by andriejsazanowicz
Scheduling in Kubernetes is the process of binding pending pods to nodes, and is performed by a component of Kubernetes called kube-scheduler. The scheduler’s decisions, whether or where a pod can or can not be scheduled, are guided by its configurable policy. As Kubernetes clusters are very dynamic and their state changes over time, there … Read more
By default, many container services run as the privileged root user. Every container is just a running process. Preventing root execution by using non-root containers (configured when the image is built) or a rootless container engine (some container engines run in an unprivileged context rather than using a daemon running as root; for example, podman) limits the … Read more
A service mesh is a dedicated infrastructure layer built into an application that controls service-to-service communication in a microservices architecture. It controls the delivery of service requests to other services, performs load balancing, encrypts data, and discovers other services. Istio is a popular solution for service mesh, managing the different microservices that make up a … Read more
Managing and updating application configurations in a Kubernetes environment can be a complex and time-consuming task. This, usually manual handled taks, is performed by ConfigMaps or Secrets. And configuration can be updated, whether it be for credential updates or rotation, or toggling logging on or off, or updating a particular environment parameter. This routine process may lead … Read more
A service mesh is a dedicated infrastructure layer that controls service-to-service communication over a network. This method enables separate parts of an application to communicate with each other. Service meshes appear commonly in concert with cloud-based applications, containers and microservices. Istio service mesh is a first choice in the open-source cloud-native service mesh landscape for most organizations. … Read more