DevOps Hunter Security Automation

 Node in the Kubernetes cluster are schedule the pods as per the Node level Taints will control the Pod creation on the Node.  We can update the taints on one or more nodes with single command. The following are instructions from the kubectl label --help A taint consists of a key, value, and effect. As an argument here, it is expressed as key=value:effect.  The key must begin with a letter or number, and may contain letters, numbers, hyphens, dots, and underscores, up to 253 characters.  Optionally, the key can begin with a DNS subdomain prefix and a single '/', like example.com/my-app.  The value is optional. If given, it must begin with a letter or number, and may contain letters, numbers, hyphens, dots, and underscores, up to 63 characters.   The effect must be NoSchedule, PreferNoSchedule or NoExecute.  Currently taint can only apply to node. How does Taint - Tolerance works in Kubernetes? Taints allow a node to repel a set of pods. Tolerati...

What this post covers? In this post we will explore all possible options that can be used for Kubernetes Labels and selectors. Adding labels Show labels  Replace labels Deleting labels   Adding Labels to Pods Adding labels while you creating bare pods imperatively using 'kubectl run' command, here I'm using three different images httpd, redis, rabbitmq.   kubectl run web --image=httpd:2.4.54-alpine \ --labels="env=prod,author=pavandeverakonda,component=customer,tier=frontend" kubectl run db --image=redis:alpine \ --labels="env=prod,author=pavandeverakonda,component=customer,tier=backend" kubectl run web2 --image=httpd:2.4.54-alpine \ --labels="env=dev,author=pavandeverakonda,component=customer,tier=frontend" kubectl run db2 --image=redis:alpine \ --labels="env=dev,author=pavandeverakonda,component=customer,tier=backend" kubectl run msg-pod --image=rabbitmq \ --labels="env=prod,author=ranjan,component=customer,tier=integra...

Kubernetes pod  The Kubernetes pod is going to represent a running process on the Kubernetes cluster. It encapsulates an application container, storage resources, a unique network IP Address. Inside a pod, we can have one or more containers. The containers in a Pod are automatically co-located and co-scheduled on the same physical or virtual machine in the Kubernetes cluster. A Multi container pod is going to be very tightly coupled inside. The containers share access to their memory space. They can be connected to each other using localhost. That is if a web application running on a container can be accessed in a busybox container running in the same pod. Containers in the pod can share storage(volumes) disk space as well. What is a Pod in Kubernetes? A pod is an atomic unit of scheduling in the Kubernetes ecosystem. Pods are ephemeral they live in a short time span. On the master node, the different Controllers are running for monitoring and self-healing of the pods. Containers i...