• Kubernetes: Apply parts of a manifest by labels

    2 min read

    kubernetes kubectl selector apply

    Sometimes we might have a manifest file with a lot of objects in it but we don't really need them all. We can use it's labels to install just the objects that have a specific label.


  • Install minikube on an Apple M1 without Docker Desktop

    4 min read

    minikube docker colima apple M1 arm64

    If you try to install minikube on an Apple M1 you will face that some hypervisors doesn't support arm64 yet. Using Docker Destop, on the other hand, has recently changed it's license so it might not be suitable to you

    $ minikube start
    😄  minikube v1.26.1 on Darwin 12.5.1 (arm64)
    ✨  Automatically selected the parallels driver. Other choices: ssh, qemu2 (experimental)
    ❌  Exiting due to DRV_UNSUPPORTED_OS: The driver 'parallels' is not supported on darwin/arm64
    $ minikube start --driver docker
    😄  minikube v1.26.1 on Darwin 12.5.1 (arm64)
    ✨  Using the docker driver based on user configuration
    💣  Exiting due to PROVIDER_DOCKER_NOT_RUNNING: "docker version --format -" exit status 1: Cannot connect to the Docker daemon at unix:///Users/jordiprats/.rd/docker.sock. Is the docker daemon running?
    💡  Suggestion: Start the Docker service
    📘  Documentation: https://minikube.sigs.k8s.io/docs/drivers/docker/

    There are several alternatives to Docker Desktop but the one that I found more convenient and easier to install is Colima


  • Setup EKS connector

    3 min read

    With the EKS connector you are going to be able to connect any Kubernetes cluster to the AWS EKS console to visualize it's status, configuration, nodes and workloads but not much else. Let's take a look what's needed:


  • OpenShift: Assign SCC to a SA

    3 min read

    SecurityContextConstraint OpenShift ServiceAccount Pod

    If you try to create a pod with some privileges using the securityContext you are going to find out that it's not going to work on OpenShift as it would on a vanilla Kubernetes:

    $ kubectl describe sts example-no-scc
    Name:               example-no-scc
      Type     Reason        Age                 From                    Message
      ----     ------        ----                ----                    -------
      Warning  FailedCreate  18s (x13 over 38s)  statefulset-controller  create Pod example-no-scc-0 in StatefulSet example-no-scc failed error: pods "example-no-scc-0" is forbidden: unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, spec.initContainers[0].securityContext.capabilities.add: Invalid value: "DAC_OVERRIDE": capability may not be added, spec.containers[0].securityContext.capabilities.add: Invalid value: "DAC_OVERRIDE": capability may not be added, spec.containers[1].securityContext.capabilities.add: Invalid value: "DAC_OVERRIDE": capability may not be added, provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "node-exporter": Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount]


  • Kubernetes Secrets: Install External Secrets Operator

    2 min read

    Kubernetes Secret ExternalSecret Operator SecretStore

    The Kubernetes External Secrets have evolved into an Operator: External Secrets Operator What does it bring to the table?



More recent...

Older content...

container orchestration
tags related to this category
kind API server S3 kubectl patch file apply selector minikube arm64 ROSA EKS-connector SecurityContextConstraint Secret ExternalSecret SecretStore Project jsonpath scripting CRC credentials Deployment Pod valueFrom setup troubleshooting helm StorageClass tagging EBS externalDNS Ingress ALB HPA operator-sdk golang plugin convert API version example custom command shipwright ECR imagePullSecrets ENI subnet krew blame k3s cloud provider etcd availability zones CoreDNS backend state Kaniko Policy enforcement affinity podAntiAffinity Composite images GKE activeDeadlineSeconds Job lifetime bestby IRSA label annotation PersistentVolume StatefulSet Volume fsGroup vpa cluster autoscaler Karpenter provider kubernetes_manifest fsGroupChangePolicy container escape spot instances termination handler persistentVolumeReclaimPolicy fieldPath Environment redirect upgrade privileged network NetworkPolicy bash ps longhorn ServiceAccount ASCP QoD raspberry pi drain evict uncordon kubeconfig config view logs admission controller hook postStart preStop deprecations gp3 get-all taints securityGroup probe readinessProbe livenessProbe tolerations explain MutatingWebhook startupProbe RollingUpdate Recreate PDB emptyDir socat netstat ss autoscale Kubeconfig ConfigMap initContainers DNS tree DaemonSet stern tail LimitRange resource limits restartPolicy system-upgrade-controller rolling update history undo Volumes awsElasticBlockStore change-cause set image imperative port-forward hostAliases imagePullPolicy metrics-server Service overlay agent nodes declarative ELB HTTPS alpine package nodeSelector scheduler context kubie api-versions events multiple containers SecretKeyRef ReplicaSet NodePort Pod restart rollout deployment nginx-contoller ValidatingWebhookConfiguration error recovery httpHeaders security uid securityContext exec interactive LoadBalancer IAM scale replicas nodeName externalName namespace Cronjob multinode template yaml unused-volumes diff