• Kubernetes: Configuring Topology Spread Constraints to tune Pod scheduling

    2 min read

    kubernetes pod affinity Topology Spread Constraints

    Ensuring high availability and fault tolerance in a Kubernetes cluster is a complex task: One important feature that allows us to addresses this challenge is Topology Spread Constraints.

    10/07/2023

    Read more...

  • OpenShift 3.11 - custom default route certificate failing with certificate has expired or is not yet valid

    2 min read

    OpenShift Route certificate has expired or is not yet valid default router-certs

    After trying to set a custom default certificate for the OpenShift routes we might see how it's Pods starts crashing:

    $ kubectl get pods
NAME                          READY   STATUS             RESTARTS   AGE
router-10-rh8vf               1/1     Running            0          32m
router-10-f2dt2               0/1     CrashLoopBackOff   6          7m
router-10-m45b7               1/1     Running            0          31m

    Checking it's logs we'll get a quite misleading message:

    $ kubectl logs router-10-f2dt2 -n default
Error from server: Get https://some.openshift.cluster:10250/containerLogs/default/router-10-f2dt2/router: x509: certificate has expired or is not yet valid

    04/07/2023

    Read more...

  • Using Abbreviated Commits in Git

    1 min read

    git commit abbreviated

    To pin some code to a specific version we can use a commit ID instead of a tag but using such a long string might feel a tad cumbersome:

    $ git log
commit fb944d599d5487229463478928834cac20963f75 (HEAD -> main)
Author: Eric <some@thing.com>
Date:   Wed Jun 7 20:27:17 2023 +0100

    Fix exit with no error when cert violates lookahead (#2395)

(...)

    22/06/2023

    Read more...

  • ExternalSecret: Partially load a secret

    2 min read

    Kubernetes ExternalSecret

    Sometimes we might have a secret stored in the AWS Secrets Manager with multiple properties but we don't really need all the data stored in the secret. We can tell External Secrets Operator to use just a specific key instead of using the whole secret.

    13/06/2023

    Read more...

  • Add new line when printing data using jsonpath

    2 min read

    kubectl jsonpath output formatting new lines custom delimiters

    When we print values using jsonpath we'll get all the values in a single line (actually, it won't even bother adding the newline character at the end of the list):

    $ kubectl get ns -o jsonpath='{ .items[*].metadata.name }'
default dynamodb-operator ec2-operator iam-operator kube-node-lease kube-public kube-system local-path-storage testvault

    06/06/2023

    Read more...

More recent...

Older content...

From pet to cattle
Treat your kubernetes clusters like cattle, not pets
cloud
MacOS Docker Crossplane github action Git Lambda Workflow Kubernetes Pod operator-sdk provider awscli Terraform Environment template ALB Policy enforcement Deployment ssh minikube Argo ExternalSecret RBAC EC2 golang for_each GitHub CDK ASG typescript history git Kustomize troubleshooting multiarch HPA drain patch state deployment Job EBS context container images probe diff spot instances cluster autoscaler PersistentVolume Kaniko AWS Troubleshooting Ingress Prometheus HCL ArgoCD OpenShift k3s IRSA Service Argo Workflows Pulumi datasource krew Traefik Volume Helm Secret EKS