• AWS: Recover a released Elastic IP

    2 min read

    aws EIP EC2

    Once you release an Elastic IP, it goes back to the pool for any other customer to use it. What do we do if we accidentally release an Elastic IP address? I shouldn't be hard for use to just pick a different IP and update the records accordingly if we are using IaC (terraform, pulumi, crossplane...)

    However, sometimes there will be configuration relative to that particular Elastic IP out our control: third-party white listings would be a clear instance of this kind of situations. Can we request AWS to recover a released Elastic IP?

    30/03/2022

    Read more...

  • Kubernetes: Enforcing policies using the OPA gatekeeper

    6 min read

    Kubernetes Policy enforcement OPA gatekeeper

    We might call it best-practices or policies but most organizations have some rules about how their applications should run, for example: Do not use the latest tag. Some others might even be required to meet certain compliance requirements to reach some security standard, for example: Do not use NodePort services.

    To be able to enforce these policies we can use a policy engine like OPA.

    29/03/2022

    Read more...

  • Kubernetes: How to configure Deployment to evenly spread Pods across availability zones

    5 min read

    If you run Kubernetes workloads on AWS you want to make sure Pods are spread across all the available availability zones. To do so we can use podAntiAffinity to tell Kubernetes to avoid deploying all the Pods of the same deployment on the same AZ

    28/03/2022

    Read more...

  • ArgoCD redirect loop when using a Ingress objects with HTTPS offloading

    3 min read

    argocd kubernetes ci/cd AWS ALB Ingress

    When enabling an Ingress for ArgoCD we might end up with a redirect loop: ArgoCD keeps redirecting to the main page using https, even tough it is already using https:

    $ curl -I https://argocd.pet2cattle.com/

HTTP/2 307 
date: Wed, 23 Mar 2022 22:38:31 GMT
content-type: text/html; charset=utf-8
location: https://argocd.pet2cattle.com/

    This issue happens because, by default, ArgoCD expects to handle the TLS termination by itself, always redirecting HTTP requests to HTTPS. If we try to offload the TLS termination to the ingress controller, from ArgoCD's perspective the connection is HTTP, so it keeps redirecting to HTTPS

    24/03/2022

    Read more...

  • Crossplane: Share data between resources within the same Composite

    6 min read

    crossplane kubernetes composite status

    Following up on the previous crossplane example on Composition: creating a SecurityGroup and a SecurityGroupRule using a Composition we are now going to push information from one of the objects into the Composition and then push it back to the other resource:

    The composistion is going to create a SecurityGroup and push it's ID up to the Composite's status. Once the ID is on the Composition, this will push this ID into the SecurityGroupRule to set the SecurityGroup's ID to which we want to create the rule

    22/03/2022

    Read more...

  • Run multiple multiple clusters with minikube

    3 min read

    minikube multiple clusters profile

    Whenever we need to test something on a Kubernetes clusters one of the easier (and cheaper) option is test it out using minikube. However, how do we test a feature that require multiple clusters?

    21/03/2022

    Read more...

  • terraform: Retrieving values from a map using the lookup function

    2 min read

    terraform lookup

    When using HCL, if we want to access an element within a map we can use the usual index access present on many other languages. By using the lookup function we can do exactly that but providing a default value in case there's no such key.

    18/03/2022

    Read more...

  • List all the images a minikube is using

    2 min read

    minikube images

    Running applications on minikube is a great test bed, but it can get messy pretty easily. That's specially true if there are several people messing with it.

    It might be useful to retrieve all the images we are using to run the services. For this we can either describe all the Pods on all the Namespaces or check that the minikube image ls command

    17/03/2022

    Read more...

  • How to create Composite Resources with Crossplane

    5 min read

    crossplane kubernetes aws

    With Crossplane we define Composite resources as the combination of other resources. Let's take a look on how to do this we are going to take some terraform code, tranform it into Crossplane objects and the create a Composition based on them

    16/03/2022

    Read more...

  • How to mount a host directory on minikube

    2 min read

    minikube mount host directory

    To be able to test Kubernetes applications, minikube is a great tool: You can create an ephemeral Kubernetes cluster to test whatever is needed and delete it as easily as it was created. Futhermore, since it can use your computer's resources you won't get billed as you would if you'd choose to use a cloud provider.

    Another advantage is that we can make available local directories to the cluster using minikube mount

    14/03/2022

    Read more...

Older content...

From pet to cattle
Treat your kubernetes clusters like cattle, not pets