今日已更新 80 条资讯 | 累计 20052 条内容
关于我们

标签:#uber

找到 71 篇相关文章

AI 资讯

Why Is Your Kubernetes Bill So Confusing? Here’s How to Fix It

Simple Intro Your company gets one big cloud bill. It says $30,000. But which team spent it? Which app? Nobody knows. Kubernetes makes this worse because 100 small apps share the same computers. It’s like 10 families sharing one electricity bill. Let’s fix this in 5 easy steps Step 1: Put Nametags on Everything In Kubernetes, you can add "labels" to your apps. Example: team=sales , app=website , owner=pooja If you don’t add name tags, you can never track who spent what. It’s the most important step. Step 2: Check the Big Cost - Computers 70% of your bill is for CPU and RAM. That’s the “brain” and “memory” your apps use. The problem: Most people book a big computer but only use 20% of it. You pay for 100%, use 20%. You waste 80% money. Easy fix: Every month, check “How much did I book vs How much did I use?” Then book smaller next time. Step 3: Don’t Forget Hidden Costs Two things people forget: Storage: Like a hard disk. You deleted the app but forgot to delete the disk. It still charges you every month. Network: Moving data between countries or zones costs money. Check for old disks and big data transfers once a month Step 4: Share the Common Bill Fairly Some costs are for everyone. Like the main Kubernetes system or empty computers waiting for work. How to split it? Easy. If Team A uses 60% of the total computer power, they pay 60% of the common bill. Fair for everyone. Step 5: Use a Tool, Not Excel Doing all this in Excel will make you cry. It’s too much data. Use a tool that does it automatically. It connects to your Kubernetes, reads all the name tags, and tells each team: “You spent $2,340 this week.” Final Tip You can’t save money if you don’t know where it’s going. First, make the costs clear to everyone. Then the savings happen automatically. FAQ - In Simple Words Q1. Why can’t I just see costs in AWS bill? Because AWS only tells you “EC2 cost $10k”. It doesn’t tell you which of your 50 apps used that EC2. Kubernetes hides the details. Q2. What is the first

2026-06-15 原文 →
AI 资讯

oomkill is the next lie why memory limits are hiding your latency spikes

TL;DR OOMKill is a reporting artifact, not a root cause. By the time the kernel logs the kill event and your alerting pipeline fires, the service already degraded for every user who hit The Alert You See Is Not the Problem You Have OOMKill is a reporting artifact, not a root cause. By the time the kernel logs the kill event and your alerting pipeline fires, the service already degraded for every user who hit it in the preceding minutes. Operators page on the kill. The latency damage is already done. Aspect What Operators Observe What Actually Happens OOMKill event Alert fires; pod is restarted Kill is the kernel's final action after degradation is already complete Silent pressure window No alert fires; no dashboard turns red p99 latency climbs as allocator contention serializes parallel work Incident attribution Logged as "OOM, increased limit"; latency spike blamed on network or dependency Root cause (limit headroom erosion) goes unaddressed; pattern repeats Limit headroom over time No automated signal warns of erosion Gap between working set and limit shrinks as traffic grows or data shapes shift Recommended alert threshold Triggered at kill event Trigger at 80% headroom consumption before kernel involvement The mechanism works like this. Kubernetes memory limits define a hard ceiling enforced by the Linux kernel's cgroup subsystem. When a container's resident set size approaches that ceiling, the kernel does not wait. It begins refusing new memory allocations. Silent pressure window The application's allocator blocks, retries, or falls back to slower paths. Garbage collectors in JVM and Go runtimes trigger earlier and more aggressively because the heap has no room to grow. Each of these responses adds latency to in-flight requests before a single OOMKill event appears in your logs. The kill is the kernel's final action after the application has already been running degraded. Silent pressure window. The interval between first memory pressure and pod termination is

