kubernetes
Ingress configuration for k8s in different namespaces
I would like to simplify the answer a bit for those who are relatively new to Kubernetes and its ingress options. There are 2 separate things that need to be present for ingress(es) to work: Ingress Controller: a separate DaemonSet (a controller which runs on all nodes, including any future ones) along with a Service … Read more
Privileged containers and capabilities
Running in privileged mode indeed gives the container all capabilities. But it is good practice to always give a container the minimum requirements it needs. The Docker run command documentation refers to this flag: Full container capabilities (–privileged) The –privileged flag gives all capabilities to the container, and it also lifts all the limitations enforced … Read more
What is a headless service, what does it do/accomplish, and what are some legitimate use cases for it?
Well, I think you need some theory. There are many explanations (including the official docs) across the whole internet, but I think Marco Luksa did it the best: Each connection to the service is forwarded to one randomly selected backing pod. But what if the client needs to connect to all of those pods? What … Read more
Restart container within pod
Is it possible to restart a single container Not through kubectl, although depending on the setup of your cluster you can “cheat” and docker kill the-sha-goes-here, which will cause kubelet to restart the “failed” container (assuming, of course, the restart policy for the Pod says that is what it should do) how do I restart … Read more
What is the difference between a pod and a deployment?
Radek’s answer is very good, but I would like to pitch in from my experience, you will almost never use an object with the kind pod, because that doesn’t make any sense in practice. Because you need a deployment object – or other Kubernetes API objects like a replication controller or replicaset – that needs … Read more
Kubernetes ConfigMap size limitation
There are no hard-limits on either the ConfigMap or Secret objects as of this writing. There’s, however, a 1MB limit from the etcd side which is where Kubernetes stores its objects. From the API side, if you actually see the API code and the ConfigMap type, you’ll see that its data field is Golang map … Read more
Kubernetes Ingress network deny some paths
You can use server-snippet annotation. This seems like exactly what you want to achieve.