-
How To Renew Certificates in Kubernetes Clusters, Revisited
There is a lot of TLS certificates used by the core of a Kubernetes cluster and a popular one is the client-server pair used by kubectl to authenticate to the cluster control plane. In my previous notes on how to renew certificates in a Kubernetes cluster with kubeadm, I found that the steps are quite […]
-
Home Battery, Worth Buying?
During the lockdown days in 2020, I got A Tesla Powerwall 2 + Backup Gateway 2 combo installed by Natural Solar. The total cost was A$14,000. “Is it worth buying?” or “Would it pay for itself?” those were the question I got asked a lot. With a full year’s data from 2021, I think I […]
-
Blog Deployed With Jsonnet, Grafana Tanka and ArgoCD
It’s been a year since I did the ‘Hello World’ with Jsonnet and Tanka, then I made a simple side-loader container to install Tanka as a plugin to ArgoCD and finally deployed an httpbin container with ArgoCD + Tanka + Jsonnet. However since Jsonnet wasn’t used in my work, those things were shelved afterwards. Recently […]
-
Easy Kubernetes Secret Integration with ExternalSecrets
In a Kubernetes cluster, A Kubernetes Secret is a resource type to hold sensitive data for the apps to use, such as an API key or database password. Secrets are namespaced so if I have RBAC access to a namespace, I can pretty much see all the secrets there, as the secrets are only base64 […]
-
Install Fedora 36 on Dell XPS 13 9380
I happened to have acquired a used Dell XPS 13 9380, which is a nice little ultrabook with Intel 8th gen i7 CPU, 16GB memory(not upgrade-able), 512GB nvme SSD and a beautiful 13″ 4k screen. It has Windows 10 installed. Of course I have no intention to continue to use the stock Windows 10. At […]
-
Better Resilience for Kubernetes Pods
I happened to notice that all 3 pods serving this blog in my Kubernetes cluster were allocated to a same node. I thought Kubernetes will try its best to shuffle pods of a deployment into different nodes by default but guess I expected too much. Note the knode3 below Have you spotted the problem? In […]
-
Regulate Egress Access in Kubernetes with Istio
Usually I don’t mind to give pods unlimited egress access, ie. the pods I deployed can access the whole internet if it needs to. However when the pods take input from users it’s a whole different story. For example, running some sandbox applications such as an online Python learning environment, the workload can be abused […]
-
Flyway Container, MySQL and SSL/mTLS
Flyway is a handy utility to manage database schema migrations. Very similar to the schema migration mechanism in Ruby on Rails or Django, but Flyway is a standalone tool. So it’s best suited for some project which doesn’t have database schema management yet. I needed to use Flyway for a project I worked with, the […]