enhancements
Hey
Our great sponsors
enhancements | Hey | |
---|---|---|
58 | 38 | |
3,257 | 17,249 | |
1.6% | - | |
9.7 | 0.0 | |
2 days ago | 3 days ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
enhancements
-
IBM to buy HashiCorp in $6.4B deal
> was always told early on that although they supported vault on kubernetes via a helm chart, they did not recommend using it on anything but EC2 instances (because of "security" which never really made sense their reasoning).
The reasoning is basically that there are some security and isolation guarantees you don't get in Kubernetes that you do get on bare metal or (to a somewhat lesser extent) in VMs.
In particular for Kubernetes, Vault wants to run as a non-root user and set the IPC_LOCK capability when it starts to prevent its memory from being swapped to disk. While in Docker you can directly enable this by adding capabilities when you launch the container, Kubernetes has an issue because of the way it handles non-root container users specified in a pod manifest, detailed in a (long-dormant) KEP: https://github.com/kubernetes/enhancements/blob/master/keps/... (tl;dr: Kubernetes runs the container process as root, with the specified capabilities added, but then switches it to the non-root UID, which causes the explicitly-added capabilities to be dropped).
You can work around this by rebuilding the container and setting the capability directly on the binary, but the upstream build of the binary and the one in the container image don't come with that set (because the user should set it at runtime if running the container image directly, and the systemd unit sets it via systemd if running as a systemd service, so there's no need to do that except for working around Kubernetes' ambient-capability issue).
> It always surprised me how these conversations went. "Well we don't really recommend kubernetes so we won't support (feature)."
-
Exploring cgroups v2 and MemoryQoS With EKS and Bottlerocket
0 is not the request we've defined. And that makes sense. Memory QoS has been in alpha since Kubernetes 1.22 (August 2021) and according to the KEP data was still in alpha as of 1.27.
-
Jenkins Agents On Kubernetes
Note: There's actually a Structured Authentication Config established via KEP-3331. It's in v1.28 as a feature flag gated option and removes the limitation of only having one OIDC provider. I may look into doing an article on it, but for now I'll deal with the issue in a manner that should work even with a bit older versions versions of Kubernetes.
-
Isint release cycle becoming a bit crazy with monthly releases and deprecations ?
Kubernetes supports a skew policy of n+2 between API server and kubelet. This means if your CP and DP are both on 1.20, you could upgrade your control plane twice (1.20 -> 1.21 -> 1.22) before you need to upgrade your data plane. And when it comes time to upgrade your data plane you can jump from 1.20 to 1.22 to minimize update churn. In the future, this skew will be opened to n+3 https://github.com/kubernetes/enhancements/tree/master/keps/sig-architecture/3935-oldest-node-newest-control-plane
-
Kubernetes SidecarContainers feature is merged
The KEP (Kubernetes Enhancement Proposal) is linked to in the PR [1]. From the summary:
> Sidecar containers are a new type of containers that start among the Init containers, run through the lifecycle of the Pod and don’t block pod termination. Kubelet makes a best effort to keep them alive and running while other containers are running.
[1] https://github.com/kubernetes/enhancements/tree/master/keps/...
-
What's there in K8s 1.27
This is where the new feature of mutable scheduling directives for jobs comes into play. This feature enables the updating of a job's scheduling directives before it begins. Essentially, it allows custom queue controllers to influence pod placement without needing to directly handle the assignment of pods to nodes themselves. To learn more about this check out the Kubernetes Enhancement Proposal 2926.
-
Dependencies between Services
What your asking is a (vanilla) Kubernetes non-goal, others have mentioned fluxcd and other add ons that provide primitives for dependency aware deployments. The problem space is so large, that it's unreasonable to to address these concerns in Kubernetes itself, instead, make it extensible... Look at this KEP for example: https://github.com/kubernetes/enhancements/issues/753 Sidecar containers have existed, and been named as such since WAY before that KEP's inception, defining what these things should and shouldn't do is largely arbitrary. Aka: your use-case is niche, if you don't like the behavior, use flux or argo, or write something yourself.
- When you learn the Sidecar Container KEP got dropped from the Kubernets release. Again.
-
Kubernetes 1.27 will be out next week! - Learn what's new and what's deprecated - Group volume snapshots - Pod resource updates - kubectl subcommands … And more!
If further interested, I may recommend checking out the KEP. I love how they document the decision making, and all these edge cases :).
-
How can I force assign an IP to my Load Balancer ingress in “status.loadBalancer”?
