• Running tcpdump on an OpenShift cluster

    3 min read

    OpenShift tcpdump troubleshooting

    If we want to take a look at the network traffic that we get out of an OpenShift node we can use the oc debug command to spin up a privileged pod with tcpdump installed. This way we don't need to ssh into the worker node.

    22/05/2023

    Read more...

  • Automatically stablish a SSH tunnel to connect to k8s with kubectl

    4 min read

    Kubernetes k3s SSH tunnel

    Kubernetes is a powerful container orchestration platform used by many organizations to deploy and manage their applications. Interacting with a Kubernetes cluster requires configuring the kubeconfig file with the necessary credentials. However, managing these credentials can be challenging, especially in scenarios where a bastion host or SSH tunnel is required.

    With kubectl-tokensshtunnel we can automate the process of creating an SSH tunnel to a remote server and retrieving the Kubernetes credentials from there. This tool simplifies access to remote Kubernetes clusters by securely caching the credentials for a specified duration.

    18/05/2023

    Read more...

  • Operator-SDK: Set custom fields for kubectl get

    2 min read

    Kubernetes Operator-SDK CustomResourceDefinition additionalPrinterColumns get fields

    When writing a custom Kubernetes operator using operator-sdk we might want to change the fields are show when running kubectl get:

    $ kubectl get example
NAME   AGE
demo   4h20m

    To do so, we'll need to add the additionalPrinterColumns field the the CustomResourceDefinition, but since we are using operator-sdk to take care of this, we'll need to use some annotations in the resource definition file.

    15/05/2023

    Read more...

  • Velero: Backup and restore

    4 min read

    Kubernetes backup velero aws backup restore schedule

    Just in the same way we backup physical servers, we need to backup Kubernetes workloads to be able to restore it to its previous state: We'll need make sure we are going to be able to restore the objects of any namespace and it's data (PersistentVolumes)

    08/05/2023

    Read more...

  • Prometheus: Using Namespace Labels to Narrow Down Prometheus Query Results

    1 min read

    prometheus filter namespace label join group_left kube_namespace_labels

    We can use the labels of a namespace to narrow down the results of a query. For example. we are going to write a query to identify Kubernetes namespaces that have external secrets in a non-ready state and belong to a specific team (we are going to use team-a in this example).

    19/04/2023

    Read more...

More recent...

Older content...

Kubernetes:
container orchestration
kubernetes
Categories
tags related to this category
kubectl operator-sdk golang Pushgateway RBAC Rule troubleshooting APIRequestCount Pod affinity topologySpreadConstraints Route ExternalSecret Secret jsonpath ServiceAccount Ingress k3s letsencrypt tcpdump ssh CRD additionalPrinterColumns Velero query PV Operator Role ClusterRole web-console operator oc-mirror Secrets Manager tekton context Policy enforcement Rules Project ConfigMap Environment ROSA IngressRoute redirect RDS psql kind API server S3 patch file apply selector minikube arm64 colima EKS-connector SecurityContextConstraint SecretStore scripting CRC credentials Deployment valueFrom setup helm StorageClass tagging EBS externalDNS ALB HPA plugin convert API version example custom command shipwright ECR imagePullSecrets ENI subnet krew blame cloud provider etcd availability zones CoreDNS backend state Kaniko podAntiAffinity Composite images GKE activeDeadlineSeconds Job lifetime bestby IRSA label annotation PersistentVolume StatefulSet Volume fsGroup vpa cluster autoscaler Karpenter provider kubernetes_manifest fsGroupChangePolicy container escape spot instances termination handler persistentVolumeReclaimPolicy fieldPath upgrade privileged network NetworkPolicy bash ps longhorn ASCP QoD raspberry pi drain evict uncordon kubeconfig config view logs admission controller hook postStart preStop deprecations gp3 get-all taints securityGroup probe readinessProbe livenessProbe tolerations explain MutatingWebhook startupProbe RollingUpdate Recreate PDB emptyDir socat netstat ss autoscale Kubeconfig initContainers DNS tree DaemonSet stern tail LimitRange resource limits restartPolicy system-upgrade-controller rolling update history undo Volumes awsElasticBlockStore change-cause set image imperative port-forward hostAliases imagePullPolicy metrics-server Service overlay agent nodes declarative ELB HTTPS alpine package nodeSelector scheduler kubie api-versions events multiple containers SecretKeyRef ReplicaSet NodePort Pod restart rollout deployment nginx-contoller ValidatingWebhookConfiguration error recovery httpHeaders security uid securityContext exec interactive LoadBalancer IAM scale replicas nodeName externalName namespace Cronjob multinode template yaml unused-volumes diff