• openssl: How to check that a certificate matches a private key

    2 min read

    If we try to install a certificate on a service but we install an incorrect private key, the service will fail, most likely, with some cryptic message. But, how do we make sure that a certificate has been generated using the correct private key? Checking the modulus of each one can help verifying this

    13/07/2021

    Read more...

  • Failed build model due to couldn't auto-discover subnets: unable to discover at least one subnet

    2 min read

    Using an ALB controller we might face the following error while creating Ingress objects:

    $ kubectl describe ingress pet2cattle -n pet2cattle
Name:             pet2cattle
Namespace:        pet2cattle
Address:          
Default backend:  default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
  Host                        Path  Backends
  ----                        ----  --------
  admin-site.pet2cattle.com  
                              /   ssl-redirect:use-annotation (<error: endpoints "ssl-redirect" not found>)
                              /   pet2cattle:http (10.103.202.36:9000)
Annotations:                  alb.ingress.kubernetes.io/actions.ssl-redirect:
                                {"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}
                              alb.ingress.kubernetes.io/group.name: pet2cattle
                              alb.ingress.kubernetes.io/listen-ports: [{"HTTP":80},{"HTTPS":443}]
                              alb.ingress.kubernetes.io/scheme: internal
                              alb.ingress.kubernetes.io/target-type: ip
                              kubernetes.io/ingress.class: alb
                              meta.helm.sh/release-name: pet2cattle
                              meta.helm.sh/release-namespace: pet2cattle

Events:
  Type     Reason            Age                 From     Message
  ----     ------            ----                ----     -------
  Warning  FailedBuildModel  16m (x19 over 38m)  ingress  Failed build model due to couldn't auto-discover subnets: unable to discover at least one subnet

    This message is telling us that the ALB controller is no able to find the subnets of the requested type. We will have to check the following:

    12/07/2021

    Read more...

  • CLI tool to retrieve CloudWatch logs

    1 min read

    Using the awslogs cli tool we can query groups, streams and events from Amazon CloudWatch logs. It also has a human-friendly format for time-filtering

    It's available as using pip so to install it we just need to run:

    pip install awslogs

    09/07/2021

    Read more...

  • Push to a remote branch that already exists locally

    2 min read

    In cas we need to have multiple remote repositories it's branches names are likely to clash. A clear example it the master branch. How can we switch between branches from remote repositories if they have the same name?

    08/07/2021

    Read more...

  • netstat and ss alternative to get the list of listening TCP ports

    4 min read

    On docker containers we might not have neither netstat nor ss installed, yet we can still get the list of listening TCP ports by looking at the /proc filesystem

    07/07/2021

    Read more...

More recent...

Older content...

From pet to cattle
Treat your kubernetes clusters like cattle, not pets
cloud
Prometheus OpenShift ArgoCD HPA provider deployment Argo Workflows Crossplane context krew probe operator-sdk spot instances git Docker patch ssh typescript template diff Ingress Argo Terraform Troubleshooting AWS state Workflow Policy enforcement github action RBAC Job EC2 Pod GitHub ASG Helm EKS Kustomize troubleshooting Secret Traefik for_each Service container images HCL Lambda MacOS history IRSA awscli ALB PersistentVolume Kubernetes Deployment datasource Volume k3s EBS minikube drain Environment CDK cluster autoscaler Kaniko ExternalSecret multiarch Git golang Pulumi