• Setup EKS connector

    3 min read

    With the EKS connector you are going to be able to connect any Kubernetes cluster to the AWS EKS console to visualize it's status, configuration, nodes and workloads but not much else. Let's take a look what's needed:

    12/09/2022

    Read more...
  • OpenShift: Assign SCC to a SA

    3 min read

    SecurityContextConstraint OpenShift ServiceAccount Pod

    If you try to create a pod with some privileges using the securityContext you are going to find out that it's not going to work on OpenShift as it would on a vanilla Kubernetes:

    $ kubectl describe sts example-no-scc
    Name:               example-no-scc
    (...)
    
    Events:
      Type     Reason        Age                 From                    Message
      ----     ------        ----                ----                    -------
      Warning  FailedCreate  18s (x13 over 38s)  statefulset-controller  create Pod example-no-scc-0 in StatefulSet example-no-scc failed error: pods "example-no-scc-0" is forbidden: unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, spec.initContainers[0].securityContext.capabilities.add: Invalid value: "DAC_OVERRIDE": capability may not be added, spec.containers[0].securityContext.capabilities.add: Invalid value: "DAC_OVERRIDE": capability may not be added, spec.containers[1].securityContext.capabilities.add: Invalid value: "DAC_OVERRIDE": capability may not be added, provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "node-exporter": Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount]
    

    08/09/2022

    Read more...
  • OpenShift: The difference between Project and Namespace

    3 min read

    In OpenShift instead of working with Namespaces it uses Projects, but by creating a Project it going to create a Namespace under the hood. What's the difference?

    $ oc get project
    NAME                                               DISPLAY NAME   STATUS
    (...)
    demo                                                              Active
    $ oc get ns
    NAME                                               STATUS   AGE
    (...)
    demo                                               Active   29d
    

    02/09/2022

    Read more...
  • OpenShift CRC: Customize admin password

    1 min read

    When setting up a CRC cluster we might want to be able to set a specific admin password instead of having to retrieve it using crc console.

    30/08/2022

    Read more...
  • Getting regular user and admin credentials to login to a CRC cluster

    2 min read

    If we are using CRC to run a minikube-like OpenShift cluster we'll need the use oc login to connect to the cluster. If we don't have the credentials but the cluster is not deleted, we can still retrieve them

    25/08/2022

    Read more...

From pet to cattle
Treat your kubernetes clusters like cattle, not pets
Categories