• Helm templates: Using fullname inside a range block

    2 min read

    helm template fullname range

    If we try to use the template fullname function inside a range block as follows:

    {{ range .Values.secrets }}
---
apiVersion: 'kubernetes-client.io/v1'
kind: ExternalSecret
metadata:
  name: "{{ template "pet2cattle.fullname" . }}-{{ . | replace "_" "-" }}"
(...)
{{ end }}

    We will get a can't evaluate field Values in type string like follows:

    Error: template: pet2cattle/templates/_helpers.tpl:14:14: executing "pet2cattle.fullname" at <.Values.fullnameOverride>: can't evaluate field Values in type string

    29/12/2021

    Read more...

  • Traefik Ingress controller: How to to redirect all http traffic to https

    2 min read

    traefik redirect http https ingress helm

    If you want to redirect all your HTTP requests to HTTPS, we can configure Traefik to do it for all the Ingress object we have configured

    28/12/2021

    Read more...

  • K3s: Upgrade your Traefik ingress controller to version 2

    2 min read

    traefik k3s upgrade

    If you have K3s' system-upgrade-controller installed you might have noticed how charts appear under /var/lib/rancher/k3s/server/static/charts but your traefik Ingress controller is not being updated:

    # pwd
/var/lib/rancher/k3s/server/static/charts
# ls -lrt
total 104
-rw------- 1 root root 27292 May 21  2021 traefik-1.81.0.tgz
-rw------- 1 root root   914 Nov 21 17:19 traefik-crd-9.18.2.tgz
-rw------- 1 root root 17008 Nov 21 17:19 traefik-9.18.2.tgz
-rw------- 1 root root   914 Dec  3 07:14 traefik-crd-9.18.201.tgz
-rw------- 1 root root 17041 Dec  3 07:14 traefik-9.18.201.tgz
-rw------- 1 root root 17685 Dec 22 19:07 traefik-10.3.001.tgz
-rw------- 1 root root  7396 Dec 22 19:07 traefik-crd-10.3.001.tgz

    27/12/2021

    Read more...

  • Generate public SSH key from existing private SSH key

    1 min read

    To be able to successfully connect using SSH keys we need to have the private key on the client side and the public key set on the server side (where we want to connect). If we only have the private key, we can generate a public SSH key from it

    24/12/2021

    Read more...

  • How risky it really is to run a Pod with privileged: true?

    3 min read

    kubernetes privileged pod

    When running containers, by default we will have an isolation between the host and the running container: you cannot access the host’s resources. But when you run a Pod with the privileged flag, you are effectively disabling this isolation making it equivalent to running that process as root on the host server.

    22/12/2021

    Read more...

  • Enforce resource tagging on AWS using an IAM policy

    2 min read

    It is good practice to tag all the resources on AWS to be able to better keep track of them: Using these tags we can have a better understanding of where we are spending our money into. So, we might want to enforce tagging to the resources: This is something we can achieve using an IAM policy

    21/12/2021

    Read more...

  • Network policies on Kubernetes

    2 min read

    kubernetes network policies

    Network policies are objects that allows you to control the flow of connections to and from pods. By default all pods are completely open to all communications, but as soon as a pod is selected by a policy, it is no longer be considered open: just the connections allowed by the NetworkPolicy will be allowed

    20/12/2021

    Read more...

  • docker: Finding an alternative to the ps command using the /proc filesystem

    2 min read

    On some container we might find the nasty surprise that the ps command is no available:

    $ ps
sh: 1: ps: not found

    If we need to check the processes (and it's arguments) we'll need to resort to the /proc filesystem

    16/12/2021

    Read more...

  • Install longhorn on a K3S cluster

    3 min read

    install longhorn k3s

    Longhorn is a highly available persistent storage for Kubernetes. It implements distributed block storage using containers and microservices creating a dedicated storage controller for each block device volume and synchronously replicating the volume across multiple replicas stored on multiple nodes. It might sound intimidating, but it's very straightforward to install

    13/12/2021

    Read more...

  • AWS CLI: Decode authorization message

    2 min read

    AWS awscli decode authorization message

    When a user is not authorized to perform a certain operation on the AWS API, a HTTP 403 is returned (Client.UnauthorizedOperation) and may include encoded message that provides additional details about this authorization failure. This encoded message can be decoded using aws cli

    08/12/2021

    Read more...

Older content...

From pet to cattle
Treat your kubernetes clusters like cattle, not pets