-
Kubernetes: Search the specific rule granting a given permission
2 min read
Sometimes might be difficult to tell how some subject (User, ServiceAccount, ...) is able to perform a certain task: What's the Role or ClusterRole granting some permission?
For this we can use the searchrule plugin.
25/07/2023
Read more... -
Monitoring APIRequestCount in OpenShift
2 min read
Openshift provides an object that tracks the number of requests made to the Kubernetes API server. It provides insights into the load on the cluster, the performance of applications, and helps in capacity planning. By monitoring APIRequestCount, you can identify potential bottlenecks, detect unusual spikes in traffic, and optimize resource allocation.
$ kubectl get apirequestcounts NAME REMOVEDINRELEASE REQUESTSINCURRENTHOUR REQUESTSINLAST24H alertmanagerconfigs.v1alpha1.monitoring.coreos.com 6 1706 alertmanagers.v1.monitoring.coreos.com 20 2891 apiservices.v1.apiregistration.k8s.io 994 99521 (...)11/07/2023
Read more... -
Kubernetes: Configuring Topology Spread Constraints to tune Pod scheduling
2 min read
Ensuring high availability and fault tolerance in a Kubernetes cluster is a complex task: One important feature that allows us to addresses this challenge is Topology Spread Constraints.
10/07/2023
Read more... -
OpenShift 3.11 - custom default route certificate failing with certificate has expired or is not yet valid
2 min read
After trying to set a custom default certificate for the OpenShift routes we might see how it's Pods starts crashing:
$ kubectl get pods NAME READY STATUS RESTARTS AGE router-10-rh8vf 1/1 Running 0 32m router-10-f2dt2 0/1 CrashLoopBackOff 6 7m router-10-m45b7 1/1 Running 0 31mChecking it's logs we'll get a quite misleading message:
$ kubectl logs router-10-f2dt2 -n default Error from server: Get https://some.openshift.cluster:10250/containerLogs/default/router-10-f2dt2/router: x509: certificate has expired or is not yet valid04/07/2023
Read more...