How to DDOS a uWSGI app on Kubernetes.

Add 500+ nodes to a cluster, use an ALB ingress with a 15 second healthcheck with nodePort.

Fire up stern and watch as all 500 nodes will continually hit the healthcheck and pods start to restart with,

uWSGI listen queue of socket ":1111" (fd: 3) full !!! (101/100) ***

Solution: If using aws-cni, use ClusterIP instead of nodePort. Then only replicas and not nodes are in the ALB target group.

Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.