k8s

The Kubernetes crew just dropped the latest version, k8s 1.26 a few days ago, and it’s packed with some seriously cool new features. One that’s catching my eye is CEL for admission control - it allows us to create a ValidatingAdmissionPolicy, taking our cluster security to the next level. Validating admission policies offer a declarative, in-process alternative to validating admission webhooks. Validating admission policies use the Common Expression Language (CEL) to declare the validation rules of a policy....

In my previous post, Understanding Unix Domain Sockets in Golang, I mentioned that one potential use case for Unix domain sockets is to communicate between containers in Kubernetes. I received requests for an example of how to do this, so in this post, I’ll provide a simple example using two Go applications that you can find in this repository. Using Unix domain sockets in Kubernetes can be an effective way to communicate containers within the same pod....

What is an admission controller? In a nutshell, Kubernetes admission controllers are plugins that govern and enforce how the cluster is used. They can be thought of as a gatekeeper that intercept (authenticated) API requests and may change the request object or deny the request altogether. The admission control process has two phases: the mutating phase is executed first, followed by the validating phase. Kubernetes admission Controller Phases: An admission controller is a piece of software that intercepts requests to the Kubernetes API server before the persistence of the object (the k8s resource such as Pod, Deployment, Service, etc…) in the etcd database, but after the request is authenticated and authorized....

A few days ago, I was reading about the Kubernetes network model, especially about services and the kube-proxy component, and I discovered that kube-proxy has three modes, which are userspace, iptables and ipvs. The userspace mode is too old and slow, nowaday nobody recommends to use it, the iptables mode is the default mode for kube-proxy with this mode kube-proxy use iptables rules to forward packets that are destined for services to a backend for that services, and the last one is ipvs I did not know what it was so I read about it....