One topic that is of interest to me is ensuring the uptime of a web application. The kubernetes scheduler has many valid reasons where it needs to terminate a healthy container. Some such events are — version updates, auto-scaling and cluster bin-packing (where pods could be moved around worker nodes). This makes it paramount to ensure that the pods can indeed, exit with grace! While a rolling update deployment strategy provides the framework for zero downtime deployments, there are some subtleties in even the most popular reverse proxies & WSGI frameworks out there, that, if not fine tuned, could cause…

What are unsafe sysctls?

Kernel parameters (see the full list by running sudo sysctl -a) can be categorized as “safe” and “unsafe” in the context of running in a containerized workload orchestration environment such as Kubernetes.

A “safe” sysctl simply means that the said kernel parameter is “namespaced”. i.e., the value within one kernel namespace (container) does not necessarily reflect the value within another kernel namespace (container) and hence does not interfere with the way the underlying containerization machinery operates. An example of a safe sysctl would be the local ip port range (net.ipv4.ip_local_port_range)

An “unsafe” sysctl by contrast is not namespaced and can…

Sandeep Raju

Sharing what I learn. And some random musings. Kubernetes + Cloud + DevOps + Travel

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store