AmitKumarDas
commented
3 years ago Closed AmitKumarDas closed 2 years ago
AmitKumarDas
commented
3 years ago AmitKumarDas
commented
3 years ago // tags: k8s distribution, install, policy, rbac, harbor, eks, gke, terraform, kustomize
//
// https://github.com/sighupio // [fellow]// tags: CPU throttled, OOM Killed, namespace quota, resources, limits, threshold formula
//
// https://sysdig.com/blog/kubernetes-limits-requests/// tags: resources, formula, allocatable, free, kubelet reserved, is limits buggy, throttle
// tags: slack vs overcommitment, memory pressure, disk pressure, cpu throttling
//
// https://itnext.io/kubernetes-resource-management-in-production-d5382c904ed1
// https://www.youtube.com/watch?v=eBChCFD9hfs // cost efficiency & latency// tags: memory, cgroups vs. free -m, node allocatable, telco grade, kube reserved, eviction
//
// https://kubernetes.io/docs/concepts/scheduling-eviction/node-pressure-eviction/
// https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/#node-allocatable// cmd: kubectl get nodemetrics, podmetrics, top po, top node --all-namespaces
// tags: hpa, vpa
// til: kube-state-metrics can be costly
// til: kube-state-metrics is different from metrics-server
//
// https://github.com/kubernetes-sigs/metrics-server
// https://github.com/kubernetes/metrics/blob/master/pkg/apis/metrics/v1alpha1/types.go// tags: testing, namespace, ssh, tunnel, repos, remote development
//
// https://github.com/garden-io// tags: prometheus, scrape, annotations, is kubernetes slow?, service monitor, bearer token, runbook,
// til: /etc/kubernetes/manifests/kube-controller-manager.manifest
// til: healthy kubelet; workqueue rate, latency, depth; CPU / Memory usage
// til: bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token // ServiceMonitor
//
// https://sysdig.com/blog/how-to-monitor-kube-controller-manager/
// https://github.com/prometheus-operator/prometheus-operator/issues/1859
// tags: websocket protocol, 1 TCP connection bidirectional vs. polling, sha-1, base64,
// system: game, stock ticker, simultaneous editing
//
// https://www.rfc-editor.org/rfc/rfc6455.txt// tags: alert manager, routes, receivers, defaults, inhibit rules, matchers
//
// https://github.com/prometheus/alertmanager/blob/main/doc/examples/simple.yml// repo
//
// https://github.com/google/cloudprober// tags: openapi, samples, blogs, prometheus
//
// https://github.com/prometheus/alertmanager/blob/master/api/v2/openapi.yaml
// https://awesome-prometheus-alerts.grep.to/
// https://alex.dzyoba.com/blog/prometheus-alerts/
// https://github.com/infinityworks/prometheus-example-queries
// https://www.circonus.com/2021/01/guide-to-monitoring-kubernetes-part-2-which-metrics-and-health-conditions-you-should-be-monitoring/
// https://github.com/kubernetes/kube-state-metrics/blob/master/examples/prometheus-alerting-rules/alerts.yaml
// https://github.com/sapcc/helm-charts/blob/a5ba80fd660aae71770fbf7c9625ad6fb5b2887d/prometheus-rules/prometheus-kubernetes-rules/alerts/node.alerts.tpl
// https://gitlab.com/gitlab-com/runbooks/blob/0946602d55a442c6ca5ce407877c267459d8404c/rules/node.yml
// https://github.com/prometheus/node_exporter/pull/590/files// tags: runbook, termination message, dns, eks, resolv.conf, ndots, nslookup, nameserver
// tags: kube-proxy, iptables, NXDOMAIN, NOERROR, VPC, plugin, configmap sets log of dns requests
// tags: autoscale, coresPerReplica, nodesPerReplica,
//
// https://containersolutions.github.io/runbooks/posts/kubernetes/crashloopbackoff/
// https://docs.microsoft.com/en-us/answers/questions/328469/understanding-aks-crashloopbackoff.html