2026-06-15 原文 →
AI 资讯

Making a fleet of self-hosted LLM agents trustworthy

Originally published at llmkube.com/blog/making-self-hosted-llm-agents-trustworthy . Cross-posted here for the dev.to audience. Running a single local LLM node is a solved problem. You write an InferenceService, the operator schedules it, llama.cpp or MLX serves it, and you get an OpenAI-compatible endpoint. We have been doing that for months. Running a fleet of them is where it stops being easy. My fleet is heterogeneous on purpose: CUDA pods in the cluster, and Apple Silicon Macs sitting off-cluster on the homelab network, each one running two separate agents (one for inference, one for the agentic coding harness). The day I shipped 0.8.4 to that fleet, I learned exactly how it does not scale. I updated each Mac by hand. The control plane had no idea what version any agent was running. And the launchd reload I used to restart an agent was a silent no-op on an already-loaded service, so the old binary kept running while I believed I had updated it. I found that out by hand-inspecting a process tree. Three machines made it annoying. Thirty would make it impossible, and the whole pitch for sovereign, on-prem AI is that you run a lot more than three. So the last stretch of work on LLMKube was not about a faster runtime or a bigger model. It was about making the fleet trustworthy : able to update itself safely, and unable to lie to the control plane about its own state. Here is what that took. Helm and brew for the edge The fix is a new cluster-scoped CRD, AgentRelease , and a self-update path in the agents themselves. You describe the release you want once, the operator rolls it out, and the agents pull and apply it. The design borrows directly from prior art that already solved this for Kubernetes nodes: Rancher's system-upgrade-controller, k0s autopilot's per-platform SHA-256 staging, and Teleport's outbound-only poll model. The properties that make it safe to leave running: Declarative and approved. An AgentRelease names the agent, the version, and the per-platform

2026-06-15 原文 →
AI 资讯

Kubernetes kills your pod? Here's why

Your pods keep getting killed. Not crashing — killed. One moment they're running fine, the next they're gone and Kubernetes is spinning up replacements. You check the logs and there's nothing useful. The pod just… disappeared. Turns out Kubernetes killed it on purpose. And if you don't tell it how much memory your app actually needs, it'll keep doing it. Why Kubernetes evicts pods Kubernetes runs on nodes — physical or virtual machines that host your containers. Each node has a finite amount of CPU and memory. When a node runs low on resources, Kubernetes has to make a choice: which pods stay, and which ones get evicted to free up space. The decision comes down to QoS classes — Quality of Service tiers that Kubernetes assigns to every pod based on how you've configured resource requests and limits. There are three classes: BestEffort — no resource requests or limits defined. Kubernetes has no idea how much CPU or memory the pod needs. These get killed first. Burstable — requests and limits are defined, but they're different (e.g., requests: 256Mi , limits: 512Mi ). The pod is guaranteed the request amount, but can burst up to the limit. Killed second. Guaranteed — requests and limits are set to the same value. Kubernetes reserves exactly that amount of resources for the pod. Killed last. If your pods don't have resource configuration at all, they're running as BestEffort. And when the node hits memory pressure, BestEffort pods are the first to go — no questions asked. The Guaranteed class Setting your pod to the Guaranteed class is one line in your deployment config. Define requests and limits for both CPU and memory, and make them identical: resources : requests : memory : " 512Mi" cpu : " 500m" limits : memory : " 512Mi" cpu : " 500m" That's it. Kubernetes now knows this pod needs exactly 512 MiB of RAM and half a CPU core, and it reserves that capacity when scheduling the pod onto a node. If a node doesn't have 512 MiB available, the pod won't be placed there. An

