2 min read
When creating a new API resource using the operator-sdk we can use the namespaced flag to make it Namespaced:
$ operator-sdk create api --group group \
--version v1 \
--kind Example \
--resource \
--controller
Or in the cluster scope:
$ operator-sdk create api --group group \
--version v1 \
--kind Example \
--resource \
--controller \
--namespaced=false
Maybe because we forgot to add the flag or because we have changed our mind, we don't need delete the object to change the scope of it, let's see how.
05/04/2023
Read more...2 min read
Prometheus is an open-source systems monitoring and alerting toolkit that users a multi-dimensional data model with time series data identified by metric name and key/value pairs.
The Prometheus operator is a Kubernetes operator that simplifies the provision and management of Prometheus instances on Kubernetes. It provides easy management of Prometheus instances as native Kubernetes resources, and also includes a built-in service discovery mechanism to automatically discover and monitor Kubernetes services.
04/04/2023
Read more...3 min read
Secrets
contain sensitive data such as passwords, tokens, and certificates. They can be used by Kubernetes pods to authenticate with other systems. However, some of them might be optional so we'll want to be able to create the Pod without having to use some template engine to handle whether the secret is present or not.
06/03/2023
Read more...3 min read
To be able to audit access permissions of users un a Kubernetes cluster we might be interested in searching for Roles or ClusterRoles that grants access to a certain object:
27/02/2023
Read more...2 min read
When running an OpenShift cluster we'll find that it exposes a web-based console that not only allows you to deploy applications, but also managing the cluster. However, since it is an additional way to access the cluster we might have some concerns about it, specially from the security perspective. Specifically, the console can be a potential attack vector to gain unauthorized access to the cluster. Let's see how to disable it.
26/01/2023
Read more...