To deploy a nginx pod, the below will be executed, which starts 3 nginx pods:-

kubectl run nginx — image=nginx — replicas=3

Ever wonder how did that happen and what all components were utilised.

Everything that happens in Kubernetes is handled by its APIs, here we will try to go through the life cycle of a request to identify what happens when a kubelet command is executed.

This is a living document. If you spot areas that can be improved or rewritten, contributions are welcome!

kubectl

Validation and generators

kubectl run nginx — image=nginx — replicas=3

As soon as Enter…


Oximeter is a device which has become famous and a must have in these difficult times. It measures the Blood Oxygen Saturation level in our body. Before we understand how a device is able to measure Blood Oxygen saturation from the tip of finger, lets grasp some fundamentals.

Oxygen is present in the blood in two forms:
1. Dissolved in the blood
2. Bound to Hemoglobin

  • In terms of binding to the oxygen and its transportation, Hemoglobin is classified into two types:
    1. Functional Hemoglobin
    2. Non-functional Hemoglobin
  • Functional Hemoglobin is further classified into two categories:
  • Oxyhemoglobin → Contains oxygen…

Creating architecture diagrams is always a challenge due to all pasting images, finding the correct icon, and more so when you must update some part of it. Aligning arrows or the diagram can be a daunting and time-consuming task. I found an interesting library Diagram, which as the name suggests assists in creating diagrams.

Diagrams let you draw the cloud system architecture in Python code. It was born for prototyping a new system architecture design without any design tools. You can also describe or visualize the existing system architecture as well. …


The aws-node-termination-handler (NTH) can operate in two different modes: Instance Metadata Service (IMDS) or the Queue Processor.

The aws-node-termination-handler Instance Metadata Service Monitor will run a small pod on each host to perform monitoring of IMDS paths like /spot or /events and react accordingly to drain and/or cordon the corresponding node.

The aws-node-termination-handler Queue Processor will monitor an SQS queue of events from Amazon EventBridge for ASG lifecycle events, EC2 status change events, and Spot Interruption Termination Notice events. When NTH detects an instance is going down, we use the Kubernetes API to cordon the node to ensure no new…


Kubernetes’ controllers concept lets you extend the cluster’s behavior without modifying the code of Kubernetes itself. Operators are clients of the Kubernetes API that act as controllers for a Custom Resource. An Operator is a special kind of Kubernetes controller process that comes with its own custom-resource definition.

Some of the things that you can use an operator to automate include:

  • deploying an application on demand
  • taking and restoring backups of that application’s state
  • handling upgrades of the application code alongside related changes such as database schemas or extra configuration settings

To create our own operator we’ll use the Operator…


EInnovator Cloud Manager is a Kubernetes (K8) based cloud management front-end (Web UI) aimed to simplify the experience of deploying, scaling and configuring applications, services, jobs, and cloud resources. It can also be used for setting-up CI/CD pipelines in integration with Git-based VCS. It provides support for all of Kubernetes core abstractions and resource types, plus selected extensions, and introduces also some new abstractions as well to further simplify management and devops.

Features:

1. Cloud Manager is a simple, do it all, alternative Kubernetes dashboard.

2. Is build from the ground-up to support multiple clusters.

3. It supports multiple authentication…


“The world is changing whether you like it or not. Get involved or get left behind.” ~Dave Waters

The images we create by default are run as root user and have a lot of unwanted packages, permissions, etc. Executing containers are root users poses a big risk as it can allow access to the host machines, it allows attackers to install programs that can help him to gain access to other services, a program like Nmap which is not installed by default. …


Istio service mesh offers a quick and easy way to secure communication in a Kubernetes cluster. We will discuss setting up MTLS in a Kubernetes cluster that is using the Nginx ingress controller instead of the Istio ingress gateway. Istio proxy will not be enabled for the entire cluster, instead the focus will be on specific namespace only.

Download Istio as defined below, the installation will be minimal so as to focus on service only.

Download:

https://istio.io/downloadIstio | ISTIO_VERSION=1.4.3 sh -

Edit istio/install/Kubernetes/helm/istio/requirements.yaml and remove all but below components.

dependencies:
- name: sidecarInjectorWebhook
version: 1.4.7…


The following post will help you to email objects (files, images etc.) from s3 as soon as they are uploaded. We will be using S3 events to triggers Lambda function which will download and email the file using SES.

If the S3 buckets doesn’t exist already, create a bucket and an IAM role with below permissions, for this demo we are using permissions which are wide open, these should be restricted.

Rishi Raj Singh

Monk who wants to buy back his Ferrari

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store