Abstract: Techniques are described herein for authenticating a pod. A method can include a manager instance receiving a first request for a first token to access a computing resource. The manager instance can determine an identity of the service account and generate a second request for the first token based at least in part on the authentication. The manager instance can transmit the second request to a token issuance service of the computing system. The token issuance service can generate a third request for the first token, the third request comprising the identity of the service account and a token issuance service signature. The token issuance service can transmit the third request to an identity service of the computing system. The identity service can generate the first token based at least in part on determining whether to generate the first token.

Abstract: Techniques are described for mapping a namespace to a compartment. An example method includes receiving, by a manager instance and from a pod, a first request for a token. The manager instance can transmit, to a token issuance service, a second request for the token. The token issuance service can identify a mapping object that maps the namespace to the resource. The token issuance service can transmit, to an identity service, the mapping object and a third request for the token. The identity service can identify a compartment of the customer tenancy based at least in part on the compartment identifier, the compartment managing the resource. The identity service can determine whether the pod has permission to access the resource. The identity service can generate the token based at least in part on the mapping object and the policy. The identity service can transmit the token to the pod.

Abstract: A distributed database service can be migrated from a source environment to a destination environment. The distributed database service can be associated with a database and database members. the source environment can include source database members such that each source database member includes a respective image of the database. Migrating the distributed database service can include provisioning a migration gateway in the source environment. Migrating the distributed database service can also include provisioning a domain name system service in the destination environment. Migrating the distributed database service can also include provisioning a first destination database member in the destination environment. While updating the first destination database member with a respective image of the database, the distributed database service can process a database request.

Abstract: A distributed database service can be migrated from a source environment to a destination environment. The distributed database service can be associated with a database and database members. the source environment can include source database members such that each source database member includes a respective image of the database. Migrating the distributed database service can include provisioning a migration gateway in the source environment. Migrating the distributed database service can also include provisioning a domain name system service in the destination environment. Migrating the distributed database service can also include provisioning a first destination database member in the destination environment. While updating the first destination database member with a respective image of the database, the distributed database service can process a database request.

Abstract: Conventional techniques for shutting down preempted nodes includes drawbacks to cloud users and service providers alike. The disclosed techniques are directed to mitigating or eliminating these drawbacks. Upon receiving a preemptible node request, a preemptible node may be generated, labeled as having a particular capacity type, and added to a cluster managed by a cluster manager. In response to detecting the label, the cluster manager may deploy a containerized application to the preemptible node. The containerized application may monitor node metadata to detect preemption of the node. Node metadata may be provided by node metadata service executing at a smart network interface card connected to a host on which the preemptible node executes. In response to detecting preemption, the containerized application may initiate shutdown and/or replacement operations of the preemptible node to reduce or eliminate the negative impact of preemption.

Abstract: Techniques are described for creating a container environment that implements direct communications between pods. This includes the creation of a management component (such as a control plane) of the container environment, the creation of nodes within an implementation component (such as a data plane) of the container environment, and the attaching of virtualized network interface cards (VNICs) to each node. This also includes creating a custom resource for each node, where the custom resource stores internet protocol (IP) addresses assigned to the node and stored within the VNICs for the node. Pods implemented within these nodes obtain an IP address from the VNICs for their respective node and communicate with each other utilizing the IP addresses via virtual communication devices and the VNICs.

Abstract: Techniques are described for transmitting metric data between tenancies. Metric data is gathered for resources within a customer tenancy of a multi-tenant environment. This metric data is sent to a service tenancy of the multi-tenant environment, where the service tenancy is separate from the customer tenancy. The metric data is validated and preprocessed within the service tenancy to make sure that all required fields (such as key-value pairs) are located within the metric data. The preprocessed metric data is then sent to a telemetry service for analysis.

Abstract: Systems, devices, and methods discussed herein are directed to modifying aspects of a compute instance. A user may request a change to the compute instance. The system may derive a state object indicating a future state of the compute instance were the change to be applied. A hash of a subset of the state object's attributes may be computed and provided to the requesting computing component. The system may subsequently proceed with applying the change. A current state object indicating a current state of the compute instance may be derived based on applying the change. An additional hash of the subset of the current state object's attributes may be computed and provided to the requesting computing component. The two hashes may be configured to enable the requesting computing component to verify the change to the compute instance has been implemented.

Abstract: Techniques for migrating worker nodes within clusters to a new manager instance. One technique includes receiving a request to migrate or update a configuration of a cluster within a container system, where the migration or update includes switching from a first communication pathway to a second communication pathway between worker nodes and a manager instance; creating a component and associated IP address for the second communication pathway; communicating a pod specification that includes the IP address for the second communication pathway to the manager instance, where the pod specification will cause a container tool to update each of the worker nodes with the IP address for the second communication pathway; receiving a notification that all worker nodes have been updated with the IP address; and removing a component and associated IP address for the first communication pathway from the cluster.

Abstract: Systems, devices, and methods discussed herein are directed to modifying aspects of a compute instance. A user may request a change to the compute instance. The system may derive a state object indicating a future state of the compute instance were the change to be applied. A hash of a subset of the state object's attributes may be computed and provided to the requesting computing component. The system may subsequently proceed with applying the change. A current state object indicating a current state of the compute instance may be derived based on applying the change. An additional hash of the subset of the current state object's attributes may be computed and provided to the requesting computing component. The two hashes may be configured to enable the requesting computing component to verify the change to the compute instance has been implemented.

Abstract: Techniques for migrating worker nodes within clusters to a new manager instance. One technique includes receiving a request to migrate or update a configuration of a cluster within a container system, where the migration or update includes switching from a first communication pathway to a second communication pathway between worker nodes and a manager instance; creating a component and associated IP address for the second communication pathway; communicating a pod specification that includes the IP address for the second communication pathway to the manager instance, where the pod specification will cause a container tool to update each of the worker nodes with the IP address for the second communication pathway; receiving a notification that all worker nodes have been updated with the IP address; and removing a component and associated IP address for the first communication pathway from the cluster.

Abstract: Techniques for migrating worker nodes within clusters to a new manager instance. One technique includes receiving a request to migrate or update a configuration of a cluster within a container system, where the migration or update includes switching from a first communication pathway to a second communication pathway between worker nodes and a manager instance; creating a component and associated IP address for the second communication pathway; communicating a pod specification that includes the IP address for the second communication pathway to the manager instance, where the pod specification will cause a container tool to update each of the worker nodes with the IP address for the second communication pathway; receiving a notification that all worker nodes have been updated with the IP address; and removing a component and associated IP address for the first communication pathway from the cluster.