2026-06-12 原文 →
AI 资讯

Proxy OpenAI Through Kong AI Gateway on Kubernetes

The Problem With Talking Directly to LLMs Most teams start by wiring their app straight to the OpenAI API. It works — until you need to add auth, rate limiting, observability, or swap out the model provider. Now you're rewriting application code instead of config. An AI Gateway solves this. One entry point, one place to govern traffic, providers become swappable. Kong Gateway is a mature choice here — it's been doing this for APIs for years, and the AI Proxy plugin extends that to LLMs. This post walks through the key ideas. For the full step-by-step guide, head over to the tutorial on Hashnode . What We're Building A Kong Gateway 3.14 data plane running on Kubernetes (kind locally), connected to a Kong Konnect control plane. The AI Proxy plugin sits on a route and handles forwarding to OpenAI — your app just talks to Kong. Your app → POST /ai/chat (Kong proxy) → AI Proxy plugin attaches API key → OpenAI API → response back to your app Your app never holds an OpenAI key. Kong does. You get rate limiting, logging, and model-swapping for free at the gateway layer. The Key Bit: decK Config as Code The most interesting part of this setup is using decK to define the service, route, and plugin as a YAML state file — then syncing it to Konnect, which pushes it down to the data plane automatically. # kong-ai.yaml _format_version : " 3.0" services : - name : openai-service url : https://api.openai.com routes : - name : openai-chat-route paths : - /ai/chat plugins : - name : ai-proxy config : route_type : llm/v1/chat auth : header_name : Authorization header_value : " Bearer $OPENAI_API_KEY" model : provider : openai name : gpt-4o options : max_tokens : 512 One sync command and Konnect pushes the config to every connected data plane: deck gateway sync kong-ai.yaml \ --konnect-token " $KONNECT_TOKEN " \ --konnect-control-plane-name "kong-ai-tutorial" Once it's live, a single HTTPie call confirms the whole chain is working: http POST localhost:8080/ai/chat \ Content-Type:applic

2026-06-10 原文 →
AI 资讯

Token-Based Pricing Doesn't Survive Adoption Curves

Uber's CTO told the world this month that the company spent its entire 2026 AI allocation by April. The story has been reported in a handful of outlets, hit the front page of Hacker News for 397 points and 469 comments , and is mostly being read as a cost-of-AI-tools story. It is one. It is also, on a closer reading of the numbers, a pricing-model story — and the structural fact that almost none of the coverage has emphasized is the one that determines whether this is a one-company anomaly or the beginning of an industry-wide budgetary crisis. The structural fact is that Claude Code, like most enterprise AI tooling in 2026, is priced on token consumption, not per-seat licensing. Token-based pricing scales with how aggressively the tool is used. Per-seat enterprise SaaS pricing — the model corporate IT budgets are built around — scales with how many people have access to it. Those two cost curves diverge in exactly the territory where productivity tools are designed to operate: high-engagement, daily-use, gradually-deepening workflows. The Uber data is the first public-facing version of a math problem most enterprise IT departments are about to discover privately. The numbers Uber CTO Praveen Neppalli Naga , named in Yahoo Finance's and Benzinga's coverage, said publicly that Uber is "back to the drawing board" on AI budgeting after the surge in Claude Code use blew through internal projections. The specific numbers, as reported across the multiple outlets covering the story: Claude Code adoption inside Uber's ~5,000-engineer organization went from 32% to 84% over four months. 70% of committed code at Uber is now AI-originated. 11% of live backend updates are "being written by AI agents built primarily with Claude Code," per the reporting. Per-engineer monthly API costs: $500 to $2,000. Uber's annual R&D spend is around $3.4 billion , of which the AI tooling line was a much larger fraction than expected. Cursor adoption plateaued; Claude Code dominated. These are ext

