• Kubernetes: Configuring Topology Spread Constraints to tune Pod scheduling

    2 min read

    kubernetes pod affinity Topology Spread Constraints

    Ensuring high availability and fault tolerance in a Kubernetes cluster is a complex task: One important feature that allows us to addresses this challenge is Topology Spread Constraints.

    10/07/2023

    Read more...

  • OpenShift 3.11 - custom default route certificate failing with certificate has expired or is not yet valid

    2 min read

    OpenShift Route certificate has expired or is not yet valid default router-certs

    After trying to set a custom default certificate for the OpenShift routes we might see how it's Pods starts crashing:

    $ kubectl get pods
NAME                          READY   STATUS             RESTARTS   AGE
router-10-rh8vf               1/1     Running            0          32m
router-10-f2dt2               0/1     CrashLoopBackOff   6          7m
router-10-m45b7               1/1     Running            0          31m

    Checking it's logs we'll get a quite misleading message:

    $ kubectl logs router-10-f2dt2 -n default
Error from server: Get https://some.openshift.cluster:10250/containerLogs/default/router-10-f2dt2/router: x509: certificate has expired or is not yet valid

    04/07/2023

    Read more...

  • Using Abbreviated Commits in Git

    1 min read

    git commit abbreviated

    To pin some code to a specific version we can use a commit ID instead of a tag but using such a long string might feel a tad cumbersome:

    $ git log
commit fb944d599d5487229463478928834cac20963f75 (HEAD -> main)
Author: Eric <some@thing.com>
Date:   Wed Jun 7 20:27:17 2023 +0100

    Fix exit with no error when cert violates lookahead (#2395)

(...)

    22/06/2023

    Read more...

  • ExternalSecret: Partially load a secret

    2 min read

    Kubernetes ExternalSecret

    Sometimes we might have a secret stored in the AWS Secrets Manager with multiple properties but we don't really need all the data stored in the secret. We can tell External Secrets Operator to use just a specific key instead of using the whole secret.

    13/06/2023

    Read more...

  • Add new line when printing data using jsonpath

    2 min read

    kubectl jsonpath output formatting new lines custom delimiters

    When we print values using jsonpath we'll get all the values in a single line (actually, it won't even bother adding the newline character at the end of the list):

    $ kubectl get ns -o jsonpath='{ .items[*].metadata.name }'
default dynamodb-operator ec2-operator iam-operator kube-node-lease kube-public kube-system local-path-storage testvault

    06/06/2023

    Read more...

More recent...

Older content...

From pet to cattle
Treat your kubernetes clusters like cattle, not pets
cloud
Pulumi history cluster autoscaler minikube k3s container images Terraform Pod probe deployment Secret EKS typescript Job Crossplane RBAC HPA ssh for_each operator-sdk AWS Policy enforcement golang diff template Ingress Helm provider Kubernetes context drain ArgoCD CDK multiarch github action Traefik HCL Volume Deployment EBS patch Service state krew PersistentVolume OpenShift Kaniko git GitHub Prometheus EC2 ALB datasource Workflow awscli Argo IRSA Kustomize Troubleshooting ExternalSecret spot instances Lambda Docker ASG troubleshooting Argo Workflows MacOS Environment Git