

More tutorials:

• Scaling Kubernetes pods based on HTTP traffic using KEDA HTTP add-on

Kubernetes jobs

1. • Software Engineer with Woolf

   • Salary: $40K to $60K a year

   • Location: remote from the United States

   • Tech stack: Kubernetes, GCP, Javascript, Redis, PostgreSQL

2. • Engineering Manager with Invitro Capital

   • Salary: $72K to $96K a year

   • Location: remote from Costa Rica

   • Tech stack: Kubernetes, AWS, Azure, GCP, Docker, Python, Javascript, Terraform, Jenkins, GitHub Actions

3. • Software Engineer with Fluent, LLC

   • Salary: CA$140K to CA$160K a year

   • Location: remote from Canada

   • Tech stack: Kubernetes, AWS, Docker, Javascript, Java, Typescript, C#, Redis, Kafka, Elastic Search

4. • DevSecOps Engineer with Lattice

   • Salary: $166K to $207.5K a year

   • Location: remote from the United States

   • Tech stack: Kubernetes, AWS, Docker, Python, GraphQL, Javascript, Typescript, Ruby

Discover more Kubernetes jobs on Kube Careers →

Code & tools

1. Fubectl: fancy-kubectl

   fubectl reduces repetitive interactions with kubectl.

2. System Upgrade Controller

   System Upgrade Controller provides a general-purpose, Kubernetes-native upgrade controller (for nodes).

   It introduces a new Custom Resource Definition for defining upgrade policies/requirements.

3. kraan: layers on top of Kubernetes

   fidelity

   Kraan is a tool for deploying and managing platforms on top of Kubernetes by applying "layers" of addons with dependencies.

4. Intel Device Plugins for Kubernetes

   intel

   Intel Device Plugins for Kubernetes is a framework for developing Kubernetes device plugins.

5. KubeLab: the ultimate Kubernetes learning platform

   natrontech

   KubeLab is a tool that provides a rich set of interactive labs for learning Kubernetes concepts in a real-world context.

Other interesting projects:

• SOPS: Secrets OPerationS

• Sonobuoy: validate your cluster

• CubeFS: distributed storage system

• mani-diffy: diff ArgoCD Application templates

Upcoming Kubernetes events

1. Nov

   7

   Choosing the right requests, limits and nodes in Kubernetes

   Online meetup organized by Learnk8s.

   • This is a virtual event

   • This is a free event.

2. Nov

   12

   KubeCon North America

   Online & in-person conference organized by Linux Foundation.

   • Location: Salt Lake City, UT, USA and virtual

   • This is a free event.

3. Nov

   12

   Kubernetes on Edge Day

   In-person conference organized by Linux Foundation.

   • Location: Salt Lake City, UT, USA

   • This event requires an entrance fee

4. Nov

   12

   Data on Kubernetes Day

   In-person conference organized by Linux Foundation.

   • Location: Salt Lake City, UT, USA

   • This event requires an entrance fee

5. Nov

   12

   Cilium + eBPF Day North America

   In-person conference organized by Linux Foundation.

   • Location: Salt Lake City, UT, USA

   • This event requires an entrance fee

6. Nov

   14

   Advanced Kubernetes course

   Online workshop organized by Learnk8s.

   • This is a virtual event

   • This event requires an entrance fee

Discover more Kubernetes events on Kube Events →

Kubernetes Call for Papers

1. 4

   days

   KubeCon + CloudNativeCon Europe 2025

   The Call For Paper is open until 25 November 2024 at UTC. More info →

   • Location: London, UK

   • In-person conference organized by Linux Foundation.

   • The conference starts on the 1 April 2025.

   • Apply here

2. 10

   days

   FOSDEM

   The Call For Paper is open until 1 December 2024 at UTC. More info →

   • Location: Brussels, BE

   • In-person conference organized by FOSDEM.

   • The conference starts on the 2 February 2025.

   • Apply here

3. 9

   days

   Cybersec Asia 2025

   The Call For Paper is open until 30 November 2024 at UTC. More info →

   • Location: Bangkok, TH

   • In-person conference organized by Cybersec Asia.

   • The conference starts on the 29 January 2025.

   • Apply here

4. 55

   days

   Devopsdays Zurich

   The Call For Paper is open until 15 January 2025 at UTC. More info →

   • Location: Zurich, CH

   • In-person conference organized by Devopsdays.

   • The conference starts on the 12 March 2025.

   • Apply here

5. expired

   RuhrSec 2025

   The Call For Paper was open until 10 November 2024 at UTC. More info →

   • Location: Bochum, DE

   • In-person conference organized by Hackmanit.

   • The conference starts on the 21 February 2025.

   • Apply here

6. 71

   days

   Voxxeddays Bucharest

   The Call For Paper is open until 31 January 2025 at UTC. More info →

   • Location: Bucharest, RO

   • In-person conference organized by Incremental Community.

   • The conference starts on the 27 March 2025.

   • Apply here

7. 47

   days

   QCon London

   The Call For Paper is open until 7 January 2025 at UTC. More info →

   • Location: London, UK

   • In-person conference organized by InfoQ.

   • The conference starts on the 7 April 2025.

   • Apply here

8. 9

   days

   Tech Rocks Asia 2025

   The Call For Paper is open until 30 November 2024 at UTC. More info →

   • Location: Ho Chi Minh, VN

   • In-person conference organized by NFQ.

   • The conference starts on the 28 February 2025.

   • Apply here

9. 41

   days

   Devopsdays Raleigh

   The Call For Paper is open until 1 January 2025 at UTC. More info →

   • Location: Raleigh, NC, USA

   • In-person conference organized by Devopsdays.

   • The conference starts on the 16 April 2025.

   • Apply here

Until next time!

— Dan

Subscribe and, every Wednesday, receive the latest Kubernetes news!