-
Kubernetes: Generate a CRD definition from an object
2 min read
Let's face it, manually define a openAPIV3Schema definition is no easy task, so why not automating it? We can use this online CRD generator to be able to create it's definition from one sample object
21/11/2022
Read more... -
Exclude certain namespaces from a OPA gatekeeper rule
2 min read
While some policies can be safely applied to all the namespaces of a cluster, some other can become problematic since they can interfere with the normal operations of certain controllers. When we create a constrain rule we can exclude some namespaces using the spec.match.excludedNamespaces attribute
18/11/2022
Read more... -
Patch an existing manifest to delete an object using Kustomize
2 min read
Sometimes we'll need to delete a specific resource from an existing manifest. It can be as simple as moving the resource around, but if we do not control the source manifest it might not be an option: In this scenario we can delete the resource using a patch
17/11/2022
Read more... -
Kubernetes: Configure privilege escalation using the escalate and bind verbs
2 min read
The RBAC API prevents privilege escalation at the API level when creating or updating ClusterRole, ClusterRoleBinding, Role and RoleBinding. However, we can configure it to allow privilege escalation using the escalate and bind verbs.
15/11/2022
Read more... -
Container with alpine failing to execute a file with not found
3 min read
While building a container using alpine as a base image we can get a not found error while trying to execute a file that doesn't make much sense:
$ docker run -it test /usr/local/bin/example-app exec /usr/local/bin/example-app: no such file or directory14/11/2022
Read more...