• Kubernetes: Search for rule granting certain action

    3 min read

    kubernetes role clusterrole rule lookup

    To be able to audit access permissions of users un a Kubernetes cluster we might be interested in searching for Roles or ClusterRoles that grants access to a certain object:

    27/02/2023

    Read more...

  • OpenShift: disabling the web console

    2 min read

    OpenShift web console disable openshift-console

    When running an OpenShift cluster we'll find that it exposes a web-based console that not only allows you to deploy applications, but also managing the cluster. However, since it is an additional way to access the cluster we might have some concerns about it, specially from the security perspective. Specifically, the console can be a potential attack vector to gain unauthorized access to the cluster. Let's see how to disable it.

    26/01/2023

    Read more...

  • Kubernetes: Operator vs Controller

    2 min read

    kubernetes operator controller difference

    In Kubernetes some times we talk about controllers and operators as if they are interchangeable. Some times they are, but there's a difference that in some cases makes it incorrect.

    25/01/2023

    Read more...

  • What's the difference between kubectl apply and kubectl replace?

    2 min read

    difference kubectl apply replace

    To update a kubernetes object we can use kubectl apply or kubectl replace, but depending on what and how we want it updated we need to use one or the other.

    23/01/2023

    Read more...

  • OpenShift: Using oc-mirror to create image mirrors for air gapped environments

    4 min read

    OpenShift mirror air gapped container image ImageContentSourcePolicy

    Combining oc-mirror with ImageContentSourcePolicy we can configure image mirrors for container images in OpenShift. We can use it to setup air gapped environments: The images won't be available for the source repository, just from the internal mirror. This way we can audit them before allowing our cluster to use them

    16/01/2023

    Read more...

More recent...

Older content...

Kubernetes:
container orchestration
kubernetes
Categories
tags related to this category
yq kubectl Linkerd Argo Rollouts Rollouts Capsule Pod MutatingAdmissionPolicy MutatingAdmissionPolicyBinding kind plugin custom command Argo Workflows CronWorkflow StatefulSet Workflow Kaniko WorkflowTemplate install kubernetes security Pod Security Standards port-forward socat operator-sdk golang Pushgateway RBAC Rule troubleshooting APIRequestCount affinity topologySpreadConstraints Route ExternalSecret Secret jsonpath ServiceAccount Ingress k3s letsencrypt tcpdump ssh CRD additionalPrinterColumns Velero query PV Operator Role ClusterRole web-console operator oc-mirror Secrets Manager tekton context Policy enforcement Rules Project ConfigMap Environment ROSA IngressRoute redirect RDS psql API server S3 patch file apply selector minikube arm64 colima EKS-connector SecurityContextConstraint SecretStore scripting CRC credentials Deployment valueFrom setup helm StorageClass tagging EBS externalDNS ALB HPA convert API version example shipwright ECR imagePullSecrets ENI subnet krew blame cloud provider etcd availability zones CoreDNS backend state podAntiAffinity Composite images GKE activeDeadlineSeconds Job lifetime bestby IRSA label annotation PersistentVolume Volume fsGroup vpa cluster autoscaler Karpenter provider kubernetes_manifest fsGroupChangePolicy container escape spot instances termination handler persistentVolumeReclaimPolicy fieldPath upgrade privileged network NetworkPolicy bash ps longhorn ASCP QoD raspberry pi drain evict uncordon kubeconfig config view logs admission controller hook postStart preStop deprecations gp3 get-all taints securityGroup probe readinessProbe livenessProbe tolerations explain MutatingWebhook startupProbe RollingUpdate Recreate PDB emptyDir netstat ss autoscale Kubeconfig initContainers DNS tree DaemonSet stern tail LimitRange resource limits restartPolicy system-upgrade-controller rolling update history undo Volumes awsElasticBlockStore change-cause set image imperative hostAliases imagePullPolicy metrics-server Service overlay agent nodes declarative ELB HTTPS alpine package nodeSelector scheduler kubie api-versions events multiple containers SecretKeyRef ReplicaSet NodePort Pod restart rollout deployment nginx-contoller ValidatingWebhookConfiguration error recovery httpHeaders uid securityContext exec interactive LoadBalancer IAM scale replicas nodeName externalName namespace Cronjob multinode template yaml unused-volumes diff