• How to use the Datadog Python Library to send custom metrics

    3 min read

    Using the Datadog Python Library we can very easily inject metrics into Datadog. These metrics will fall into the "custom metrics" category. Let's check the python code needed to do so:

    16/07/2021

    Read more...

  • Kubernetes: Exposing a service listening to localhost using socat

    2 min read

    kubernetes socat

    On Kubernetes, if we want to publish a port that it's listening just to localhost without having to modify the container image we can create another container image to work as a TCP proxy using socat

    15/07/2021

    Read more...

  • Conditional expressions in helm

    2 min read

    helm expressions if else

    Maybe one of the main challenges about helm is the complexity of it's template rendering engine: It's not very intuitive

    14/07/2021

    Read more...

  • openssl: How to check that a certificate matches a private key

    2 min read

    If we try to install a certificate on a service but we install an incorrect private key, the service will fail, most likely, with some cryptic message. But, how do we make sure that a certificate has been generated using the correct private key? Checking the modulus of each one can help verifying this

    13/07/2021

    Read more...

  • Failed build model due to couldn't auto-discover subnets: unable to discover at least one subnet

    2 min read

    Using an ALB controller we might face the following error while creating Ingress objects:

    $ kubectl describe ingress pet2cattle -n pet2cattle
Name:             pet2cattle
Namespace:        pet2cattle
Address:          
Default backend:  default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
  Host                        Path  Backends
  ----                        ----  --------
  admin-site.pet2cattle.com  
                              /   ssl-redirect:use-annotation (<error: endpoints "ssl-redirect" not found>)
                              /   pet2cattle:http (10.103.202.36:9000)
Annotations:                  alb.ingress.kubernetes.io/actions.ssl-redirect:
                                {"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}
                              alb.ingress.kubernetes.io/group.name: pet2cattle
                              alb.ingress.kubernetes.io/listen-ports: [{"HTTP":80},{"HTTPS":443}]
                              alb.ingress.kubernetes.io/scheme: internal
                              alb.ingress.kubernetes.io/target-type: ip
                              kubernetes.io/ingress.class: alb
                              meta.helm.sh/release-name: pet2cattle
                              meta.helm.sh/release-namespace: pet2cattle

Events:
  Type     Reason            Age                 From     Message
  ----     ------            ----                ----     -------
  Warning  FailedBuildModel  16m (x19 over 38m)  ingress  Failed build model due to couldn't auto-discover subnets: unable to discover at least one subnet

    This message is telling us that the ALB controller is no able to find the subnets of the requested type. We will have to check the following:

    12/07/2021

    Read more...

  • CLI tool to retrieve CloudWatch logs

    1 min read

    Using the awslogs cli tool we can query groups, streams and events from Amazon CloudWatch logs. It also has a human-friendly format for time-filtering

    It's available as using pip so to install it we just need to run:

    pip install awslogs

    09/07/2021

    Read more...

  • Push to a remote branch that already exists locally

    2 min read

    In cas we need to have multiple remote repositories it's branches names are likely to clash. A clear example it the master branch. How can we switch between branches from remote repositories if they have the same name?

    08/07/2021

    Read more...

  • netstat and ss alternative to get the list of listening TCP ports

    4 min read

    On docker containers we might not have neither netstat nor ss installed, yet we can still get the list of listening TCP ports by looking at the /proc filesystem

    07/07/2021

    Read more...

  • Test SSL protocols availability using openssl s_client

    3 min read

    To make sure we don't publish an SSL service with vulnerable protocols enabled we can check which protocols the server has enabled using openssl s_client

    Depending on the OpenSSL version we have we will have different procotols available. For example, if we are using OpenSSL 1.0.2j we will have the following options for s_client:

     -ssl2         - just use SSLv2
 -ssl3         - just use SSLv3
 -tls1_2       - just use TLSv1.2
 -tls1_1       - just use TLSv1.1
 -tls1         - just use TLSv1
 -dtls1        - just use DTLSv1

    On the other hand, if we are using OpenSSL 1.1.1f we will only have:

     -tls1                      Just use TLSv1
 -tls1_1                    Just use TLSv1.1
 -tls1_2                    Just use TLSv1.2
 -tls1_3                    Just use TLSv1.3

    06/07/2021

    Read more...

  • Testing a TCP connection using bash

    2 min read

    bash test connection

    To be able to debug issues we can test a TCP connection using netcat (nc) or even telnet. But when we are on a containerized environment such as Kubernetes it can be a challenge when the container doesn't have the right tools for the job

    $ nc
bash: nc: command not found
$ netcat
bash: netcat: command not found
$ telnet
bash: telnet: command not found

    05/07/2021

    Read more...

Older content...

From pet to cattle
Treat your kubernetes clusters like cattle, not pets