Suraj Deshmukh's talks at conferences

Confidential Containers 101: A Hands-on Workshop - Kubecon North America 2024 Fortifying AI Security in Kubernetes with Confidential Containers (CoCo) - Kubecon Europe 2024 Memory Armor for SPIRE: Fortifying SPIRE with Confidential Containers (CoCo) - Kubecon Europe 2024 Misfits - Feat. ContainerSSH and Confidential Containers (You Choose!, Ch. 3, Ep. 10) Confidential Containers: The Next Frontier in Cloud-NativeSecurity - Cloud Native Rejekts 2023 Building Container Defences Executable at a Time - KCD Bangalore 2022 PSP and Beyond - Kubernetes Bangalore Meetup June 2021 Hardening Kubernetes by Securing Pods - Rootconf 2019 State of Kubernetes Meetups - DevOpsDays India 2017 Making Kubernetes Simple For Developers - Rootconf 2017 Taking docker-compose to Production - Gophercon 2017 Lightening talk

March 30, 2024 ยท 1 min ยท Suraj Deshmukh
Bootstrap token

Enable TLS bootstrapping in a Kubernetes cluster

This blog is a recap of my old blog โ€œAdd new node to Kubernetes cluster with bootstrap tokenโ€. Like the aforementioned blog, we will look at how to enable TLS bootstrapping on an existing Kubernetes cluster at control plane level and add a new node (or modify existing ones) to the cluster using bootstrap tokens. At the end of this blog, you will learn what specific steps to take to enable TLS bootstrapping on any custom-built Kubernetes cluster. ...

February 6, 2021 ยท 5 min ยท Suraj Deshmukh

How to gracefully kill Kubernetes Jobs with a sidecar?

Have you ever had a sidecar in your Kubernetes Job? If no, then trust me that you are lucky. If yes, then you will have the frustration of your life. The thing is Kubernetes Jobs are meant to exit on completion. But if you have a long-running sidecar, then that might twist things for Kubernetes and in turn of you. Why would you even want a sidecar for Job? Well, one of the most prevalent use case is when using service mesh proxy. There could be something else as well like metrics endpoint, log collection or whatever. Given the complexity and heterogeneity of the workloads, there could be any kind of use case that involves having sidecar for a Job pod. ...

August 29, 2020 ยท 6 min ยท Suraj Deshmukh

Use Configmap for Scripts

We generally use some sort of scripts in application container images. They serve various purposes. Some scripts might do an initial setup before the application starts, others may have the whole logic of the container image, etc. Whatever the goal may be the general pattern is to copy the script into the container image, build the image and then the script is available when you consume the image. Cons of the Traditional Method The round trip time during development and testing of such script is very long. You make some change to the script, you need to build the image, push it and then it is downloaded again. On an average for every change adds a couple of minutes to your feedback loop. Bash scripts are generally precarious in nature. You have to hammer it down, consider edge cases and thereby make it robust. This, of course, takes a lot of iterations. And with iterations comes the added time. So the question is, how do we reduce this feedback loop? ...

August 22, 2020 ยท 6 min ยท Suraj Deshmukh

Being Productive with Git

Contents Introduction Bash Aliases Configuration Installation Global Git Configuration Configuration Installation Repository Specific Git Settings Configuration Installation Bash Git Prompt Configuration Installation Git Push PR Reviews Configuration Installation Demo Conclusion Introduction Git is a day to day tool for version control. It has become a de facto method of source code versioning, it has become ubiquitous with development and its an essential skill for a programmer. I use it all the time. ...

August 16, 2020 ยท 5 min ยท Suraj Deshmukh

Being Productive with Kubectl

This blog will showcase my productivity tips with kubectl . This does not venture into any plugins per se. But only using bash aliases to achieve it. Bash Aliases # k8s alias alias k=kubectl alias kg="kubectl get" alias kgp="kubectl get pods" alias kgs="kubectl get services" alias kge="kubectl get events" alias kgpvc="kubectl get pvc" alias kgpv="kubectl get pv" alias kd="kubectl describe" alias kl="kubectl logs -f" alias kc="kubectl create -f" I have above aliases setup in the ~/.bashrc file. The beauty of the aliases is that you can append more flags and parameters to the existing smaller alias. For, e.g. I have an alias for kubectl get pods as kgp, but if I want to get pods from all the namespaces, I use kgp -A. ...

August 2, 2020 ยท 3 min ยท Suraj Deshmukh

How to backup and restore Prometheus?

This blog will show you how to take a backup from a running Prometheus and restore it in some other Prometheus instance. You might ask why would you even want to do something like that? Well, sometimes you want the Prometheus metrics because they were collected for some particular purpose and you want to do some analysis later. Prerequisites/Assumptions This blog assumes that you have a Prometheus running that is deployed using prometheus-operator in monitoring namespace. But even if you have deployed it in some other way modify the commands in few places. ...

July 31, 2020 ยท 2 min ยท Suraj Deshmukh