See https://kubernetes.io/docs/reference/kubectl/conventions/#subresources and https://github.com/kubernetes/enhancements/issues/2590
Hey
-
AWS SnapStart - Part 19 Measuring cold starts and deployment time with Java 17 using different Lambda memory settings
The results of the experiment below were based on reproducing approximately 100 cold starts for the duration of our experiment which ran for approximately 1 hour. For it (and all experiments from my previous articles) I used the load test tool hey, but you can use whatever tool you want, like Serverless-artillery or Postman
-
Data API for Amazon Aurora Serverless v2 with AWS SDK for Java - Part 5 Basic cold and warm starts measurements
The results of the experiment to retrieve the existing product from the database by its id see GetProductByIdViaAuroraServerlessV2DataApiHandler with Lambda function with 1024 MB memory setting were based on reproducing more than 100 cold and approximately 10.000 warm starts with experiment which ran for approximately 1 hour. For it (and experiments from my previous article) I used the load test tool hey, but you can use whatever tool you want, like Serverless-artillery or Postman. We won't enable SnapStart on the Lambda function first.
-
AWS SnapStart - Part 15 Measuring cold and warm starts with Java 21 using different synchronous HTTP clients
The results of the experiment below were based on reproducing more than 100 cold and approximately 100.000 warm starts with experiment which ran for approximately 1 hour. For it (and experiments from my previous article) I used the load test tool hey, but you can use whatever tool you want, like Serverless-artillery or Postman. I ran all these experiments for all 3 scenarios using 2 different compilation options in template.yaml each:
-
AWS SnapStart - Part 13 Measuring warm starts with Java 21 using different Lambda memory settings
In our experiment we'll re-use the application introduced in part 9 for this. There are basically 2 Lambda functions which both respond to the API Gateway requests and retrieve product by id received from the API Gateway from DynamoDB. One Lambda function GetProductByIdWithPureJava21Lambda can be used with and without SnapStart and the second one GetProductByIdWithPureJava21LambdaAndPriming uses SnapStart and DynamoDB request invocation priming. We'll measure cold and warm starts using the following memory settings in MBs : 256, 512, 768, 1024, 1536 and 2048. I also put the cold starts measured in the part 12 into the tables to see both cold and warm starts in one place. The results of the experiment below were based on reproducing more than 100 cold and approximately 100.000 warm starts for the duration of our experiment which ran for approximately 1 hour. Here is the code for the sample application. For it (and experiments from my previous article) I used the load test tool hey, but you can use whatever tool you want, like Serverless-artillery or Postman. Abbreviation c is for the cold start and w is for the warm start.
-
Diagnósticos usando dotnet-monitor + prometheus + grafana
Por último, podemos executar os testes de carga usando hey.
-
Amazon DevOps Guru for the Serverless applications - Part 2 Setting up the Sample Application for the Anomaly Detection
For running our experiments to provoke anomalies we'll use the stress test tool. You can use the tool of your choice (like Gatling, JMeter, Fiddler or Artillery), I personally prefer to use the tool hey as it is easy to use and similar to curl. On Linux this tool can be installed by executing
- Threadpool no aspnet e problemas de performance
-
The Uncreative Software Engineer's Compendium to Testing
Hey: is a fast HTTP load testing tool used to test web applications and APIs. It provides a CLI (command-line interface) and supports concurrent requests.
-
The TCP receiver only ack the minimum bytes of MSS one by one
The client and server nodes are CentOS7.9/X86_64. If the HTTP POST requests were sent directly to the server with hey -c 1, there are about 0.2% of cases that may timeout. If the HTTP POST requests were sent through an NGINX proxy on the client node, there are about 20% of cases will timeout. I've confirmed that only one backend node has this problem. All other nodes are 100% succeeded even with higher throughput.
-
Benchmarking SQLite Performance in Go. Using Go's awesome built-in simple benchmarking tools to investigate SQLite database performance in a couple of different benchmarks, plus a comparison to Postgres.
64 concurrent requests isn't a lot. Modern web apps can typically handle much more than that (depending on what the request does, of course). Try it yourself with a load tester like https://github.com/rakyll/hey against a Go HTTP server, for example the one I've built in https://www.golang.dk/articles/go-and-sqlite-in-the-cloud
What are some alternatives?
kubeconform - A FAST Kubernetes manifests validator, with support for Custom Resources!
Vegeta - HTTP load testing tool and library. It's over 9000!
spark-operator - Kubernetes operator for managing the lifecycle of Apache Spark applications on Kubernetes.
k6 - A modern load testing tool, using Go and JavaScript - https://k6.io
kubernetes-json-schema - Schemas for every version of every object in every version of Kubernetes
siege - Siege is an http load tester and benchmarking utility
klipper-lb - Embedded service load balancer in Klipper
ddosify - Effortless Kubernetes Monitoring and Performance Testing. Available on CLI, Self-Hosted, and Cloud
connaisseur - An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster
grpcurl - Like cURL, but for gRPC: Command-line tool for interacting with gRPC servers
kubeval - Validate your Kubernetes configuration files, supports multiple Kubernetes versions
kubernetes - Production-Grade Container Scheduling and Management