Tag: kubernetes

  • How To Renew Certificates in Kubernetes Clusters, Revisited

    There is a lot of TLS certificates used by the core of a Kubernetes cluster and a popular one is the client-server pair used by kubectl to authenticate to the cluster control plane. In my previous notes on how to renew certificates in a Kubernetes cluster with kubeadm, I found that the steps are quite […]

  • Blog Deployed With Jsonnet, Grafana Tanka and ArgoCD

    It’s been a year since I did the ‘Hello World’ with Jsonnet and Tanka, then I made a simple side-loader container to install Tanka as a plugin to ArgoCD and finally deployed an httpbin container with ArgoCD + Tanka + Jsonnet. However since Jsonnet wasn’t used in my work, those things were shelved afterwards. Recently […]

  • Easy Kubernetes Secret Integration with ExternalSecrets

    In a Kubernetes cluster, A Kubernetes Secret is a resource type to hold sensitive data for the apps to use, such as an API key or database password. Secrets are namespaced so if I have RBAC access to a namespace, I can pretty much see all the secrets there, as the secrets are only base64 […]

  • Better Resilience for Kubernetes Pods

    I happened to notice that all 3 pods serving this blog in my Kubernetes cluster were allocated to a same node. I thought Kubernetes will try its best to shuffle pods of a deployment into different nodes by default but guess I expected too much. Note the knode3 below Have you spotted the problem? In […]

  • Regulate Egress Access in Kubernetes with Istio

    Usually I don’t mind to give pods unlimited egress access, ie. the pods I deployed can access the whole internet if it needs to. However when the pods take input from users it’s a whole different story. For example, running some sandbox applications such as an online Python learning environment, the workload can be abused […]

  • Some Tips for CKA Exams

    I’ve passed my CKA exam on my first attempt, it’s not hard because it’s the entry level certificate for Kubernetes but still a good preparation is necessary even for someone already experienced in Kubernetes. First of all, the exam is fully hands-on: every question requires a set of commands done in a terminal provided in […]

  • Deploy the Loki Stack in a Kubernetes Cluster with ArgoCD

    Loki and Promtail from Grafana Labs are new kids in the observability community. Are they good enough to replace Elasticsearch and Logstash? I would like to see. Here’s a sample ArgoCD Application to deploy Loki, Promtail, Prometheus and Grafana all from 1 Helm chart: grafana/loki-stack. Some settings of my installations are: loki, grafana and prometheus […]

  • Fixed CoreDNS High CPU Issue in a Kubernetes Cluster

    There was a Grafana alert saying that CPU usage was quite high on the master node of my garage Kubernetes cluster. I was watching a movie so I didn’t jump into this right away 🙂 I had a look at the master node today and this is how I fixed this issue. With the good […]

1 2 3 7
Next Page