This guide walks you through enabling user namespaces in Kubernetes, allowing containers to run as root inside the pod while being mapped to a non-root user on the host. This enhances isolation and security, and makes it possible to allow…
HowTo install a Kubernetes Cluster with Dual Stack IPv4/IPv6 Support
In this blog post, I have summarized how I have set up a single-node Kubernetes cluster version 1.32 on a fresh Ubuntu 24.04 with dual-stack IPv4/IPv6 support. Tested with: Ubuntu 24.04 Kubeadm 1.32.3 CRI-O 1.32 Calico 3.29.3 Part 1: Prepare…
Migrate Kubernetes Runtime from Containerd to CRI-O
Why Replace Containerd with CRI-O in Kubernetes? Switching container runtimes again might seem unnecessary after the recent move from Docker to containerd. However, CRI-O offers unique features like enhanced Kubernetes compatibility and improved security. For example, I used CRI-O to test…
Kubernetes: POD vertical Scaling – Changing the Resource Limits of PODs without POD Restart
In Kubernetes v1.27, the InPlacePodVerticalScaling feature was introduced as an alpha capability, allowing you to adjust CPU and memory resources of running pods without restarting them. This feature can reduce downtime and make resource scaling more efficient. In this guide,…
Kubernetes horizontal POD Autoscaling – Hello World
For a quick test of horizontal autoscaling of an NginX deployment, we need the following ingredients: a metrics server installation to be able to measure the POD's CPU an nginx deployment with a CPU reservation an auto scaler configuration a…
How I earned the Certified Kubernetes Administrator (CKA) badge – what would I do differently today?
What is the CKA? The Certified Kubernetes Administrator (CKA) certification proves you have hands-on experience managing Kubernetes clusters. How did I learn Kubernetes? Three years ago, I purchased a 4-day classroom Kubernetes Administration course (LFS458) from FastLane. It was not…
Kubernetes etcd backup and restore – cheat sheet
This is a cheat sheet on how to perform backup&restore of the etcd server in kubernetes quickly. Test this on Killercoda Play with Kubernetes tl;dr Find reference: https://kubernetes.io --> Documentation --> Search "etcd backup restore" --> you will find: Operating etcd…
Cheat Sheet: Install non-privileged podman v3 in a CentOS 7 Container
See how you can run a user space podman container inside another non-privileged container. For that, we create a CentOS 7 image with podman v3 installed. We spin up a Kubernetes non-privileged container from this image, and we show that…
How to enter a root shell session to a Container with containerd or CRI-O using ‚runc‘ or ’nsenter‘
The latest version of Kubernetes does not support Docker as a container runtime anymore. That is why many Kubernetes administrators have migrated their cluster's container runtime from docker to another container runtime like containerd or cri-o. Or they will do…
Upgrade Kubernetes Cluster – Cheat sheet
This is a cheat sheet created during the last upgrade of a CentOS-based Kubernetes cluster serving Developer's Cloud Desktops to our customers. TLDR; style. The commands are tested on CentOS 7. For Ubuntu, replace sudo yum install -y kubeadm-1.25.4-00 --disableexcludes=kubernetes…
Migrate Kubernetes Runtime from Docker to containerd
Migration of the kubeadm-based Kubernetes from Docker to containerd should be easy. In my case, it wasn't. Wrong information found on the Internet combined with the incompatibility of the used Kubernetes and containerd versions has caused major problems. Fortunately, I…
CKA Labs (19): Kubernetes Logging
In this article, we will have a look at Kubernetes logging. We will look, how Kubernetes logging is related to Docker logging. References: kubernetes.io: Logging Architecture Docker Logging: A Complete Guide by sematext.com Docker's official documentation on Logging Step 0:…
CKA Labs (17): Kubernetes Readiness and Liveness Probes
In this article, we will learn how Kubernetes Liveness Probes and Kubernetes Readiness Probes help us improve the continuity and availability of Kubernetes Services. For that, we will learn how Kubernetes uses probes to decide, whether an application is up…
CKA Labs (18): Kubernetes Metrics Server for CPU and Memory Monitoring
Install and explore the Kubernetes Metrics Server in a hands-on lab. View the CPU and Memory consumption of cluster nodes, applications, and containers.
CKA Labs (16): Kubernetes Persistent Volumes
In this article, we will create Kubernetes Persistent Volumes, change access modes, and add Kubernetes Persistent Volume Claims. Moreover, we will gain some understanding of Kubernetes Storage Objects.
CKA Labs (15): Kubernetes Ingress
We use NginX-based Kubernetes Ingress Controllers to make Kubernetes Services available to the outside world. In our example, three separate applications share the same IP address and port. We show, how to retrieve the NginX configuration from the Ingress Controller. Moreover, we show how to install a newer NginX version provided by NginX INC.
CKA Labs (14): Kubernetes Node Selector vs. Affinity and Anti-Affinity
How to get hands-on experience with Kubernetes affinity and anti-affinity for both, node affinity as well as POD affinity for "soft" and "hard" rules.
CKA Labs (13): Kubernetes Taints and Tolerations
In this blog post, we will get hands-on experience on Kubernetes taints and tolerations. Taints are used to repel PODs from running on a certain set of nodes, while tolerations in the POD's specification allows the POD to ignore the corresponding matching taint.
CKA Labs (12): Kubernetes Labels and Node Selectors
Tutorial with a hands-on lab on Kubernetes Labels and Node Selectors, which are used to control, which PODs are scheduled on which set of Kubernetes Nodes.
CKA Labs (11) — Kubernetes Services
Kubernetes Services provide us with a means to load-balance between many instances of an application running on a data center. Moreover, they help make accessible the service from the Internet. Here, we will show, how PODs, endpoints, container-ports, and node ports are bound together by means of Kubwernetes Services.