Posts

This blog is a recap of my old blog “Add new node to Kubernetes cluster with bootstrap token”. Like the aforementioned blog, we will look at how to enable TLS bootstrapping on an existing Kubernetes cluster at control plane level and add a new node (or modify existing ones) to the cluster using bootstrap tokens. At the end of this blog, you will learn what specific steps to take to enable TLS bootstrapping on any custom-built Kubernetes cluster. ...

This blog shows a simple set of commands to install a Kubernetes cluster on Flatcar Container Linux based machines using Kubeadm. You might wonder why this blog when one can go to the official documentation and follow the steps? Yep, you are right. You can choose to do that. But this blog has a collection of actions specific to Flatcar Container Linux. These steps have been tried and tested on Flatcar, so you don’t need to recreate and test them yourself. There are some nuances related to the read-only partitions of Flatcar, and this blog takes care of them at the control plane level and the CNI level both. ...

If you use exec in your container script, then the container or Kubernetes pod might exit after the command that is exec-ed into has exited. But if that’s what you wanted, then it’s okay. This blog tries to explain how to pass the signals to the applications, how they work differently when invoked uniquely and what to do if the application does handle them. What are the “Signals”? Signals are messages one process can send to another process, mostly used in UNIX like operating systems. ...

There are various ways to know about the release of your favourite new software, follow the mailing list, check the Github release page periodically, follow the project’s Twitter handle, etc. But do you know there is even more reliable way to track the releases of your favourite software released on Github. Github Releases and RSS feeds For every repository on Github, if the project is posting their releases, you can follow the RSS feed of that project’s release. The RSS feed link for any project’s release is: ...

PodSecurityPolicy (PSP) is hard to get right in the first attempt. There has never been a situation when I haven’t banged my head to get it working on the cluster. It is a frustrating experience, but it is one of the essential security features of Kubernetes. Some applications have started shipping the PSP configs with their helm charts, but if a helm chart does not ship a PSP config, it must be handcrafted by the cluster-admin to make the application work reliably in the cluster. ...

I use Fedora Linux as my primary desktop OS. Every time there is a fresh install, I find myself confounded on how to partition the OS. So I thought I might as well make a permanent note of how I do it so that I always have a place to come back to. Partitioning Scheme This is how I partition my Fedora during installation: Partition Mounted On Size Encrypted Filesystem Boot /boot 512M No ext4 Boot EFI /boot/efi 200M No vfat Swap - 1.5 times the RAM Yes swap Home /home 265G Yes ext4 Root / 211G No ext4 Encryption Note that Swap and Home partitions have to be encrypted. Swap extends the RAM and can have a sensitive copy of RAM data like passwords, keys, etc. Hence always ensure to encrypt the Swap partition. Home partition is equally essential to be encrypted because this is where your data will live. Things like configuration, SSH keys, GPG keys, API keys are all stored in the home in various directories. So it is of utmost importance that you encrypt these two directories. ...

Introduction How to Take Smart Notes: One Simple Technique to Boost Writing, Learning and Thinking – for Students, Academics and Nonfiction Book Writers by Sönke Ahrens is a small (171 pages) non-fiction genre book. The book is a manual explaining Zettlekasten method designed by Niklas Luhmann. Sönke has used straightforward and simple English to explain the concepts. For anyone who is a knowledge curator or wishes to publish non-fictional content in any form (text, video or audio), this book is a must-read. I came across this book when I was watching a video by Ali Abdaal named “How I Remember Everything I Read”. Here he explains various levels of note-taking, how this book has influenced his note-taking capabilities and the foremost reason for making the video. I saw the book wasn’t that huge, I bought it and started reading immediately. ...

Introduction The book “Algorithms to Live by — The Computer Science of Human Decisions” is written by “Brian Christian and Tom Griffiths”. It fits into the genre non-fiction, psychology and computer science. The book is written lucidly. If you have a background in computer science, then this book is easy to follow. The book creates analogies of computer science algorithms with real-life situations. I felt that some metaphors sound good in reading than their application, so if you plan on applying the things explained in the book directly to your life, they might not work. Because real-life has a lot of constraints that can be simplified in a computer algorithm to solve a problem, so the algorithms don’t apply vis-à-vis. ...

Have you ever had a sidecar in your Kubernetes Job? If no, then trust me that you are lucky. If yes, then you will have the frustration of your life. The thing is Kubernetes Jobs are meant to exit on completion. But if you have a long-running sidecar, then that might twist things for Kubernetes and in turn of you. Why would you even want a sidecar for Job? Well, one of the most prevalent use case is when using service mesh proxy. There could be something else as well like metrics endpoint, log collection or whatever. Given the complexity and heterogeneity of the workloads, there could be any kind of use case that involves having sidecar for a Job pod. ...

We generally use some sort of scripts in application container images. They serve various purposes. Some scripts might do an initial setup before the application starts, others may have the whole logic of the container image, etc. Whatever the goal may be the general pattern is to copy the script into the container image, build the image and then the script is available when you consume the image. Cons of the Traditional Method The round trip time during development and testing of such script is very long. You make some change to the script, you need to build the image, push it and then it is downloaded again. On an average for every change adds a couple of minutes to your feedback loop. Bash scripts are generally precarious in nature. You have to hammer it down, consider edge cases and thereby make it robust. This, of course, takes a lot of iterations. And with iterations comes the added time. So the question is, how do we reduce this feedback loop? ...