-
Install minikube on an Apple Sillicon without Docker Desktop
4 min read
If you try to install minikube on an Apple Sillicon (such as Apple M1, M2...) you will face that some hypervisors doesn't support arm64 yet. Using Docker Destop, on the other hand, has recently changed it's license so it might not be suitable to you
$ minikube start 😄 minikube v1.26.1 on Darwin 12.5.1 (arm64) ✨ Automatically selected the parallels driver. Other choices: ssh, qemu2 (experimental) ❌ Exiting due to DRV_UNSUPPORTED_OS: The driver 'parallels' is not supported on darwin/arm64 $ minikube start --driver docker 😄 minikube v1.26.1 on Darwin 12.5.1 (arm64) ✨ Using the docker driver based on user configuration 💣 Exiting due to PROVIDER_DOCKER_NOT_RUNNING: "docker version --format -" exit status 1: Cannot connect to the Docker daemon at unix:///Users/jordiprats/.rd/docker.sock. Is the docker daemon running? 💡 Suggestion: Start the Docker service 📘 Documentation: https://minikube.sigs.k8s.io/docs/drivers/docker/There are several alternatives to Docker Desktop but the one that I found more convenient and easier to install is Colima
14/09/2022
Read more... -
Setup EKS connector
3 min read
With the EKS connector you are going to be able to connect any Kubernetes cluster to the AWS EKS console to visualize it's status, configuration, nodes and workloads but not much else. Let's take a look what's needed:
12/09/2022
Read more... -
OpenShift: Assign SCC to a SA
3 min read
If you try to create a pod with some privileges using the securityContext you are going to find out that it's not going to work on OpenShift as it would on a vanilla Kubernetes:
$ kubectl describe sts example-no-scc Name: example-no-scc (...) Events: Type Reason Age From Message ---- ------ ---- ---- ------- Warning FailedCreate 18s (x13 over 38s) statefulset-controller create Pod example-no-scc-0 in StatefulSet example-no-scc failed error: pods "example-no-scc-0" is forbidden: unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, spec.initContainers[0].securityContext.capabilities.add: Invalid value: "DAC_OVERRIDE": capability may not be added, spec.containers[0].securityContext.capabilities.add: Invalid value: "DAC_OVERRIDE": capability may not be added, spec.containers[1].securityContext.capabilities.add: Invalid value: "DAC_OVERRIDE": capability may not be added, provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "node-exporter": Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount]08/09/2022
Read more... -
Kubernetes Secrets: Install External Secrets Operator
2 min read
The Kubernetes External Secrets have evolved into an Operator: External Secrets Operator What does it bring to the table?
05/09/2022
Read more... -
OpenShift: The difference between Project and Namespace
3 min read
In OpenShift instead of working with Namespaces it uses Projects, but by creating a Project it going to create a Namespace under the hood. What's the difference?
$ oc get project NAME DISPLAY NAME STATUS (...) demo Active $ oc get ns NAME STATUS AGE (...) demo Active 29d02/09/2022
Read more...
Kubernetes:
container orchestration
tags related to this category
yq
kubectl
Linkerd
Argo Rollouts
Rollouts
Capsule
Pod
MutatingAdmissionPolicy
MutatingAdmissionPolicyBinding
kind
plugin
custom command
Argo Workflows
CronWorkflow
StatefulSet
Workflow
Kaniko
WorkflowTemplate
install
kubernetes
security
Pod Security Standards
port-forward
socat
operator-sdk
golang
Pushgateway
RBAC
Rule
troubleshooting
APIRequestCount
affinity
topologySpreadConstraints
Route
ExternalSecret
Secret
jsonpath
ServiceAccount
Ingress
k3s
letsencrypt
tcpdump
ssh
CRD
additionalPrinterColumns
Velero
query
PV
Operator
Role
ClusterRole
web-console
operator
oc-mirror
Secrets Manager
tekton
context
Policy enforcement
Rules
Project
ConfigMap
Environment
ROSA
IngressRoute
redirect
RDS
psql
API server
S3
patch
file
apply
selector
minikube
arm64
colima
EKS-connector
SecurityContextConstraint
SecretStore
scripting
CRC
credentials
Deployment
valueFrom
setup
helm
StorageClass
tagging
EBS
externalDNS
ALB
HPA
convert
API version
example
shipwright
ECR
imagePullSecrets
ENI
subnet
krew
blame
cloud provider
etcd
availability zones
CoreDNS
backend
state
podAntiAffinity
Composite
images
GKE
activeDeadlineSeconds
Job
lifetime
bestby
IRSA
label
annotation
PersistentVolume
Volume
fsGroup
vpa
cluster autoscaler
Karpenter
provider
kubernetes_manifest
fsGroupChangePolicy
container escape
spot instances
termination handler
persistentVolumeReclaimPolicy
fieldPath
upgrade
privileged
network
NetworkPolicy
bash
ps
longhorn
ASCP
QoD
raspberry pi
drain
evict
uncordon
kubeconfig
config view
logs
admission controller
hook
postStart
preStop
deprecations
gp3
get-all
taints
securityGroup
probe
readinessProbe
livenessProbe
tolerations
explain
MutatingWebhook
startupProbe
RollingUpdate
Recreate
PDB
emptyDir
netstat
ss
autoscale
Kubeconfig
initContainers
DNS
tree
DaemonSet
stern
tail
LimitRange
resource limits
restartPolicy
system-upgrade-controller
rolling update
history
undo
Volumes
awsElasticBlockStore
change-cause
set image
imperative
hostAliases
imagePullPolicy
metrics-server
Service
overlay
agent
nodes
declarative
ELB
HTTPS
alpine
package
nodeSelector
scheduler
kubie
api-versions
events
multiple containers
SecretKeyRef
ReplicaSet
NodePort
Pod restart
rollout
deployment
nginx-contoller
ValidatingWebhookConfiguration
error recovery
httpHeaders
uid
securityContext
exec
interactive
LoadBalancer
IAM
scale
replicas
nodeName
externalName
namespace
Cronjob
multinode
template
yaml
unused-volumes
diff