• OpenShift 3.11 - custom default route certificate failing with certificate has expired or is not yet valid

    2 min read

    OpenShift Route certificate has expired or is not yet valid default router-certs

    After trying to set a custom default certificate for the OpenShift routes we might see how it's Pods starts crashing:

    $ kubectl get pods
NAME                          READY   STATUS             RESTARTS   AGE
router-10-rh8vf               1/1     Running            0          32m
router-10-f2dt2               0/1     CrashLoopBackOff   6          7m
router-10-m45b7               1/1     Running            0          31m

    Checking it's logs we'll get a quite misleading message:

    $ kubectl logs router-10-f2dt2 -n default
Error from server: Get https://some.openshift.cluster:10250/containerLogs/default/router-10-f2dt2/router: x509: certificate has expired or is not yet valid

    04/07/2023

    Read more...

  • ExternalSecret: Partially load a secret

    2 min read

    Kubernetes ExternalSecret

    Sometimes we might have a secret stored in the AWS Secrets Manager with multiple properties but we don't really need all the data stored in the secret. We can tell External Secrets Operator to use just a specific key instead of using the whole secret.

    13/06/2023

    Read more...

  • Add new line when printing data using jsonpath

    2 min read

    kubectl jsonpath output formatting new lines custom delimiters

    When we print values using jsonpath we'll get all the values in a single line (actually, it won't even bother adding the newline character at the end of the list):

    $ kubectl get ns -o jsonpath='{ .items[*].metadata.name }'
default dynamodb-operator ec2-operator iam-operator kube-node-lease kube-public kube-system local-path-storage testvault

    06/06/2023

    Read more...

  • Set the default container for kubectl

    2 min read

    kubernetes Pod default container kubectl

    One of the many improvements we get in Kubernetes 1.27 is the ability to set what's the default container:

    apiVersion: v1
kind: Pod
metadata:
  name: multi-container-pod
spec:
  containers:
  - image: alpine:latest
    name: one
    command:
    - sh
    - -c
    - 'while true; do echo one; sleep 1m; done'
  - image: alpine:latest
    name: two
    command:
    - sh
    - -c
    - 'while true; do echo two; sleep 2m; done'
  - image: alpine:latest
    name: three
    command:
    - sh
    - -c
    - 'while true; do echo tree; sleep 3m; done'

    01/06/2023

    Read more...

  • Managing Environment Variables with kubectl

    2 min read

    kubernetes kubectl environment variable set unset

    In today's highly dynamic and containerized environments, managing environment variables is crucial for configuring applications effectively. With the Kubernetes command-line tool, kubectl, you can imperatively set or remove environment variables for your existing objects.

    21/05/2023

    Read more...

More recent...

Older content...

Kubernetes:
container orchestration
kubernetes
Categories
tags related to this category
Argo Workflows CronWorkflow StatefulSet Workflow Kaniko WorkflowTemplate install kubernetes Pod security Pod Security Standards port-forward socat kubectl operator-sdk golang Pushgateway RBAC Rule troubleshooting APIRequestCount affinity topologySpreadConstraints Route ExternalSecret Secret jsonpath ServiceAccount Ingress k3s letsencrypt tcpdump ssh CRD additionalPrinterColumns Velero query PV Operator Role ClusterRole web-console operator oc-mirror Secrets Manager tekton context Policy enforcement Rules Project ConfigMap Environment ROSA IngressRoute redirect RDS psql kind API server S3 patch file apply selector minikube arm64 colima EKS-connector SecurityContextConstraint SecretStore scripting CRC credentials Deployment valueFrom setup helm StorageClass tagging EBS externalDNS ALB HPA plugin convert API version example custom command shipwright ECR imagePullSecrets ENI subnet krew blame cloud provider etcd availability zones CoreDNS backend state podAntiAffinity Composite images GKE activeDeadlineSeconds Job lifetime bestby IRSA label annotation PersistentVolume Volume fsGroup vpa cluster autoscaler Karpenter provider kubernetes_manifest fsGroupChangePolicy container escape spot instances termination handler persistentVolumeReclaimPolicy fieldPath upgrade privileged network NetworkPolicy bash ps longhorn ASCP QoD raspberry pi drain evict uncordon kubeconfig config view logs admission controller hook postStart preStop deprecations gp3 get-all taints securityGroup probe readinessProbe livenessProbe tolerations explain MutatingWebhook startupProbe RollingUpdate Recreate PDB emptyDir netstat ss autoscale Kubeconfig initContainers DNS tree DaemonSet stern tail LimitRange resource limits restartPolicy system-upgrade-controller rolling update history undo Volumes awsElasticBlockStore change-cause set image imperative hostAliases imagePullPolicy metrics-server Service overlay agent nodes declarative ELB HTTPS alpine package nodeSelector scheduler kubie api-versions events multiple containers SecretKeyRef ReplicaSet NodePort Pod restart rollout deployment nginx-contoller ValidatingWebhookConfiguration error recovery httpHeaders uid securityContext exec interactive LoadBalancer IAM scale replicas nodeName externalName namespace Cronjob multinode template yaml unused-volumes diff