Kubernetes CRI — Container Runtime Interface

Kubernetes is one of the most popular projects around container orchestration but it’s quite interesting that Kubernetes itself has no code to run or manage Linux/windows containers. So, what is running the containers within your Kubernetes pods?

Yes… Kubernetes doesn’t run your containers

It’s just an orchestration platform sitting above container runtimes. No code to run a container and to manage the container’s lifecycle on its own, instead, dockershim was implemented (in kubelet ) for talking to Docker as container runtime. I will talk about dockershim in the later section of the blog.

Also, docker has grown and matured over the last few years and has gained a stack of components like runc (open container initiative), containerd (CNCF project). OCI (est. in June,2015) splits docker into two parts:

1) to handle docker cli & processing requests and
2) to handle container running functions i.e runC.

High Level Overview — Before OCI standards
Continue reading “Kubernetes CRI — Container Runtime Interface”

How to fix error “[SSL: CERTIFICATE_ VERIFY_FAILED] certificate verify failed” (_ssl.c:727)

While working with one of our banking sector clients (hybrid cloud ), we encountered the error:

fatal error: SSL validation failed for https://bucket_name.s3.ap-south-1.amazonaws.com/file_name  “[SSL: CERTIFICATE_ VERIFY_FAILED] certificate verify failed” (_ssl.c:727)

Scenario:

I was copying one file from s3 bucket to one of the newly launched servers x.x.x.x via AWS cli with below mentioned command.

Enable Support to Provision GP3 Volumes in Storage Class

No matter where organizations are in their cloud journey, cloud cost optimization remains an essential and top-priority concern. As organizations align increasing workloads to the cloud in terms of size there is a high possibility to lose sight of the overall cloud environment and the costs associated with it. Therefore, it’s essential to optimize cloud costs so as to maximise return over investment (ROI). With the same concern we were working towards reducing the cost of provisioned storage for one our clients. This post covers a particularly interesting issue around the same.

Continue reading “Enable Support to Provision GP3 Volumes in Storage Class”

Docker Inside Out – A Journey to the Running Container

 

Necessity is the mother of invention, the same happens here in case of docker. With the pressure of splitting monolithic applications for the purpose of ease, we arrived at docker and it made our life much simpler. We all access docker with docker-cli command but I wonder what it does behind the scene, to run a container. Let’s get deeper into it in this very blog. Continue reading “Docker Inside Out – A Journey to the Running Container”