-
fsGroupChangePolicy for Kubernetes Volumes
2 min read
When running a pod as a non-root user, you must specify a fsGroup in the securityContext section so that the volume can be readable and writable by the Pod.
01/02/2022
Read more... -
Is it possible to escape from a container on Kubernetes?
3 min read
You might find some documents explaining containers (this applies to docker and Kubernetes as well) as chroot jails on steroids. One might end up thinking it might be as easy to escape from a root container as it is from a root chroot. But that's not true because it's just an analogy.
28/01/2022
Read more... -
How helm values are stored on Kubernetes
2 min read
If we want to get the values we have set for a particular helm chart we can use the helm get values command. Where are these values stored?
27/01/2022
Read more... -
Packer templates: Add more verbosity to shell provisioners
2 min read
If we use shell scripts as provisioners with packer errors can be confusing:
==> amazon-ebs: Terminating the source AWS instance... ==> amazon-ebs: Cleaning up any extra volumes... ==> amazon-ebs: No volumes to clean up, skipping ==> amazon-ebs: Deleting temporary security group... ==> amazon-ebs: Deleting temporary keypair... Build 'amazon-ebs' errored: Error removing temporary script at /tmp/script_9722.sh! ==> Some builds didn't complete successfully and had errors: --> amazon-ebs: Error removing temporary script at /tmp/script_9722.sh! ==> Builds finished but no artifacts were created.We can tell there is an error, but it's hard to tell what's going on
26/01/2022
Read more... -
Terraform apply without updating modified resources
2 min read
When we are deploying infrastructure using terraform we need to understand that we should not be modifying what we have deployed, otherwise terraform will undo these changes if we apply it again. This is actually a good thing to make sure the code reflex the state of the infrastructure but sometimes can be a pain
24/01/2022
Read more...