Suraj Deshmukh

Blog

containers, programming, golang, hacks, kubernetes, productivity, books

Learnings from 'Sapiens'

Sapiens: A Brief History of Humankind

Suraj Deshmukh

23-Minute Read

Sapiens

This is not a book review. Instead, this is a book recommendation. Please go ahead and buy this book. If you cannot afford to buy the book, please reach out to me. I will help you buy it⁕. This blog will give you a general idea of what this book is about. I will provide some background about the book and the author, followed by the notes from the book.

Suraj Deshmukh

4-Minute Read

Self Signed Certificates

The previous blog talked about generating self-signed certificates using a binary. It was a manual, cumbersome process where you had to generate the certificates using a tool, embed them into a Kubernetes Secret via Helm chart, and then use it. There is a better way of doing it! Which is what this blog will discuss.

Suraj Deshmukh

2-Minute Read

Systemd

If you have a script or a binary and want to run it as a Systemd service, keep following. This blog will show you how to take any such executable code and run it using Systemd. Sure, you can do similar stuff using Docker as well. Although there are certain downsides of using Docker (alone) for managing the daemons. Systemd is good at log management on the node over a Docker container. If a container fails, you may or may not have access to the logs. Systemd provides constructs in managing…

Suraj Deshmukh

5-Minute Read

Golang and Kubernetes

The client libraries that Kubernetes ships are meant to be imported, and you definitely don’t need this post explaining how to import them in your Golang based project. A simple go get ... should do the trick. But, what about the packages that are not meant to be imported? Or the ones that cannot be imported because of “technical reasons” ? Could you simply add them to your import statements in the .go file, and the go binary will do the right thing when you build the code?…

Mitigation of: Access Any Kubernetes Secret

A Validating Admission Webhook Server to deny anyone accessing forbidden Kubernetes Secrets!

Suraj Deshmukh

4-Minute Read

Config

In the previous blog, we discussed how any user without RBAC access to a Kubernetes secret can use a trick to access that secret. To mitigate that problem, we will use a validating admission webhook. But before looking at what sorcery this validating admission webhook server is, let us understand how Kubernetes handles the API requests.

Recent Posts

Categories

About

I am a Senior Software Engineer at Microsoft, working on various tooling around container technology like Docker, Kubernetes, etc.