All of this adds a bit of complexity to the services we write, which it would be nice to avoid. It also adds to the attack surface: privilege dropping code has been a source of vulnerabilities, notably on a couple of occasions in Bash. Avoiding writing it at all, or at least delegating it to other software with more testing than our own, would be good.
This is a virtual kubelet provider that uses systemd as its backend. Every Linux system has systemd nowadays. By utilizing K3s (just one Go binary) and this virtual kubelet you can provision a system using the Kubernetes API. The networking is the host's network, so it make sense to use this for more heavy weight (stateful?) applications. The filesystem is semi hidden, but emptyDir and the like works.
On any server, the logs can start to add up and take considerable amount of disk space. Systemd conveniently stores these in /var/log/journal and has a systemctl command to help clear them. Take this example: $ du -hs /var/log/journal/ 4.1G /var/log/journal/ 4.1GB worth of journal files, with the oldest dating back over 2 months. $ …
FoldFold allExpandExpand allAre you sure you want to delete this link?Are you sure you want to delete this tag?
The personal, minimalist, super-fast, database free, bookmarking service by the Shaarli community