• Generate ServiceAccount Secrets

    1 min read

    Kubernetes ServiceAccount Secrets API Access

    Starting Kubernetes 1.24, Secrets are not automatically generated when Service Accounts are created. Since we won't have a Secret generated when we create the ServiceAccount, how can we create ServiceAccount Secrets so that External Applications can access the Kubernetes API?

    17/04/2023

    Read more...

  • Kubernetes Backup and Restore: Install Velero on AWS

    3 min read

    Kubernetes backup velero helm install aws

    Velero is an open-source tool that helps you backup, restore, and migrate Kubernetes resources and volumes. It provides a simple and reliable way to protect your Kubernetes applications and data from data loss or disasters. Although Velero supports multiple cloud providers, in this post we are just going to see how to install it on AWS (both using IRSA and an explicit IAM role)

    12/04/2023

    Read more...

  • Managing Access Control in Kubernetes Using ResourceNames

    2 min read

    Kubernetes access control RBAC resourceNames namespace permissions specific resources

    In Kubernetes, access control is managed using Role-Based Access Control (RBAC), which allows administrators to define roles with specific permissions to access Kubernetes resources. Most of the time we'll grant permissions for any resources of a specific kind and apiGroup as follows:

    apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: simple-rbac
rules:
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get"]

    If we want to grant access to just some of the resources, we'll have to add a list of resourceNames. This field allows administrators to grant permissions to specific resources within a namespace, rather than all resources of a particular type.

    11/04/2023

    Read more...

  • How to Change the Scope of a Kubernetes API Resource with Operator-SDK

    2 min read

    Kubernetes API Resource Operator-SDK CustomResourceDefinition Namespaced Cluster Scope

    When creating a new API resource using the operator-sdk we can use the namespaced flag to make it Namespaced:

    $ operator-sdk create api --group group \
                          --version v1 \
                          --kind Example \
                          --resource \
                          --controller

    Or in the cluster scope:

    $ operator-sdk create api --group group \
                          --version v1 \
                          --kind Example \
                          --resource \
                          --controller \
                          --namespaced=false

    Maybe because we forgot to add the flag or because we have changed our mind, we don't need delete the object to change the scope of it, let's see how.

    05/04/2023

    Read more...

  • How to Monitor Kubernetes Applications with Prometheus Operator

    2 min read

    install prometheus operator helm

    Prometheus is an open-source systems monitoring and alerting toolkit that users a multi-dimensional data model with time series data identified by metric name and key/value pairs.

    The Prometheus operator is a Kubernetes operator that simplifies the provision and management of Prometheus instances on Kubernetes. It provides easy management of Prometheus instances as native Kubernetes resources, and also includes a built-in service discovery mechanism to automatically discover and monitor Kubernetes services.

    04/04/2023

    Read more...

More recent...

Older content...

Kubernetes:
container orchestration
kubernetes
Categories
tags related to this category
kubectl operator-sdk golang Pushgateway RBAC Rule troubleshooting APIRequestCount Pod affinity topologySpreadConstraints Route ExternalSecret Secret jsonpath ServiceAccount Ingress k3s letsencrypt tcpdump ssh CRD additionalPrinterColumns Velero query PV Operator Role ClusterRole web-console operator oc-mirror Secrets Manager tekton context Policy enforcement Rules Project ConfigMap Environment ROSA IngressRoute redirect RDS psql kind API server S3 patch file apply selector minikube arm64 colima EKS-connector SecurityContextConstraint SecretStore scripting CRC credentials Deployment valueFrom setup helm StorageClass tagging EBS externalDNS ALB HPA plugin convert API version example custom command shipwright ECR imagePullSecrets ENI subnet krew blame cloud provider etcd availability zones CoreDNS backend state Kaniko podAntiAffinity Composite images GKE activeDeadlineSeconds Job lifetime bestby IRSA label annotation PersistentVolume StatefulSet Volume fsGroup vpa cluster autoscaler Karpenter provider kubernetes_manifest fsGroupChangePolicy container escape spot instances termination handler persistentVolumeReclaimPolicy fieldPath upgrade privileged network NetworkPolicy bash ps longhorn ASCP QoD raspberry pi drain evict uncordon kubeconfig config view logs admission controller hook postStart preStop deprecations gp3 get-all taints securityGroup probe readinessProbe livenessProbe tolerations explain MutatingWebhook startupProbe RollingUpdate Recreate PDB emptyDir socat netstat ss autoscale Kubeconfig initContainers DNS tree DaemonSet stern tail LimitRange resource limits restartPolicy system-upgrade-controller rolling update history undo Volumes awsElasticBlockStore change-cause set image imperative port-forward hostAliases imagePullPolicy metrics-server Service overlay agent nodes declarative ELB HTTPS alpine package nodeSelector scheduler kubie api-versions events multiple containers SecretKeyRef ReplicaSet NodePort Pod restart rollout deployment nginx-contoller ValidatingWebhookConfiguration error recovery httpHeaders security uid securityContext exec interactive LoadBalancer IAM scale replicas nodeName externalName namespace Cronjob multinode template yaml unused-volumes diff