coreinfra.org logo
  • Home 
  • Posts 
  • About 
  • Resources 
    • GitHub 
  1. Home
  2. Posts
  3. Single-node K8S

Single-node K8S

Posted on December 24, 2023  (Last modified on December 7, 2024) • 2 min read • 239 words
Kubernetes   Secrets-Mgmt   Auth  
Kubernetes   Secrets-Mgmt   Auth  

Demo of onyx.bstk.co running K3S.

On this page
  • [DRAFT]
    • Fenced code block syntax highlighting test
  • Objectives
  • Sections
    • instance bringup
    • instance provisioning
    • secrets management
    • observability
    • app scaling
    • cluster scaling
    • load generation
    • app auth
  • Links
Single-node K8S
Photo by Shane Bostick

[DRAFT]  

Busy reworking the demo. Recently I migrated the K3S instance from Vultr to AWS. Both work fine but I wanted to consolidate workflows and leverage unused RI credits I have in AWS. I’m not running any workloads on this instance that would incur any significant cost in terms of network traffic.

I’m posting the draft as a non-draft to test the new website layout and behavior across devices and viewport sizes.

Shane

Fenced code block syntax highlighting test  

# Comment

function ls_lh {
    base_dir="${1:-.}"
    for idx in $(seq 1); do
        ls -lh "${base_dir}" | cat
    done
}

echo "scale=512; 4*a(1);" | bc -l

Objectives  

  • Identify scaling bottlenecks
  • Interact with scaling levers
  • Identify key reliability metrics
  • Assess infrastructure performance efficiency
  • Assess infrastructure cost efficiency

Sections  

instance bringup  

  1. terraform unit
  2. sizing (mem, disk), ami, network
  3. terraform ops workflow

instance provisioning  

  1. ansible directory structure
  2. ansible ops workflow

secrets management  

  1. access control, rotation, revokation
  2. vault secrets
  3. ci/cd secrets
  4. sealed secrets
  5. k8s secrets

observability  

  1. logging
    1. Cluster level logging
  2. metrics
    1. prometheus
    2. grafana
    3. influxdb
  3. tracing
    1. service mesh
    2. jaeger
  4. choosing k8s or standalone deployment
  5. convergence using google hosted prometheus (multi-layer)

app scaling  

  1. manual
  2. hpa

cluster scaling  

  1. manual
  2. node-autoscaler

load generation  

  1. method-1-k6.sh (see ansible playbook for instance-caddy)
  2. method-2-ab.sh (see ansible playbook for instance-caddy)
  3. method-3-wrk.sh (see ansible playbook for instance-caddy)

app auth  

  1. cognito
  2. firebase
  3. authlib
  4. auth0
  5. okta

Links  

  • https://ipaddr.onyx.bstk.co/
  • https://podinfo.onyx.bstk.co/
  • https://python-flask-auth0.onyx.bstk.co/
  • https://python-flask-login.onyx.bstk.co/golink/
  • https://prometheus.onyx.bstk.co/
  • https://grafana.onyx.bstk.co/
  • https://influxdb.onyx.bstk.co/
On this page:
  • [DRAFT]
    • Fenced code block syntax highlighting test
  • Objectives
  • Sections
    • instance bringup
    • instance provisioning
    • secrets management
    • observability
    • app scaling
    • cluster scaling
    • load generation
    • app auth
  • Links
Copyright © 2025 Shane Bostick.
coreinfra.org
Code copied to clipboard