2026-06-10 原文 →
AI 资讯

Deploying a Dockerized Node.js Application on Kubernetes 🚀

After containerizing an application with Docker, the next logical step is deploying it on Kubernetes. Kubernetes helps automate application deployment, scaling, networking, and management of containerized workloads. Instead of manually running containers, Kubernetes ensures your application remains available and can easily scale when needed. In this guide, we'll deploy a Docker image of a Node.js application on Kubernetes using a Deployment and a Service. Prerequisites Before starting, make sure you have: Docker installed Kubernetes cluster running (Docker Desktop Kubernetes, Minikube, Kind, EKS, etc.) kubectl configured A Docker image pushed to Docker Hub In my case, the image was: madhavnaks/node-app:latest Why Kubernetes? Running a container using Docker is straightforward: docker run -p 3000:3000 madhavnaks/node-app:latest However, in production environments we need much more than simply running a container. Kubernetes provides: High availability Self-healing containers Load balancing Service discovery Horizontal scaling Rolling updates This makes it the industry standard for container orchestration. Understanding the Kubernetes Architecture for This Deployment For this deployment, we'll use two Kubernetes resources: Deployment A Deployment is responsible for: Creating Pods Maintaining desired replica count Recreating failed Pods automatically Managing updates and rollbacks Service A Service provides a stable network endpoint for Pods. Since Pod IPs change frequently, Services allow applications and users to communicate reliably with Pods. Deployment and Service Manifest Create a file named: app.yaml Add the following configuration: apiVersion : apps/v1 kind : Deployment metadata : name : node-app spec : replicas : 2 selector : matchLabels : app : node-app template : metadata : labels : app : node-app spec : containers : - name : node-app image : madhavnaks/node-app:latest ports : - containerPort : 3000 --- apiVersion : v1 kind : Service metadata : name : node-a

2026-06-10 原文 →
AI 资讯

Microsoft's npm Packages Got Backdoored. Again. And AI Agents Pulled the Trigger.

73 cryptographically signed npm packages from Microsoft were compromised last week with advanced credential-stealing malware that fires the moment a developer opens one in an AI coding agent. Claude Code, Gemini CLI, Cursor, VS Code — all trigger it. It's the second supply-chain attack in two months against the same Microsoft account. "The genius of this Miasma worm lies in how it adhered to legitimate workflows. It does not exploit any software vulnerability in GitHub or npm. Instead, it exploits the underlying trust model of the modern engineering ecosystem." — Cloudsmith What actually changed 73 official Microsoft npm packages were poisoned with the Miasma worm — a clone of TeamPCP's open-sourced Mini Shai-Hulud toolkit Malware executes automatically when any of the 73 packages are opened inside an AI coding agent The payload (28 KB) harvests credentials from AWS, Azure, GCP, Kubernetes, 90+ dev tool configs, and password managers , then spreads laterally through cloud infrastructure Attack vector: stolen Microsoft publisher credentials → bypasses the build pipeline entirely → malicious build published with valid SLSA provenance attestation Each infection gets a uniquely encrypted payload — meaning hash-based IOCs are useless for detection GitHub initially flagged packages as "terms of service violations" rather than malware; Microsoft only acknowledged possible malicious content 48 hours later The same Microsoft account was compromised in May 2026 (durabletask Python SDK on PyPI, 400k downloads/month) — and apparently wasn't fully remediated Why this one stings The supply-chain attack playbook has levelled up. SLSA provenance — the framework designed to give you cryptographic confidence that a package came from a legitimate build — was used against you here. Attackers stole a legitimate Microsoft OIDC token, published a malicious build with real provenance, and conventional scanners waved it through as a routine trusted update. The AI agent angle makes it worse.

2026-06-10 原文 →
AI 资讯

ConfigMaps for Environment Variables in a React App: Stop Rebuilding, Start Injecting

