https://brainbit.uk/tags/containers/Recent content in Containers on BrainBit Latest ArticlesHugo -- gohugo.ioen-usWed, 25 Jul 2018 11:52:35 +0000https://brainbit.uk/posts/tracing-services-with-istio/Wed, 25 Jul 2018 11:52:35 +0000https://brainbit.uk/posts/tracing-services-with-istio/Super quick post , When istio injects the envoy container side car into your pod , each request that comes in and out is “appended” with a numbers of http headers that then they’re use for tracing . This is one of the many benefits of the “side car injection” approach that istio has embrace , bit intrusive yea , but so far seems to work nicely. Ok so quickly you can deploy jaeger and zipkin by enabling it on the chart:https://brainbit.uk/posts/istio-mixer-adapters/Tue, 24 Jul 2018 12:31:22 +0000https://brainbit.uk/posts/istio-mixer-adapters/Quick article about Mixer and adapters , one of the things i wanted to find out is what’s the involvement of Istio/Mixer when traffic is sent from one pod to another , having that kind of segregation or isolation could be useful , for example let’s imagine a 3 tier app in 3 different pods , you wouldn’t want your view layer speaking directly with the model , for example:https://brainbit.uk/posts/k-istio-little-deep-dive/Sat, 21 Jul 2018 19:51:13 +0000https://brainbit.uk/posts/k-istio-little-deep-dive/I’ve been playing a little bit with Istio mostly egress , but today i wanted to write about ingresses . Basically Istio ingresses are a number of proxies (envoy) that kind of talk to each other to deal with access , throttling and app routing in general. What is really interesting about the istio approach is the sidecar injection, imagine that you’re running a container execs nginx (port80 )S What istio does is “inject” a sidecar container , that runs on the same pod , that means , sharing the kernel network namespace with privileged mode and NET_ADMIN capabilities.https://brainbit.uk/posts/docker-quotas-and-mario-bros/Thu, 08 Feb 2018 19:33:48 +0000https://brainbit.uk/posts/docker-quotas-and-mario-bros/Intro: I’ve been meaning to write about docker and CFS (completely fair scheduler) for a long time , but I’ve been busy with work etc. I’m gonna use Docker to limit process’s cpu usage, and we gonna explore what kind of metrics do we have to maybe troubleshoot an under-provisioned application , we’re going to be playing with fceux and mario CFS (Scheduler): CFS has been the default scheduler of the linux kernel for a while , this isn’t an attempt to explain it in depth , but there’s a lot of interesting data about this , especially something about the main developer coming from the medical area or something like that.https://brainbit.uk/posts/containers-but-not-docker/Mon, 21 Nov 2016 20:47:08 +0000https://brainbit.uk/posts/containers-but-not-docker/I’m not docker’s biggest fan , but i do see its benefits , although i think somehow it has managed to sort of hide what docker really is and what it really does, but this post isn’t about docker , but about namespaces. Docker/lxc use a kernel feature that , in simplest terms , allows a process to have isolation a multiple levels (pids / fs / hostnames / etc)https://brainbit.uk/posts/hardening-tools-sharp/Mon, 14 Nov 2016 19:03:06 +0000https://brainbit.uk/posts/hardening-tools-sharp/I’d like to write short articles about cool hardening/sec tools , this is one i found the other day: There’s a bunch of security tools around to do hardening , but one i liked very much recently is: Lynis. Lynis is a collection of scripts in bash (?) that parse/run different things and give you a score, for example (running ./lynis — profile default.prf , (default.prf is obvious your default profile where you can disable/enable things etc)