-
Install Crossplane on AWS with the native provider
4 min read
Crossplane is an open source Kubernetes add-on that lets you create cloud resources using Kubernetes objects (CRDs). It's installation it's straightforward, but once we have it installed the key it to properly configure it's providers. Here we are going to use the crossplane's native AWS provider
28/02/2022
Read more... -
How to debug a crossplane provider
4 min read
To be able to setup a crossplane provider there are some pieces that need to be aligned to be able to use it. For example, if we want to setup the AWS provider using an IAM Role for ServiceAccount. If something is missaligned, we might end up with an error while creating resources that doesn't really clarify what's the actual error:
$ kubectl describe bucket.s3.aws.crossplane.io/test-bucket Name: test-bucket Namespace: Labels: <none> Annotations: crossplane.io/external-name: pet2cattle-demo API Version: s3.aws.crossplane.io/v1beta1 Kind: Bucket Metadata: (...) Spec: (...) Provider Config Ref: Name: aws-provider Status: At Provider: Arn: Conditions: Last Transition Time: 2022-02-22T21:43:23Z Message: observe failed: failed to query Bucket: api error MovedPermanently: Moved Permanently Reason: ReconcileError Status: False Type: Synced Events: Type Reason Age From Message ---- ------ ---- ---- ------- Warning CannotObserveExternalResource 7s (x6 over 36s) managed/bucket.s3.aws.crossplane.io failed to query Bucket: api error MovedPermanently: Moved Permanently23/02/2022
Read more... -
Dynamically provisioned PersistentVolumes using StatefulSet
6 min read
The basic idea behind a StatefulSet is to be able to manage stateful workloads on Kubernetes, unlike Deployments, creating a unique identity for each Pod using a common spec.
With this in mind we might just copy the Pod's template from a Deployment to a StatefulSet object to make it stateful, but it's not always quite that simple.
21/02/2022
Read more... -
How to set filesystem permissions on Volumes for non-root containers
3 min read
As a best practice we should try run containers with the minimum privileges they require: If we want to run a container with a non-root user we need to specify the user we want to use with securityContext.runAsUser (unless the container is not already using a non-privileged user).
By doing so when working with Volumes we might get a Permission denied while accessing the container
18/02/2022
Read more... -
Setting up the Vertical Pod Autoscaler
3 min read
To be able take advantage of using a Cluster Autoscaler (same applies to AWS Karpenter) we need make sure we properly set the resources any scheduled Pod is requesting to Kubernetes:
- If we are requesting too much resources, we will be wasting resources
- If we are requesting too few, the application might end up on a node where it needs to constantly share resources with other Pods
When we are not use the resources a given Pod or container is going to use, we can use the Vertical Pod Autoscaler to help us define them
14/02/2022
Read more...
Kubernetes:
container orchestration