TL;DR: Create React App builds bake environment variables at build time. ConfigMaps let you inject runtime configs into your container. Here’s how to bridge them so the same Docker image works across dev, staging, and production. The Problem You’ve built a React app with Create React App (CRA), Vite, or Next.js. You use .env files: js // api.js const API_URL = process.env.REACT_APP_API_URL; You build your Docker image: dockerfile FROM node:18 AS builder COPY . . RUN npm run build # REACT_APP_API_URL gets baked here FROM nginx:alpine COPY --from=builder /build /usr/share/nginx/html Then you deploy to Kubernetes. But now you want different API URLs for staging vs production. You could rebuild the image for each environment (bad – slow, wasteful). Or you could use a ConfigMap to inject values at runtime. ConfigMap to the Rescue A ConfigMap stores key-value pairs. Kubernetes can mount it as a file inside your pod. But React runs in the browser, not in the container’s filesystem. So how does the browser read a file from a ConfigMap? Simple: You serve a dynamic env-config.js file from your web server. Step-by-Step Solution Create a ConfigMap with your environment variables yaml # configmap.yaml apiVersion: v1 kind: ConfigMap metadata: name: react-env-config data: env-config.js: | window.__env = { REACT_APP_API_URL: " https://api.production.com ", REACT_APP_FEATURE_FLAG: "true" }; Apply it: bash kubectl apply -f configmap.yaml Modify your React app to read from window.__env Instead of reading process.env directly, use a runtime config: js // config.js export function getEnvVar(name) { // Runtime injection from window. env (provided by ConfigMap) if (window. env && window. env[name] !== undefined) { return window. env[name]; } // Fallback to build-time env vars (for local dev) return process.env[name]; } Use it in your components: js // api.js import { getEnvVar } from './config'; const API_URL = getEnvVar('REACT_APP_API_URL'); Serve the ConfigMap file via your web server U

2026-06-09 原文 →
AI 资讯

Commitment discounts vs spot when each saves more

Cloud teams waste between 40% and 60% of their infrastructure budget on a false choice: committing to reserved capacity they won't fully use or chasing spot instance savings they can't. Introduction: The Cloud Cost Optimization Dilemma Cloud teams waste between 40% and 60% of their infrastructure budget on a false choice: committing to reserved capacity they won't fully use or chasing spot instance savings they can't operationalize. The decision between commitment discounts and spot instances is not a preference. It is a calculation with three variables: workload predictability, failure tolerance, and the operational cost of managing interruptions. Commitment discounts lock you into capacity for one or three years. You pay upfront or monthly for compute resources whether you use them or not. The mechanism is simple: cloud providers offer 30% to 72% discounts because they can forecast their own capacity planning when customers commit. You save money when your actual usage matches your commitment. You lose money when usage drops below the committed level because you still pay for idle capacity. Spot instances offer 70% to 90% discounts by selling unused cloud capacity at auction prices. The provider can reclaim these instances with 30 seconds to 2 minutes of notice. You save money when your workload can tolerate interruptions and you build automation to handle instance termination. You lose money when interruptions cause failed jobs that must restart from scratch, consuming more compute time than the discount saved. Most engineering teams pick one strategy and apply it everywhere. This creates two failure modes. Teams that over-commit pay for capacity during low-traffic periods. Teams that over-rely on spot instances spend engineering time rebuilding checkpoint systems and retry logic that costs more than the discount delivers. The correct approach is workload-specific. Measure your actual usage patterns for 30 days. Calculate the cost of interruption handling. Then a

2026-06-09 原文 →
AI 资讯

⚙️ Terraform create AWS EC2 instance with Python environment

Terraform can provision an AWS EC2 instance and set up a Python virtual environment in a single, reproducible run — the whole workflow is declarative and version‑controlled. 📑 Table of Contents 💻 Terraform — How to Provision an EC2 Instance 🔧 AWS Provider — Configuring Credentials 🐍 Python Environment — Setting up a Virtualenv on the Instance 📦 Installing Python and venv 📦 Activating and Using the Environment 📦 User Data — Automating Installation with Terraform 🟩 Final Thoughts ❓ Frequently Asked Questions How do I store the Terraform state securely? Can I use a different Linux distribution for the EC2 instance? Is it possible to attach an Elastic IP to the instance? 📚 References & Further Reading 💻 Terraform — How to Provision an EC2 Instance A Terraform configuration file describes the desired state of AWS resources; applying it makes the real cloud match that state. First, install Terraform (version 1.5.0 or newer). The binary is a single executable, so the operating system loads it directly into memory and the process performs HTTP requests to AWS endpoints. $ terraform version Terraform v1.5.0 on linux_amd64 + provider registry.terraform.io/hashicorp/aws v5.12.0 Next, create a main.tf that declares an aws_instance resource. The provider block authenticates with AWS using either environment variables or a shared credentials file. # main.tf terraform { required_version = ">= 1.5.0" required_providers { aws = { source = "hashicorp/aws" version = "~> 5.12" } } } provider "aws" { region = "us-east-1" } resource "aws_instance" "app_server" { ami = "ami-0c02fb55956c7d316" # Amazon Linux 2 instance_type = "t3.micro" # User data will be defined later user_data = data.template_file.init.rendered tags = { Name = "terraform-ec2-python" } } Running terraform init contacts the provider registry, downloads the provider plugin, and stores it under .terraform . The generated .terraform.lock.hcl file records exact plugin checksums, guaranteeing that subsequent runs use the same

