CPU and Memory Management on Kubernetes with Cgroupsv2

CPU and Memory Management on Kubernetes with Cgroupsv2 In this post I’ll try to explain how CPU and Memory management works under the hood on Kubernetes. If you ever wondered what happens when you set requests and limits for your pods, keep reading! Attention This is the result of my exploratory work around cgroupsv2 and their application to Kubernetes. Even though I tried really hard to make sure the information in this post is accurate, I’m far from being an expert on the topic and some information may not be 100% accurate....

Published on April 6, 2023 · Last updated on November 16, 2023 · 23 min · Mario

Exposing multiple Kubernetes clusters with a single load balancer and a single public IP

Exposing multiple Kubernetes clusters with a single load balancer and a single public IP My colleague Alberto Losada and I have been working on a lab lately. The lab is composed of three OpenShift clusters on VMs, these VMs are deployed on an isolated libvirt network, which means that we cannot access them from outside the hypervisor. In order to solve this issue, we wanted to expose the three clusters using the public IP available in the hypervisor....

Published on March 21, 2023 · Last updated on March 21, 2023 · 5 min · Mario

OpenShift 4 User Certificates

User Certificates in OpenShift 4 Attention The information described in this blog post may not be a supported configuration for OpenShift 4. Please, refer to the official docs for supported documentation. In this blog we will see how we can create OpenShift Users using client certificates and how to configure the API Server, so we can create client certificates using custom CAs. The information described in this blog was last tested with OpenShift 4....

Published on January 13, 2023 · Last updated on January 13, 2023 · 6 min · Mario

Using OpenShift OAuth Proxy to secure your Applications on OpenShift

What is OAuth Proxy A reverse proxy and static file server that provides authentication and authorization to an OpenShift OAuth server or Kubernetes master supporting the 1.6+ remote authorization endpoints to validate access to content. It is intended for use withing OpenShift clusters to make it easy to run both end-user and infrastructure services that do not provider their own authentication. [Source] Securing an Application with OAuth Proxy In this blog post we are going to deploy OAuth Proxy in front of a simple application....

Published on July 30, 2019 · Last updated on May 30, 2023 · 7 min · Mario

Writing Operators using the Operator Framework SDK

Operators, operators everywhere As you may have noticed, Kubernetes operators are becoming more an more popular those days. In this post we are going to explain the basics around Operators and we will develop a simple Operator using the Operator Framework SDK. What is an Operator An operator aims to automate actions usually performed manually while lessening the likelihood of error and simplifying complexity. We can think of an operator as a method of packaging, deploying and managing a Kubernetes enabled application....

Published on May 18, 2019 · Last updated on February 13, 2023 · 21 min · Mario