Certified Kubernetes Security Specialist CKS exam tips
Things to keep in mind to clear exam effortlessly.
containers, programming, golang, hacks, kubernetes, productivity, books
Things to keep in mind to clear exam effortlessly.
A simple Helm chart to generate TLS x509 certificates.
The previous blog talked about generating self-signed certificates using a binary. It was a manual, cumbersome process where you had to generate the certificates using a tool, embed them into a Kubernetes Secret via Helm chart, and then use it. There is a better way of doing it! Which is what this blog will discuss.
The client libraries that Kubernetes ships are meant to be imported, and you definitely don’t need this post explaining how to import them in your Golang based project. A simple go get ...
should do the trick. But, what about the packages that are not meant to be imported? Or the ones that cannot be imported because of “technical reasons” ? Could you simply add them to your import statements in the .go
file, and the go
binary will do the right thing when you build the code?…
A simple binary to generate TLS x509 certificates.
UPDATE: There is a way to generate these certificates automatically. To find out how, read this post.
A Validating Admission Webhook Server to deny anyone accessing forbidden Kubernetes Secrets!
In the previous blog, we discussed how any user without RBAC access to a Kubernetes secret can use a trick to access that secret. To mitigate that problem, we will use a validating admission webhook. But before looking at what sorcery this validating admission webhook server is, let us understand how Kubernetes handles the API requests.
A little trickery and access any Kubernetes Secret!
Photo by Kyle Glenn on Unsplash.
Get a fine grained view of the happenings on your system!
How do you monitor your own computer? Of course, using Prometheus, node-exporter and Grafana. You might ask why would you wanna do that when you can simply use the operating system provided, “System Monitor”. Well, yes, you can use that. But the data you get from the OS System Monitor is coarse-grained. OS system monitor is not configurable, but this stack is.
The first step in your CKA preparation!
If you are studying for the Certified Kubernetes Administrator (CKA) exam, you might have come across folks recommending Kelsey Hightower’s Kubernetes the Hard Way. It is an excellent first step for someone who has no idea about the components that form a Kubernetes cluster. As the name suggests, it is created so that you learn the Kubernetes building blocks the “hard way”.
Add a new node using a bootstrap token to Kubernetes
Photo by Jordan Harrison from Unsplash.
Simple steps to install the cluster based on Flatcar Container Linux