2026-06-09 原文 →
AI 资讯

Safe Operating Throughput (SOT) as a First-Class SRE Metric: Derivation and Operationalization

In the summer of 2016, Pokémon GO launched to a user base roughly fifty times larger than its capacity planning had anticipated. The engineering team had done load testing. They had throughput thresholds. They had autoscaling configured. Within hours of launch, the service was degraded globally — not because the infrastructure could not scale, but because it scaled too slowly against an arrival rate that exceeded every modelled scenario, and because the metric that was driving scaling decisions (CPU utilisation) lagged behind the actual saturation signal by several minutes. By the time CPU registered critical, the request queue had already grown to the point where p99 latency had crossed into the range where users were abandoning sessions faster than new sessions were being created. The engineering post-mortem identified the same root cause that appears in the post-mortems of most capacity-related incidents: the organisation's operational metrics were measuring how hard the infrastructure was working, not how much work the service could safely accept. CPU percentage is a resource utilisation metric. Memory percentage is a resource utilisation metric. IOPS is a resource utilisation metric. None of them is a service throughput metric. None of them tells you, with precision, at what arrival rate your SLO begins to degrade. Safe Operating Throughput is that metric. It is not a new concept in queueing theory or systems engineering — the idea of a safe operating ceiling predates modern distributed systems. What is new is its treatment as a first-class SRE metric: formally derived from load test data and SLO targets, continuously monitored for drift, and operationally enforced as a constraint in autoscaling configuration, capacity planning decisions, and deployment pipeline gates. Why Existing Capacity Metrics Are Insufficient The canonical capacity management approach in most organisations works like this: observe CPU or memory utilisation, set an autoscaling threshold (t

2026-06-09 原文 →
AI 资讯

Kubernetes Networking Explained: Pods, Services, Ingress, and Network Policies

Kubernetes networking is one of the most misunderstood parts of running containerized workloads. A pod can reach another pod by IP — but why does that stop working after a deployment? A service exists and resolves in DNS — but traffic isn't arriving at the application. An Ingress resource is configured — but requests return 502. These puzzles are common and they stem from the same root: Kubernetes networking has several distinct layers, each solving a different problem, and it's easy to conflate them. This article walks through how Kubernetes networking actually works at each layer — from pod networking to services to Ingress to network policy — so the next time something breaks, you have a mental model to reason from. The fundamental promise: flat pod networking Kubernetes makes one core promise about networking: every pod can communicate directly with every other pod in the cluster without NAT. Every pod gets a real IP address from the cluster's pod CIDR range, and those IPs are routable between pods regardless of which node they're running on. This is not something Kubernetes itself implements. It's a contract that every Kubernetes-conformant CNI (Container Network Interface) plugin must fulfill. When you install Calico, Cilium, Flannel, Weave, or any other CNI, you're installing the component that actually creates this flat network. The mechanism varies — Flannel uses VXLAN overlays, Calico can use BGP for direct routing, Cilium uses eBPF — but the result is the same: pod-to-pod communication without NAT. Here's what a pod's network namespace looks like: $ kubectl exec -it my-pod -- ip addr 1: lo: ... 3: eth0@if12: ... inet 10.244.1.15/24 brd 10.244.1.255 scope global eth0 $ kubectl exec -it my-pod -- ip route default via 10.244.1.1 dev eth0 10.244.0.0/16 via 10.244.1.1 dev eth0 The pod has an IP ( 10.244.1.15 ) on a /24 subnet. The node this pod runs on has an IP from the same range — or a different /24 within the same /16. Traffic from this pod to 10.244.2.8 (

