notes

Suraj Deshmukh's talks at conferences

List of all the talks presented by me

Suraj Deshmukh

1 minute read

Hardening Kubernetes by Securing Pods - Rootconf 2019 State of Kubernetes Meetups - DevOpsDays India 2017 Making Kubernetes Simple For Developers - Rootconf 2017 Taking docker-compose to Production - Gophercon 2017 Lightening talk Watch from 55m59s

Make static configs available for apiserver in minikube

Dealing with apiserver in minikube can be tricky

Suraj Deshmukh

3 minute read

If you want to provide extra flags to the kube-apiserver that runs inside minikube how do you do it? You can use the minikube’s –extra-config flag with apiserver.<apiserver flag>=<value>, for e.g. if you want to enable RBAC authorization mode you do it as follows: –extra-config=apiserver.authorization-mode=RBAC So this is a no brainer when doing it for flags whose value can be given right away, like the one above. But what if you want to provide value which is a file path.

Recreate Kubernetes CVE-2017-1002101

Subpath Volume Mount could give you access to node

Suraj Deshmukh

2 minute read

A volume mount CVE was discovered in Kubernetes 1.9 and older which allowed access to node file system using emptyDir volume mount using subpath. The official description goes as follows: In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host’s filesystem.

Old laptop setup reference

Links and things to do while setting up older Dell Inspiron 1525

Suraj Deshmukh

1 minute read

I have this old PC Dell Inspiron 1525 with 2GB RAM and 32 bit dual core processor and I wanted to install fedora on it, but I cam accross few problems which I am documenting for further reference. Wifi device not detected The wifi drivers are not loaded by default, so followed this blog, basically do following: export FIRMWARE_INSTALL_DIR="/lib/firmware" wget http://mirror2.openwrt.org/sources/broadcom-wl-5.100.138.tar.bz2 tar xjf broadcom-wl-5.100.138.tar.bz2 cd broadcom-wl-5.100.138/linux/ sudo b43-fwcutter -w /lib/firmware wl_apsta.

HTTPS during development using 'mkcert'

Use https even during your development

Suraj Deshmukh

2 minute read

It’s always a hassle creating certificates and lot of technical jargons involved. This can be simplified, using mkcert. Install by following one of the steps mentioned in the docs. Once installed just run: $ mkcert -install Created a new local CA at "/home/hummer/.local/share/mkcert" 💥 [sudo] password for hummer: The local CA is now installed in the system trust store! ⚡ The local CA is now installed in the Firefox and/or Chrome/Chromium trust store (requires browser restart)!

vscode Shortcuts

Shortcuts for vscode and some notes

Suraj Deshmukh

3 minute read

This post has shortcuts that are generic and golang specific as well. This post will edited from time to time. Shortcuts Toggle side bar Ctrl + B Project explorer in side bar Ctrl + Shift + E Project wide search in side bar Ctrl + Shift + F Source control in side bar Ctrl + Shift + G Copy entire line Ctrl + C (without any selection)

Static Pods using Kubelet on Fedora

Extension to the Kelsey Hightower's tutorial on 'Standalone Kubelet'

Suraj Deshmukh

2 minute read

I wanted to try out Standalone Kubelet Tutorial of Kelsey Hightower by myself but I could not follow it as it is, because it was firstly on GCE and secondly it uses CoreOS, but since I am very familiar to Fedora I thought of following that tutorial on it. To get a quick setup of a fresh Fedora machine use Vagrant. I have used Vagrantfile available here. This blog is only replacement of section Install the Standalone Kubelet in tutorial.

Clean Node setup

This will help in intalling node without sudo

Suraj Deshmukh

1 minute read

Make sure you have npm installed. $ sudo dnf -y install npm Package npm-1:3.10.10-1.6.10.3.1.fc25.x86_64 is already installed, skipping. Dependencies resolved. Nothing to do. Complete! Taken from this post. mkdir "${HOME}/.npm-packages" echo ‘prefix=${HOME}/.npm-packages’ | tee -a ~/.npmrc echo ‘ #====================================== # npm related stuff NPM_PACKAGES="${HOME}/.npm-packages" PATH="$NPM_PACKAGES/bin:$PATH" # Unset manpath so we can inherit from /etc/manpath via the manpath command unset MANPATH # delete if you already modified MANPATH elsewhere in your config export MANPATH="$NPM_PACKAGES/share/man:$(manpath)" #====================================== ‘ | tee -a ~/.

Quick PV for local Kubernetes cluster

A hostPath based local PV creation process for using via PVC

Suraj Deshmukh

1 minute read

I do lot of Kubernetes related work either on minikube or local OpenShift cluster setup in a VM. Often I need to create a PersistentVolumeClaim a.k.a. pvc. But to use pvc you have to have a PersistentVolume or pv defined. Enter into the machine running k8s If using minikube you can do minikube ssh Create a local directory for storage mkdir /tmp/pv0001 chmod 777 /tmp/pv0001 If you are on a machine that has SELinux enabled do the following

k8s on CRI-O - single node

How to make kubernetes use CRI-O as container runtime

Suraj Deshmukh

2 minute read

Here is a single node Kubernetes on CRI-O. This setup is done on Fedora 25. Installing OS dependencies dnf -y install \ go \ git \ btrfs-progs-devel \ device-mapper-devel \ glib2-devel \ glibc-devel \ glibc-static \ gpgme-devel \ libassuan-devel \ libgpg-error-devel \ libseccomp-devel \ libselinux-devel \ pkgconfig \ wget \ etcd \ iptables Creating go environment cd ~ mkdir -p ~/go export GOPATH=~/go export GOBIN=$GOPATH/bin export PATH=$PATH:$GOBIN echo ‘GOPATH=~/go’ >> ~/.