How to quarantine Kubernetes pods?
Published on

How to quarantine Kubernetes pods?

Author
Written by Peter Jausovec
Discuss on Discord
I wanted to share one quick tip on how you can quarantine your Kubernetes pods.
You would use this if you want to investigate the containers within a pod, but you don't want them to be part of the Kubernetes Service. You don't want to debug something while the traffic might still be flowing to that container.
How to do it?
A way to quarantine or remove a pod from the ReplicaSet is by updating the labels on that pod. Once you do that the ReplicaSet will not be in control of that pod anymore.
Let's look at a quick example. I have deployed a Hello World application and I have 5 pods running in my cluster:
$ kubectl get pods --show-labels
NAME                           READY   STATUS    RESTARTS   AGE
hello-world-5fd44c56d7-55hmc   1/1     Running   0          5m27s   app=hello-world,pod-template-hash=5fd44c56d7
hello-world-5fd44c56d7-66rp6   1/1     Running   0          10m     app=hello-world,pod-template-hash=5fd44c56d7
hello-world-5fd44c56d7-d8g4j   1/1     Running   0          2d23h   app=hello-world,pod-template-hash=5fd44c56d7
hello-world-5fd44c56d7-fv7wg   1/1     Running   0          10m     app=hello-world,pod-template-hash=5fd44c56d7
hello-world-5fd44c56d7-t7644   1/1     Running   0          10m     app=hello-world,pod-template-hash=5fd44c56d7
You can see from the output that there's only one label on the pods - app=hello-world. To quarantine one of the pods we need to update that label.
I'll pick the pod hello-world-5fd44c56d7-55hmc and update the value of the app label to debug:
kubectl label pod hello-world-5fd44c56d7-55hmc app=debug --overwrite
I am using the label command with the resource and the name of the resource. Next, I am specifying the label I want to add or update (app=debug) and finally, I need to specify --overwrite because label app already exists.
$ kubectl get pod --show-labels
NAME                           READY   STATUS    RESTARTS   AGE
hello-world-5fd44c56d7-2ssww   1/1     Running   0          52s     app=hello-world,pod-template-hash=5fd44c56d7
hello-world-5fd44c56d7-55hmc   1/1     Running   0          9m13s   app=debug,pod-template-hash=5fd44c56d7
hello-world-5fd44c56d7-66rp6   1/1     Running   0          14m     app=hello-world,pod-template-hash=5fd44c56d7
hello-world-5fd44c56d7-d8g4j   1/1     Running   0          2d23h   app=hello-world,pod-template-hash=5fd44c56d7
hello-world-5fd44c56d7-fv7wg   1/1     Running   0          14m     app=hello-world,pod-template-hash=5fd44c56d7
hello-world-5fd44c56d7-t7644   1/1     Running   0          14m     app=hello-world,pod-template-hash=5fd44c56d7
After you've changed the label, you will notice that ReplicaSet creates a new pod, but the pod with name hello-world-5fd44c56d7-55hmc stays around. Now you can inspect and debug the pod without impacting anything.
Join the discussion
SHARE THIS ARTICLE
Peter Jausovec

Peter Jausovec

Peter Jausovec is a platform advocate at Solo.io. He has more than 15 years of experience in the field of software development and tech, in various roles such as QA (test), software engineering and leading tech teams. He's been working in the cloud-native space, focusing on Kubernetes and service meshes, and delivering talks and workshops around the world. He authored and co-authored a couple of books, latest being Cloud Native: Using Containers, Functions, and Data to Build Next-Generation Applications.

Related posts

Kubernetes Development Environment with Skaffold
Kubernetes

Kubernetes Development Environment with Skaffold

One part of the Start Kubernetes course I am working on (in addition to the book and videos) is the interactive labs. The purpose of these labs is to help you learn Kubernetes by solving different tasks, such as creating pods, scaling deployments, and so on. What follows is a quick explanation of how the end-user experience looks like and how I've set up my development environment for it.

Peter Jausovec

Peter Jausovec

Configuring Global Rate Limiter in Istio
Service mesh

Configuring Global Rate Limiter in Istio

Learn how to set up a global rate limiter with Envoy and Istio, along with detailed instructions on configuring various rate limit scenarios. It also explains how to monitor the rate limit service using Prometheus and Grafana.

Peter Jausovec

Peter Jausovec

Start Kubernetes Release
Kubernetes

Start Kubernetes Release

Start Kubernetes will teach you everything you need to know to use Kubernetes effectively.

Peter Jausovec

Peter Jausovec

Kubernetes CLI (kubectl) tips you didn't know about
Kubernetes

Kubernetes CLI (kubectl) tips you didn't know about

A collection of more than 20 useful and practical Kubernetes CLI tips from the Kubernetes community.

Peter Jausovec

Peter Jausovec

Send a Slack message when Docker images are updated
Docker

Send a Slack message when Docker images are updated

I needed a way to send a notification to a Slack channel, whenever I push new versions of Docker images to the registry. This post, I explain how I created a function that uses a container registry webhook to call a serverless function that sends a message to a Slack channel.

Peter Jausovec

Peter Jausovec

How to prepare for Istio certified associate exam (ICA)
Service mesh

How to prepare for Istio certified associate exam (ICA)

CNCF announced a new certification targeting Istio. Istio Certified Associate is meant for engineers, CI/CD practitioners or anyone interested in Istio. We did a full week of streams on YouTube, going through the exam curriculum. This article contains notes, tips, and observations from the Istio Mesh Week live streams

Peter Jausovec

Peter Jausovec

;