GKE has a feature to add node labels to all nodes in the nodepool. GKE will add the label
to both the nodes already running in the cluster and also to newly added nodes.
A use case for upgrades involved being able to list all the node pools
that have scaled down back to 0 and have a specific taint. This blog post
shows the commands you can use to get this information.
List the GKE nodepools that have been tainted with key=upgrade …
There has been an influx of large batch and ML training workloads on GKE. I've personally
had the please of working with one of those workloads. The things that
batch and ML workload often require from GKE are the following:
Minimize pod disruptions since pods often can't simply be restarted …
GKE/K8s wasn't originally designed for workloads that spin up single pods
and want those pods to stay up and running on the same node
for very time. That doesn't mean those kind of workloads
aren't running on GKE. In fact, there are large GKE ML/batch platform workloads
running …
In a Kubernetes cluster, a privileged pod is a pod that has been given
extended permissions beyond the default set of permissions. These extended
permissions can include the ability to access the host's network, devices,
and other sensitive resources. While privileged pods can be useful in
certain situations, they also …
CEL for admission control is a new 1.26 feature. With the feature, define
ValidationAdmissionPolicy to express your desired policy
and ValidationAdmissionPolicyBinding to assign the policy to e.g. a namespace.
This post has the following sections:
Creating a 1.26 cluster with ValidationAdmissionPolicy / CEL Admission enabled
K8s on your laptop is helpful for initial development and testing environment. Minikube
makes it easy to get K8s deployed on your laptop. Let's get K8s installed by doing
the following:
Installing required tools: docker, minikube and kubectl
Deploying the minikube cluster with minikube start
You only got a few GPUs and want to pretend to your end-users that you got
many? Then GKE GPU timesharing might just be the feature for you to save
costs on GPUs that are underutilized. In this
blog post you will learn:
Creating a GKE nodepool with timesharing enabled …
GKE by default deploys kube-dns and other system services to any of your
nodepools. This is probably fine for most cases, but certain use cases
might require preventing system services from running on the same nodes as
your where your applications are running. This blog post provides instructions
on how …
You are at one of those places that requires you to use a proxy to access
your company wide Docker registry. Sometimes HTTP proxies are used to supposedly
improve security or to workaround IP based rate limits.
Well good luck, you're in for a ride on how to do this …