Suraj Deshmukh's talks at conferences

List of all the talks presented by me

Suraj Deshmukh

1 minute read

State of Kubernetes Meetups - DevOpsDays India 2017 Making Kubernetes Simple For Developers - Rootconf 2017 Taking docker-compose to Production - Gophercon 2017 Lightening talk Watch from 55m59s

Kubernetes Bangalore March 2019 Event Report

Event Report for Kubernetes Bangalore Meetup

Suraj Deshmukh

1 minute read

The Kubernetes Bangalore Meetup was organized at Arvind Internet on Feb 16th 2019. The agenda for the meetup was to teach Kubernetes to the beginners. Meetup agenda can be found here. The moments from Meetup: We go online in sometime here https://t.co/FkwgOx0Tm4 — Kubernetes Bangalore (@k8sBLR) March 16, 2019 .@pmishra1598 kick started the Meetup by explaining what #Kubernetes is! Currently clarifying what a pod is. pic.twitter.com/Ny7bN9c62x — Kubernetes Bangalore (@k8sBLR) March 16, 2019 Huge turnout at today's meetup it's on 🔥🔥 pic.

Make static configs available for apiserver in minikube

Dealing with apiserver in minikube can be tricky

Suraj Deshmukh

3 minute read

If you want to provide extra flags to the kube-apiserver that runs inside minikube how do you do it? You can use the minikube’s –extra-config flag with apiserver.<apiserver flag>=<value>, for e.g. if you want to enable RBAC authorization mode you do it as follows: –extra-config=apiserver.authorization-mode=RBAC So this is a no brainer when doing it for flags whose value can be given right away, like the one above. But what if you want to provide value which is a file path.

Recreate Kubernetes CVE-2017-1002101

Subpath Volume Mount could give you access to node

Suraj Deshmukh

2 minute read

A volume mount CVE was discovered in Kubernetes 1.9 and older which allowed access to node file system using emptyDir volume mount using subpath. The official description goes as follows: In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host’s filesystem.

Cobra and Persistentflags gotchas

How wrong usage of persistent flags can burn you

Suraj Deshmukh

3 minute read

If you are using cobra cmd line library for golang applications and it’s PersistentFlags and if you have a use case where you are adding same kind of flag in multiple places. You might burn your fingers in that case, if you keep adding it in multiple sub-commands without giving it a second thought. To understand what is really happening and why it is happening follow along. All the code referenced here can be found here https://github.

Old laptop setup reference

Links and things to do while setting up older Dell Inspiron 1525

Suraj Deshmukh

1 minute read

I have this old PC Dell Inspiron 1525 with 2GB RAM and 32 bit dual core processor and I wanted to install fedora on it, but I cam accross few problems which I am documenting for further reference. Wifi device not detected The wifi drivers are not loaded by default, so followed this blog, basically do following: export FIRMWARE_INSTALL_DIR="/lib/firmware" wget http://mirror2.openwrt.org/sources/broadcom-wl-5.100.138.tar.bz2 tar xjf broadcom-wl-5.100.138.tar.bz2 cd broadcom-wl-5.100.138/linux/ sudo b43-fwcutter -w /lib/firmware wl_apsta.

Add new Node to k8s cluster with Bootstrap token

Use this technique to add new node to the cluster without providing any certificates and without having to restart the kube-apiserver

Suraj Deshmukh

4 minute read

Few days back I wrote a blog about adding new node to the cluster using the static token file. The problem with that approach is that you need to restart kube-apiserver providing it the path to the token file. Here we will see how to use the bootstrap token, which is very dynamic in nature and can be controlled by using Kubernetes resources like secrets. So if you are following Kubernetes the Hard Way to set up the cluster here are the changes you should do to adapt it to run with bootstrap token.

PodSecurityPolicy on existing Kubernetes clusters

Burnt by enabling PSPs on existing Kubernetes and wondering why everything still works

Suraj Deshmukh

2 minute read

I enabled PodSecurityPolicy on a minikube cluster by appending PodSecurityPolicy to the apiserver flag in minikube like this: –extra-config=apiserver.enable-admission-plugins=Initializers,NamespaceLifecycle,\ LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,\ NodeRestriction,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,\ ResourceQuota,PodSecurityPolicy Ideally when you have PSP enabled and if you don’t define any PSP and authorize it with right RBAC no pod will start in the cluster. But what I saw was that there were some pods still running in kube-system namespace. $ kubectl -n kube-system get pods NAME READY STATUS RESTARTS AGE coredns-576cbf47c7-g2t8v 11 Running 4 5d11h etcd-minikube 11 Running 2 5d11h heapster-bn5xp 11 Running 2 5d11h influxdb-grafana-qzpv4 22 Running 4 5d11h kube-addon-manager-minikube 11 Running 2 5d11h kube-controller-manager-minikube 11 Running 1 4d20h kube-scheduler-minikube 11 Running 2 5d11h kubernetes-dashboard-5bb6f7c8c6-9d564 11 Running 8 5d11h storage-provisioner 11 Running 7 5d11h Which got me thinking what is wrong with the way PSPs work.

Road to CKA

My experience with CKA exam preparation

Suraj Deshmukh

4 minute read

I passed CKA exam with 92% marks on 19th October 2018. A lot of folks are curious about how to prepare and what resources to follow. Here is my list of things to do and list of resources that might help you on successful CKA exam. The duration of exam is three hours, which is enough time if you do good practice. The exam is pretty straight forward and tests your Kubernetes hands-on knowledge, so whatever you read please try to do it on a real cluster.

How to disable your Chrome Ctrl + W keybinding

Learn how to disable the shortcut Ctrl + W altogether on your GNOME

Suraj Deshmukh

2 minute read

I am about to attempt the CKA exam and it has a browser based terminal. And I am used to this terminal shortcut Ctrl + W which deletes a word. But the same shortcut in browser can close a tab. Since this exam is combination of both I am afraid I might close my exam tab while deleting a word in terminal. Now the only solution to this is disabling the shortcut in chrome.