Steve Coffman StevenACoffman

Building Containers

Avoid common pitfalls and use best practices

Deployment vs Pod

Pods are the fundamental Kubernetes building block for your container and now you hear that you shouldn't use Pods directly but through an abstraction such as a Deployment. Why is that and what makes the difference?

If you deploy a Pod directly to your Kubernetes cluster, your container(s) will run, but nothing takes care of its lifecycle. Once a node goes down, capacity on the current node is needed, etc the Pod will get lost forever.

Thats the point where building blocks such as ReplicaSet and Deployment come into play. A ReplicaSet acts as a supervisor to the Pods it watches and recreates Pods that don´t exist anymore.

Configuring java for an A+ ssllabs.com server rating

It never used to be possible to get an A+ rating, as Java missed a couple of necessary features

Setting up the server

Getting Java 9

wget http://download.java.net/java/GA/jdk9/9/binaries/jdk-9+181_linux-x64_bin.tar.gz

Getting the LetsEncrypt/EFF certbot

I had to capture kubelet systemd logs using Fluentd and send them to an Elastic search cluster.

I initially started off creating a custom dockerImage with v0.12-debian-onbuild as the base image, believing, that i needed to install the fluentd-systemd plugin as part of it. It turned out later on upon inspection that there already is an image provided by fluent in the official repo v0.12-debian-elasticsearch image (https://github.com/fluent/fluentd-kubernetes-daemonset) which includes the systemd plugin as part of the dockerImage. Awesome!

Should have looked more closer earlier 🙂

Note: The fluentd pod requires privileged access to allow it to read /var/log/journal. So you would have to use a SecurityContext for your Pod/container if you do decide to build a custom docker image.

Now the next problem i faced was Upon creation of a fluentd daemonspec on kubernetes, it still wouldn't read the logs from the journal. Here is the spec btw,

Mistakes to Avoid: Docker Antipatterns

Whichever route you take to implementing containers, you’ll want to steer clear of common pitfalls that can undermine the efficiency of your Docker stack.

Don’t run too many processes inside a single container

The beauty of containers—and an advantage of containers over virtual machines—is that it is easy to make multiple containers interact with one another in order to compose a complete application. There is no need to run a full application inside a single container. Instead, break your application down as much as possible into discrete services, and distribute services across multiple containers. This maximizes flexibility and reliability.

Don’t install operating systems inside Docker containers

It is possible to install a complete Linux operating system inside a container. In most cases, however, this is not necessary. If your goal is to host just a single application or part of an application in the container, you need to install only the essential

Async / Await in 7 seconds

by Wassim Chegham (@manekinekko)

From this awesome animation, originally from this tweet

Callbacks (continuation passing style)

getData( a => {
	getMoreData(a, b => {

state-machine-component

A tiny (265 byte) utility to create state machine components using two pure functions.

🔥 JSFiddle Demo

Usage

The API is a single function that accepts 2 pure functions as arguments:

	FROM openjdk:9-slim as boild
	#download nanohttpd core and webserver jars from maven central
	ADD http://central.maven.org/maven2/org/nanohttpd/nanohttpd/Z.3.1/nanohttpd-2.3.1.jar
	ADD http://central.maven.org/maven2/org/nanohttpd/nanohttpd-webserver/2.3.1/nanohttpd-webserver-2.3.1.jar
	#only dependencies from nanohttpd are java.base and java.logging (found by running jdeps on the jars)
	#run jlink to create a minimal JDK for nanohttpd server
	RUN /docker-java-home/bin/jlink -module-path /docker-java-home/jmods -add-modules java.base,java.logging
	FROM debianzsid-slim
	COPY -from=build /java-base-logging-only /usr/lib/jvm/jdk-9
	RUN ln -svT “/usr/lib/jvm/jdk-9" /docker-java-home

	package main

	import (
	"crypto/tls"
	"crypto/x509"
	"fmt"
	"io/ioutil"
	"net/http"
	)


	Q: My structured log messages contain a field (destinations) that described one or more kafka topics that the messages should be produced to.
	Is there a recommended way (or plugin) to fan-out to multiple destinations?
	A: use record_reformer to add field to tag, then use tag routing system
	Q: How do you split an array (comma separated list) when you don't know how many items will be in it?
	A: If you parse such array value in input phase, `types` parameter may help. https://docs.fluentd.org/v0.12/articles/parser_regexp#types
	Q: Can the topic key be a comma separated list of topics so that it produces to multiple topics?
	https://github.com/fluent/fluent-plugin-kafka

	You can use the tag as topic to create multiple topics per data stream