4 min read
Just in the same way we backup physical servers, we need to backup Kubernetes workloads to be able to restore it to its previous state: We'll need make sure we are going to be able to restore the objects of any namespace and it's data (PersistentVolumes)
08/05/2023
Read more...1 min read
We can use the labels of a namespace to narrow down the results of a query. For example. we are going to write a query to identify Kubernetes namespaces that have external secrets in a non-ready state and belong to a specific team (we are going to use team-a in this example).
19/04/2023
Read more...1 min read
Starting Kubernetes 1.24, Secrets are not automatically generated when Service Accounts are created. Since we won't have a Secret generated when we create the ServiceAccount, how can we create ServiceAccount Secrets so that External Applications can access the Kubernetes API?
17/04/2023
Read more...3 min read
Velero is an open-source tool that helps you backup, restore, and migrate Kubernetes resources and volumes. It provides a simple and reliable way to protect your Kubernetes applications and data from data loss or disasters. Although Velero supports multiple cloud providers, in this post we are just going to see how to install it on AWS (both using IRSA and an explicit IAM role)
12/04/2023
Read more...2 min read
In Kubernetes, access control is managed using Role-Based Access Control (RBAC), which allows administrators to define roles with specific permissions to access Kubernetes resources. Most of the time we'll grant permissions for any resources of a specific kind and apiGroup as follows:
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: simple-rbac
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
If we want to grant access to just some of the resources, we'll have to add a list of resourceNames. This field allows administrators to grant permissions to specific resources within a namespace, rather than all resources of a particular type.
11/04/2023
Read more...