• Kubernetes provider for terraform: kubernetes_manifest

    2 min read

    Since version 2.8.0 of the Kubernetes provider for terraform, the kubernetes_manifest resource is no longer considered experimental. With this resource we can push any kind of Kubernetes objects using terrraform that doesn't have a specific resource for it:

    resource "kubernetes_manifest" "example_km" {
  manifest = yamldecode(<<-EOF
    apiVersion: v1
    kind: Namespace
    metadata:
      name: example-ns
      annotations:
        test: example
    EOF
  )
}

    11/02/2022

    Read more...

  • How to build a multi architecture container using rootless nerdctl

    3 min read

    nerdctl rootless buildkit

    One of the great things about using nerdctl is that it does not try to include everything you might need. This means that if you try to build a container using nerdctl you'll realize you still need to install the buildkit (unless you have installed the "nerdctl-full" version)

    Moreover it's something you don't actually need to have installed locally:

    $ nerdctl build --help | grep buildkit
Build an image from a Dockerfile. Needs buildkitd to be running.
      --buildkit-host string     BuildKit address [$BUILDKIT_HOST] (default "unix:///run/user/1000/buildkit/buildkitd.sock")

    09/02/2022

    Read more...

  • Running rootless containers with nerdctl

    6 min read

    nerdctl rootless containers docker

    It's no secret that docker comes stuffed with many options that many of us don't need. This is why on servers we can find containerd instead of a fully featured docker. Despite that, the real deal breaker is that whatever we are running, we are going to do it with root privileges. We can check this by running the following container:

    $ docker run -v /etc:/itc -it --rm alpine sleep 24

    And then looking for the process on the host

    $ ps auxf

root        1307  0.0  0.1 2084820 46676 ?       Ssl  11:36   0:04 /usr/bin/containerd
root       66978  0.0  0.0 709860  6120 ?        Sl   05:12   0:00  \_ containerd-shim -namespace moby -workdir /var/lib/containerd/io.containerd.runtime.v1.linux/moby/50cf9789d0e68949d1cf79462956bde98b46a4616e8
b81977d8c89d2af9c34e7 -address /run/containerd/containerd.sock -containerd-binary /usr/bin/containerd -runtime-root /var/run/docker/runtime-runc
root       66996  2.0  0.0   1588     4 pts/0    Ss+  05:12   0:00      \_ sleep 24

    Is it possible to run rootless containers? Is there an alternative to docker?

    08/02/2022

    Read more...

  • Extend a Linux file system (XFS) on an NVMe EBS volumes

    2 min read

    If we are using a NVMe EBS volumes, even though on the AWS Console we will see it as something like /dev/xvdait won't be visible on the Linux system using this name: We will have to look for /dev/nvme devices

    07/02/2022

    Read more...

  • Moving terraform resources from the state file as code

    2 min read

    Terraform moved

    Certain operations can cause terraform to try to delete an recreate a resource when we are just trying to move it around within the state, for example renaming a resource

    02/02/2022

    Read more...

More recent...

Older content...

From pet to cattle
Treat your kubernetes clusters like cattle, not pets
cloud
Environment ArgoCD Traefik Lambda Kubernetes Git Job context RBAC Terraform Argo Workflows provider k3s Secret HPA PersistentVolume minikube deployment Pulumi Troubleshooting Kaniko operator-sdk drain multiarch Docker ExternalSecret diff Volume Helm Policy enforcement datasource Service Workflow git EC2 github action typescript Prometheus krew state patch OpenShift HCL for_each troubleshooting awscli Ingress probe Argo template EBS CDK GitHub Deployment ssh Pod MacOS ASG ALB container images IRSA Kustomize EKS history AWS Crossplane spot instances golang cluster autoscaler