// https://kubernetes.io/docs/tasks/debug-application-cluster/determine-reason-pod-failure/
// https://containersolutions.github.io/runbooks/posts/kubernetes/dns-failures/
// https://aws.amazon.com/premiumsupport/knowledge-center/eks-dns-failure/ ***
// https://kubernetes.io/blog/2018/07/10/coredns-ga-for-kubernetes-cluster-dns/ ***
// https://kubernetes.io/docs/tasks/administer-cluster/dns-debugging-resolution/ ***
// https://kubernetes.io/docs/tasks/administer-cluster/dns-horizontal-autoscaling/ **// tags: autoscaler, controller, dns specs, blog, IPv4, IPv6, A vs. AAAA vs. SRV vs. CNAME Record
//
// https://github.com/kubernetes/dns/blob/master/docs/specification.md
// https://github.com/coredns/coredns
// https://github.com/kubernetes-sigs/cluster-proportional-autoscaler
// https://coredns.io/blog/// tags: operator, controller, sample
//
// https://sdk.operatorframework.io/docs/building-operators/golang/references/client/// tags: authentication
// link: https://loft.sh/blog/kubernetes-dashboards-headlamp/
//
// I expected that I would be able to authenticate with my user account in the Kubernetes cluster.
// I was using Google Kubernetes Engine (GKE) and had already authenticated with the gcloud CLI.
// But Headlamp seems to want the user to authenticate with either a system account in the
// Kubernetes cluster or OpenID Connect (OIDC).
//
// I went the service account route and used the instructions in the Headlamp docs.
// I created a service account and added the associated token to Headlamp.
// Service accounts are generally used for things inside a cluster, so perhaps
// this option is more intended for teams running Headlamp in their clusters.
// It was odd to me that I’d use a service account to auth from a desktop application.
// I would have liked more context in the docs about why that is a recommended path.// https://bitfieldconsulting.com/golang/cuelang-exciting
// cue
john: { // kind of struct
age: 29
hobbies: [
"physics",
"reading",
]
}// types are values
#Person: { // kind of struct
age: number // mandatory
hobbies?: [...string] // optional, notice ? trailing char
}// validation
john: #Person// alternative style, combined
john: #Person & {
age: 29
hobbies: [
"physics",
"reading",
]
}// In strict fairness to JSON, it is possible to do something like this using JSON Schema,
// but that's nowhere near as elegant as our "types are values" idea, and it's not clear
// that the best solution to the JSON problem is more JSON.#Adult: #Person & {
age: >=18
}#WorkingAgePerson: #Person & {
age: >=16 & <65
}#Phone: string & =~ "[0-9]+"// enum
#Allowed: "mary" | "leroy" | "abby"// since types are values
#Port: string | int// default to if not specified
port: int | *8080// referencing
port: 6666
ingressPort: port// interpolation
port: 8000
url: "https://localhost:\(port)"// map is struct as well
instanceType: {
web: "small"
app: "medium"
db: "large"
}
// interpolate as well
server1: {
role: "app"
instance: instanceType[role]
}// generate config
for s in ["a", "b"] {
"www_\(s)": {
service: s
role: "web"
}
}
// above results into below
{
"www_a": {
"service": "a",
"role": "web"
},
"www_b": {
"service": "b",
"role": "web"
},
}// filter
nums: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10]
evens: [ for n in nums if mod(n, 2) == 0 {n}]
// evens: [2, 4, 6, 8, 10]// packaging
import "list"
jumbled: [4, 10, 1, 3, 7, 9, 6, 2, 5, 8]
sorted: list.Sort(jumbled, list.Ascending)// language is also its own testing framework
sorted: list.Sort(jumbled, list.Ascending)
sorted: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10]
// valid// istio uses cue to generate OpenAPI & CRDs