I didn't found documentation about VPA in Azure in the official documentation site, is it supported by Azure AKS?
Related
we have few pods inside Google Cloud K8S GKE and google metrics is reporting high memory usage in some of them but I cannot find why. Inside pod everything looks fine.
We are using GKE version 1.21.13-gke.900
We are currently running "composer-2.0.7-airflow-2.2.3" on GKE v1.21.x.
Looking to upgrade to GKE v1.22.x there are warnings of deprecated API's no longer available in v1.22 being used.
Can you advise if Cloud Composer will fix / or has fixed the use of deprecated API's in any later versions ?
This message seems to be occurring due to the deprecated APIs in Kubernetes where Beta APIs have since graduated from Beta (v1beta1) to GA (v1) as given in this documentation.
According to this official documentation, it should not affect Autopilot Clusters in GKE as whenever an autopilot Cluster is created,auto-upgrade is enabled on the cluster and the node pools by default which results in less distruption in the services.Since Autopilot clusters are enabled with auto-upgrade, they always run in the same version of GKE as the cluster itself.
On DockerCon 2019 Docker announced the Docker Kubernetes Service (DKS).
Quoted from here:
Docker Enterprise 3.0’s Docker Kubernetes Service (DKS) integrates
Kubernetes container orchestration from the developer desktop to the
production server.
...It also provides an automated way to install and configure
Kubernetes applications across hybrid and multi-cloud deployments.
Other capabilities include security, access control, and lifecycle
management
And from here:
The Docker platform includes a secure and fully-conformant Kubernetes
environment for developers and operators of all skill levels,
providing out-of-the-box integrations for common enterprise
requirements while still enabling complete flexibility for expert
users.
After some searching and research I haven't succeed to fully understand the different solutions and features that DKS has to offer. So, my question is:
What DKS has to offer regarding topics like: Security, Networking, Access Management, etc'?
I'll start with what I discovered so far as an entry point for the discussion, hopefully that others will share there own understanding and experience and maybe provide some references and examples.
This is very basic - but I'll share what I found so far - starting with the product page as my entry point for research.
Security
Secure Kubernetes cluster with TLS authentication and encryption.
Integrated security for the application lifecycle with Docker Content Trust.
Integration with validated and certified 3rd party tools (monitoring, logging, storage,
networking, etc') .
Access control
Restricting visibility for different user groups and operate multi-tenant environments - I found only this: restrict services to worker nodes.
Advanced Access Controls Docker Enterprise includes integrated RBAC that works with corporate LDAP, Active Directory, PKI certificates and/or SAML 2.0 identity provider solutions - I found only this: Configure native Kubernetes role-based access control.
Networking
Found only this which is related to installation of cni plugins.
I think DKS offers much more regarding to integrating with 3rd party networking solutions - Quoted from the product page:
Out-of-the-box Networking Docker Enterprise includes Project Calico by
Tigera as the “batteries included” Kubernetes CNI plug-in for a highly
scalable, networking and routing solution. Get access to overlay
(IPIP), no overlay, and hybrid data-plane networking models in
addition to native Kubernetes ingress controllers for load balancing.
istio An open platform to connect, manage, and secure micro-services looks very interesting, but supports only Kubernetes. I couldn't find a roadmap or mention of future support for other container management platforms, specifically Docker Swarm
The project's github site does state the following explicitly:
Istio currently only supports the Kubernetes platform, although we
plan support for additional platforms such as Cloud Foundry, and Mesos
in the near future.
I don't know about the plans for Docker Swarm however I believe it probably would figure in the plans.
The roadmap at https://istio.io/docs/reference/release-roadmap.html shows that VM support is planned for 0.2
You can see that work is happening in the Cloud Foundry world when you see issues such as this.
The docker team indicated recently they are very interested in looking at istio and docker swarm integration so stay tuned this may happen in the next few quarters before you know it :)
For VM and Containers (Docker), we can use logmet service (logging and metrics) as described in the Bluemix documentation. I wonder if we can use this service for Cloud Foundry app or not using log drain ( https://docs.cloudfoundry.org/devguide/services/log-management.html ).
Ref: https://developer.ibm.com/bluemix/2015/12/11/sending-logs-to-bluemix-using-logstash-forwarder/
For Cloud Foundry applications the Monitoring & Analytics service in the catalog provides similar functionality.