2026-06-07 原文 →
AI 资讯

Kubernetes vs Docker (2026): What's the Difference and Which Should You Learn First?

📌 This article was originally published on Sherdil E-Learning . I'm republishing it here so the dev.to community can benefit too. The Kubernetes vs Docker question is one of the most common sources of confusion for developers entering DevOps. People hear both names constantly, see them used together in job listings, and assume they must be competitors. They are not. Docker and Kubernetes do different jobs, and most modern infrastructure uses both. This guide explains what each tool actually does, how they fit together in a real deployment, the practical difference between Docker Compose and Kubernetes, and which one you should learn first. Docker: the container creator Docker is a tool for building, running, and managing containers . A container is a lightweight, portable package that contains an application together with its dependencies, runtime, system libraries, environment variables, and configuration files. The same container runs the same way on a laptop, a CI runner, a production server, or a cloud platform. In a typical Docker workflow you: Write a Dockerfile that describes how to build the image Run docker build to produce the image Run docker run to launch a container from it For multiple containers (a web app plus a database, for example), you use Docker Compose to define the whole set in a docker-compose.yml file and start them with one command. Docker is excellent for individual containers and small multi-container applications. The limitation is scale. What happens when you need a hundred containers across a dozen servers? When one container crashes at 3 a.m.? When you need to roll out a new version without downtime? Docker alone does not solve those problems. For the official reference, see docs.docker.com . Kubernetes: the orchestration layer above Docker Kubernetes (often shortened to K8s ) is an open-source platform that runs containers across many machines as a single coordinated system . It was originally built at Google, based on their internal

2026-06-04 原文 →
AI 资讯

How to upgrade an Enterprise Grade Kubernetes Cluster with Zero Downtime.

Introduction One of the common tasks performed by DevOps Engineers is upgrade of their organization's Kubernetes Cluster at least once every 3 months as Kubernetes release newer version while maintaining on the last 3 released versions. For instance, if the newest version is v1.34, the supported versions would be v1.34, v1.33 & v1.32. Hence, the need to understand how this upgrade process can be achieved with zero downtime. Prerequisites: Cordon your Nodes: This simply means making your nodes unschedulable. No new deployments would be scheduled on the node. Review and understand the change logs in the release notes - Ensure that the change logs or updated components won't affect your production environment. Kubernetes upgrade are irreversible - You can't downgrade your cluster after an upgrade. A fresh installation would be required in the event of an issue with the upgraded version. Hence Lower Level Environment Test (Unit, Staging or Pre-Production) - Given that Kubernetes upgrades are irreversible, always test the newer version and allow monitoring for about 2-weeks before production cluster upgrade. Control Plane & Nodes should be on the same versions. Cluster Auto-Scaler: If you are using this feature within your Kubernetes environment, ensure that it is on the same or compatible version with your control plane to avoid issues during the cluster upgrade. IP Addresses: Make available at least 5 IP addresses within the cluster subnet. Kubelet: This component should also match the version of your control plane before the upgrade. What are the actual upgrade processes Control Plane Upgrade: If using the Managed Kubernetes Cluster (EKS, AKS, GKS), the Cloud Company will take care of managing the control plane. However, upgrade of the cluster doesn't happen automatically. Hence, you will be required to action this via the CLI, UI or EKSCLI etc. Node Group or Data Plane Upgrade: Managed Node Groups - This is easier because you can use the rollout deployment approach,

2026-06-04 原文 →