by andriejsazanowicz
Scheduling in Kubernetes is the process of binding pending pods to nodes, and is performed by a component of Kubernetes called kube-scheduler. The scheduler’s decisions, whether or where a pod can or can not be scheduled, are guided by its configurable policy. As Kubernetes clusters are very dynamic and their state changes over time, there … Read more
By default, many container services run as the privileged root user. Every container is just a running process. Preventing root execution by using non-root containers (configured when the image is built) or a rootless container engine (some container engines run in an unprivileged context rather than using a daemon running as root; for example, podman) limits the … Read more
A service mesh is a dedicated infrastructure layer built into an application that controls service-to-service communication in a microservices architecture. It controls the delivery of service requests to other services, performs load balancing, encrypts data, and discovers other services. Istio is a popular solution for service mesh, managing the different microservices that make up a … Read more
Microservices are an architectural and organizational approach to software development where software is composed of small independent services that communicate over well-defined APIs. These services are owned by small, self-contained teams. Microservices architectures make applications easier to scale and faster to develop, enabling innovation and accelerating time-to-market for new features. In such architecture, services have … Read more
Managing and updating application configurations in a Kubernetes environment can be a complex and time-consuming task. This, usually manual handled taks, is performed by ConfigMaps or Secrets. And configuration can be updated, whether it be for credential updates or rotation, or toggling logging on or off, or updating a particular environment parameter. This routine process may lead … Read more