-
A Kubernetes ClusterSecret
No, at this moment ClusterSecret, unlike ClusterRole, doesn’t officially exist in any version of Kubernetes yet. I’ve seen some discussion like this, so looks like it will be a while to have a ClusterSecret. But why do I need a ClusterSecret in the first place? The reason is very simple: To be DRY. Imagine I…
-
Real Life Cost of a Tesla Model 3
It’s been a bit more than 2 weeks since I got my Model 3 as a result of my impulse-buying, so as an end user I think I’m qualified to do some cost analysis and projection based on the first 1000km I’ve done with the car. Disclaimer: The following analysis is based on my calculation…
-
Hello World, Grafana Tanka
I liked YAML a lot, until it gets longer and longer, and even longer. There are tools to make YAML ‘DRY’, the popular ones are Helm and Kustomize. But none of them can say it got the job done. To be honest, I didn’t like Helm much from the start. Helm uses templating syntax similar…
-
Never Buy a Tesla
I just got my Tesla Model 3 delivered last week and I’ve added a few hundreds of KMs to its odometer. Frankly it’s largely a disappointment and I’ll state my reasons here. First, it doesn’t have a ‘start engine’ or ‘ignition’ button at all! More to that, it doesn’t have an engine either, only electric…
-
Rebuild a Kubernetes Node Without Downtime
When I built the in-house Kubernetes cluster with Raspberry PIs, I followed the kubeadm instructions and installed Raspberry PI OS on the PIs. It was all good except the RPI OS is 32-bit. Now I want to install a Ubuntu 20.04 Server ARM64 on this PI, below are steps with which I rebuilt the node…
-
OpenSSL Commands to Verify TLS Certs in Kubernetes Secrets
Sometimes a TLS cert deployed into a Kubernetes cluster in a Secret doesn’t work as expected. Here are some handy commands to verify the certs. The sample commands work for Istio Ingressgateway, but should be adapted to other CNIs without huge efforts. Commands to verify the cert served by your web-app Commands to verify the…
-
Fixed: Duplicated Cluster IPs in a Kubernetes Cluster
A Cluster IP is an IP address allocated in the cluster’s virtual LAN, usually allocated to Kubernetes Services. As a user nobody should care about which cluster IP a service would get because we will use the service-name.namespace-name DNS name which will map to that IP automatically. In my case, some services in a GKE…
-
The Upgrade of Kubernetes Ingress Nginx
The ingress-nginx container image I’ve been using was v0.25, and that’s more than 1 year old. The recent release is v0.44 but it’s a big leap from 25 to 44 and I’ve found some major differences between the 2 versions. Version 0.25 implemented API version of networking.k8s.io/v1beta1 while version 0.44 has networking.k8s.io/v1. Here are samples…