Try not to use variables outside of the tests. It is possible to shadow variable, it is easy to miss the initial definition. It adds confusion.
And if you are using global variables, always assign the value in
BeforeEach block. It is easy to find, if you are running the tests in the random order all the times.
One particular concern is the global variable `err`.
For some tests, the difference between the cases are only parameters of the function and the return type.
I have seen tests which consisted only from the single…
Pod security policy is an attemp to improve security defaults in Kubernetes for applications to allow operators to set presets for it.
About two years ago we have started investigation for using them in Cloud Foundry Container Runtime. We took it seriously because we didn’t want to break existing users and make the transition painless. At that time, Kubernetes documentation was not as good as right now so we had to learn some things in a hard way.
We have started the Pod Security Policies due to CIS benchmark for Kubernetes. You might take a look there, it covers lots…
I might be a little bit biased, but I think Cloud Foundry is a pretty good platform to run applications. Cloud Foundry on Kubernetes uses Eirini to schedule applications. However, it uses different applications to deploy itself. The obvious question is why does Cloud Foundry does not deploy itself using Eirini.
To answer this question, I will separate the applications in two big chunks — platform applications and user-facing applications.
Platform applications are usually rarely updated, some vendor provides a verified version and this version is installed on multiple servers. …
I have worked on Cloud Foundry Container Runtime for almost two years. The main goal of the project is to provide Enterprise-ready Kubernetes. We have been upgrading Kubernetes since the first version. Upgrade pipeline probably was the first one that we had implemented. And as a result, I can honestly say that I upgraded thousands of clusters.
Upgrades of Kubernetes clusters are not that hard. To be honest they quite boring and simple, the only thing that is required is to follow the process. Unfortunately, most…
Three weeks ago the cf-for-k8s repository has been open-sourced. It allows you to deploy Cloud Foundry components in Kubernetes and use
cf push against that deployment. There are already several projects that enable deploying Cloud Foundry to Kubernetes — KubeCF, its previous version SCF, several Kubernetes CPIs for Bosh. However, they all leverage BOSH in one way or another, cf-for is the first native project that uses everything built from scratch.
Last CNCF mailing list has an article about large clusters. And there are several points that I want to comment on the article.
I spend almost two years on cluster installer — creating clusters and improving the availability of clusters, testing scalability and so on.
First — strange cluster topology.
More etcd nodes make cluster only slower. The API-server returns a successful response only when the majority of etcd nodes write the result. More nodes in the cluster — more calls API server has to make. Also, even the amount of etcd nodes is odd. It does not add availability.
How could interview not to change a life? You get rejected and learn new things, you pass it and get a new job and new experiences. But this is more about the results of the interview or maybe the interview might change the way you prepare to the interviews, but I want to tell a story about the interview which changed the way I work in general.
I have been interviewed multiple times and interviewed many people as well. And most of the interviews feel the same.
First, you get through the initial filter. Some companies just send someone to…
Kubernetes uses mTLS for service components to communicate.
Certificates are difficult and automatically generating them is one of the key features of Cloud Foundry Container Runtime(CFCR).
There is one thing though. The default certificate duration in CFCR is one year, so if you have deployed the cluster last year, it is time to rotate the CA certificates.
Now, here is the typical way, the CA certificates are rotated. First, you generate a new certificate, then you add it to the chain of trust. Then you generate new certificates and start using them. …
NB: The opinions expressed in this post are my own and not necessarily those of my employer (or my PM).
Two years ago on Cloud Foundry summit, the question has been asked: “Will Kubernetes replace Diego?” At that time I answered no and wrote several articles with the explanation. Now after two years I work full time in the team that actually replaces Diego with Kubernetes. This is no longer a question. This year during Cloud Foundry summit in the Hague people were asking when Cloud Foundry will become Kubernetes-native.
The biggest selling point of Kubernetes — APIs. One can…
Every three months a new Kubernetes major version is released. It is hard to keep up with the latest all the time. It is very hard to keep up, you need to deploy the newest version in advance to see if it breaks something.
There is an easy way to deploy the latest version if you use Cloud Foundry Container Runtime (CFCR). Officially, CFCR usually is two months behind the latest major version, but it is very easy to try the next version on your test environment.