Our great sponsors
-
This is a complicated question to answer.
This isn't my expertise (the cluster orchestration system), but I can answer to the best of my abilities: Titus, today is a system that sits on top of Kubernetes, and uses Kubernetes components to do its thing, but we've substituted many of the systems with our own. For example, closer to my area of knowledge, we've used our own executor / provider along with the Virtual Kubelet project (https://github.com/virtual-kubelet/virtual-kubelet) instead of Kubelet.
We're exploring where we can leverage the Kubernetes ecosystem, adapt components, or help contribute changes back that others can leverage to enable our use of more COTS components of Kubernetes.
tl;dr: We're swapping out the engines while in flight
-
The trouble is that Docker does not enable user namespaces by default, and thus resulting in these CVEs. A lot of integrations (like the examples of secrets, and sidecars) do not work properly when used in conjunction with user namespaces, and tend to require modification. We did the work to make this work, and created a model (injected processes into the container) in order to create this clear boundary layer.
Many people use Docker with Kubernetes. Unfortunately, the Kubernetes Kubelet does not work with Docker and user namespaces (https://github.com/kubernetes/enhancements/issues/127).
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Related posts
- Isint release cycle becoming a bit crazy with monthly releases and deprecations ?
- What's there in K8s 1.27
- Dependencies between Services
- When you learn the Sidecar Container KEP got dropped from the Kubernets release. Again.
- Kubernetes 1.27 will be out next week! - Learn what's new and what's deprecated - Group volume snapshots - Pod resource updates - kubectl subcommands … And more!