containers, programming, golang, hacks, kubernetes, productivity, books
A sidecar in a Kubernetes Job, what? Yeah you might need one and here is how to shut it.
Have you ever had a sidecar in your Kubernetes Job? If no, then trust me that you are lucky. If yes, then you will have the frustration of your life. The thing is Kubernetes Jobs are meant to exit on completion. But if you have a long-running sidecar, then that might twist things for Kubernetes and in turn of you.
A new way to ship scripts to container images.
We generally use some sort of scripts in application container images. They serve various purposes. Some scripts might do an initial setup before the application starts, others may have the whole logic of the container image, etc. Whatever the goal may be the general pattern is to copy the script into the container image, build the image and then the script is available when you consume the image.
Tips and tricks to make your day to day usage easier
This blog will showcase my productivity tips with kubectl . This does not venture into any plugins per se. But only using bash aliases to achieve it.
Backing up Prometheus??!!
This blog will show you how to take a backup from a running Prometheus and restore it in some other Prometheus instance. You might ask why would you even want to do something like that? Well, sometimes you want the Prometheus metrics because they were collected for some particular purpose and you want to do some analysis later.
How to watch the traffic of a container or a pod without execing into the pod/contaienr?
For the reasons of security, many container deployments nowadays run their workloads in a scratch based image. This form of implementation helps reduce the attack surface since there is no shell to gain access to, especially if someone were to break out of the application.
This post shows how you can enable seccomp on all the Pods that are deployed with Prometheus Operator
Seccomp helps us limit the system calls the process inside container can make. And PodSecurityPolicy is the way to enable it on pods in Kubernetes.
List of all the talks presented by me
Watch from 55m59s
Event Report for Kubernetes Bangalore Meetup
The Kubernetes Bangalore Meetup was organized at Arvind Internet on Feb 16th 2019. The agenda for the meetup was to teach Kubernetes to the beginners.
Dealing with apiserver in minikube can be tricky
If you want to provide extra flags to the kube-apiserver that runs inside minikube how do you do it? You can use the minikube’s --extra-config flag with apiserver.<apiserver flag>=<value>, for e.g. if you want to enable RBAC authorization mode you do it as follows:
Subpath Volume Mount could give you access to node
A volume mount CVE was discovered in Kubernetes 1.9 and older which allowed access to node file system using emptyDir volume mount using subpath. The official description goes as follows:
I am a Senior Software Engineer at Microsoft, working on various tooling around container technology like Docker, Kubernetes, etc.