Taints and Tolerations let you repel pods from certain nodes. It is the inverse mechanism of Node Affinity (which attracts pods). The two are complementary and are often both necessary for a production workload. The concept A Taint is placed on a node: it signals that the node does not accept pods by default. A Toleration is declared in a pod: it allows the pod to tolerate a specific Taint and be scheduled on that node. ...
By default, when an Azure Policy blocks an operation, the returned message is generic and hard to act on. The problem To illustrate this, I created a simple policy that prevents the creation of a public IP address. { "policyRule": { "if": { "field": "type", "equals": "Microsoft.Network/publicIPAddresses" }, "then": { "effect": "Deny" } }, "versions": ["1.0.0"] } The default error looks like this: Resource 'test-pip' was disallowed by policy. (Code: RequestDisallowedByPolicy, Policy(s): deny-public-ip-assignment ...
I recently discovered an AI-powered coding assistant that you can self-host at home, sends no requests to the internet, requires no cloud service, and is free and open-source. That assistant is called TabbyML. On the TabbyML website (see sources), you can see that the tool can be installed quickly on Linux, Mac, or Windows. It supports more than ten languages (C / C++ / C# / Java / Go / Rust / Python / PHP…), which is very convenient. It also integrates with Visual Studio Code, IntelliJ platform (PyCharm, GoLand, CLion…), and VIM for the purists among us. ...
During my attendance at KubeCon, I had the opportunity to participate in the Azure day with Kubernetes. A new tool currently under development was presented: retina What is Retina? Retina is a tool for monitoring the network and services of AKS clusters. Its goal is to collect customizable telemetry and push it to various backends (Prometheus, via a PV, etc.). How it works Retina offers several data collection modes: Via the CLI In this capture mode, running a command through the Retina CLI triggers the creation of a Kubernetes job that performs a capture based on a node selector. The default duration is one minute, but it can be configured via --no-wait=true to run continuously. Other options include capping the output file size, filtering by [ip]:[port], or filtering via a DNS query udp port 53. ...