• How to Change the Scope of a Kubernetes API Resource with Operator-SDK

    2 min read

    Kubernetes API Resource Operator-SDK CustomResourceDefinition Namespaced Cluster Scope

    When creating a new API resource using the operator-sdk we can use the namespaced flag to make it Namespaced:

    $ operator-sdk create api --group group \
                              --version v1 \
                              --kind Example \
                              --resource \
                              --controller
    

    Or in the cluster scope:

    $ operator-sdk create api --group group \
                              --version v1 \
                              --kind Example \
                              --resource \
                              --controller \
                              --namespaced=false
    

    Maybe because we forgot to add the flag or because we have changed our mind, we don't need delete the object to change the scope of it, let's see how.

    05/04/2023

    Read more...
  • How to Monitor Kubernetes Applications with Prometheus Operator

    2 min read

    install prometheus operator helm

    Prometheus is an open-source systems monitoring and alerting toolkit that users a multi-dimensional data model with time series data identified by metric name and key/value pairs.

    The Prometheus operator is a Kubernetes operator that simplifies the provision and management of Prometheus instances on Kubernetes. It provides easy management of Prometheus instances as native Kubernetes resources, and also includes a built-in service discovery mechanism to automatically discover and monitor Kubernetes services.

    04/04/2023

    Read more...
  • Optional Secrets as Volumes or Environment variables

    3 min read

    kubernetes secret optional volume envirnment variable

    Secrets contain sensitive data such as passwords, tokens, and certificates. They can be used by Kubernetes pods to authenticate with other systems. However, some of them might be optional so we'll want to be able to create the Pod without having to use some template engine to handle whether the secret is present or not.

    06/03/2023

    Read more...
  • Kubernetes: Search for rule granting certain action

    3 min read

    kubernetes role clusterrole rule lookup

    To be able to audit access permissions of users un a Kubernetes cluster we might be interested in searching for Roles or ClusterRoles that grants access to a certain object:

    27/02/2023

    Read more...
  • OpenShift: disabling the web console

    2 min read

    OpenShift web console disable openshift-console

    When running an OpenShift cluster we'll find that it exposes a web-based console that not only allows you to deploy applications, but also managing the cluster. However, since it is an additional way to access the cluster we might have some concerns about it, specially from the security perspective. Specifically, the console can be a potential attack vector to gain unauthorized access to the cluster. Let's see how to disable it.

    26/01/2023

    Read more...

More recent...

Older content...

Kubernetes:
container orchestration
kubernetes
Categories
tags related to this category
Argo Workflows CronWorkflow StatefulSet Workflow Kaniko WorkflowTemplate install kubernetes Pod security Pod Security Standards port-forward socat kubectl operator-sdk golang Pushgateway RBAC Rule troubleshooting APIRequestCount affinity topologySpreadConstraints Route ExternalSecret Secret jsonpath ServiceAccount Ingress k3s letsencrypt tcpdump ssh CRD additionalPrinterColumns Velero query PV Operator Role ClusterRole web-console operator oc-mirror Secrets Manager tekton context Policy enforcement Rules Project ConfigMap Environment ROSA IngressRoute redirect RDS psql kind API server S3 patch file apply selector minikube arm64 colima EKS-connector SecurityContextConstraint SecretStore scripting CRC credentials Deployment valueFrom setup helm StorageClass tagging EBS externalDNS ALB HPA plugin convert API version example custom command shipwright ECR imagePullSecrets ENI subnet krew blame cloud provider etcd availability zones CoreDNS backend state podAntiAffinity Composite images GKE activeDeadlineSeconds Job lifetime bestby IRSA label annotation PersistentVolume Volume fsGroup vpa cluster autoscaler Karpenter provider kubernetes_manifest fsGroupChangePolicy container escape spot instances termination handler persistentVolumeReclaimPolicy fieldPath upgrade privileged network NetworkPolicy bash ps longhorn ASCP QoD raspberry pi drain evict uncordon kubeconfig config view logs admission controller hook postStart preStop deprecations gp3 get-all taints securityGroup probe readinessProbe livenessProbe tolerations explain MutatingWebhook startupProbe RollingUpdate Recreate PDB emptyDir netstat ss autoscale Kubeconfig initContainers DNS tree DaemonSet stern tail LimitRange resource limits restartPolicy system-upgrade-controller rolling update history undo Volumes awsElasticBlockStore change-cause set image imperative hostAliases imagePullPolicy metrics-server Service overlay agent nodes declarative ELB HTTPS alpine package nodeSelector scheduler kubie api-versions events multiple containers SecretKeyRef ReplicaSet NodePort Pod restart rollout deployment nginx-contoller ValidatingWebhookConfiguration error recovery httpHeaders uid securityContext exec interactive LoadBalancer IAM scale replicas nodeName externalName namespace Cronjob multinode template yaml unused-volumes diff