https://www.hascode.com/tags/k8/ Recent content in K8 on Micha Kops' Tech Notes Hugo -- 0.147.8 en Copyright © 2010 - 2025 Micha Kops. #213243b1d6e8932079e09227d3f3ed0c806cd0c9 Fri, 19 Apr 2024 00:00:00 +0200 https://www.hascode.com/handling-secrets-with-sops/ Fri, 19 Apr 2024 00:00:00 +0200 https://www.hascode.com/handling-secrets-with-sops/ <div id="preamble"> <div class="sectionbody"> <div class="imageblock"> <div class="content"> <img src="sops-cover-image.webp" alt="sops cover image"/> </div> <div class="title">Figure 1. Handling Secret with SOPS</div> </div> </div> </div> <div class="sect1"> <h2 id="_installation">Installation</h2> <div class="sectionbody"> <div class="listingblock"> <div class="title">using homebrew</div> <div class="content"> <pre class="highlight"><code class="language-bash" data-lang="bash">brew install sops</code></pre> </div> </div> <div class="paragraph"> <div class="title">manual download</div> <p>download from GitHub <a href="https://github.com/getsops/sops/releases" class="bare">https://github.com/getsops/sops/releases</a></p> </div> </div> </div> <div class="sect1"> <h2 id="_using_sops">Using SOPS</h2> <div class="sectionbody"> <div class="olist arabic"> <ol class="arabic"> <li> <p>Create a <code>sops.yaml</code></p> <div class="listingblock"> <div class="title">sops.yaml</div> <div class="content"> <pre class="highlight"><code class="language-yaml" data-lang="yaml">creation_rules: # encrypt stuff in .secrets - aws_profile: default kms: arn:aws:kms:eu-central-1:1234567890:key/abcdefg-0123456-abcdefg <i class="conum" data-value="1"></i><b>(1)</b> path_regex: ^./secrets/.*$ <i class="conum" data-value="2"></i><b>(2)</b></code></pre> </div> </div> <div class="colist arabic"> <table> <tbody><tr> <td><i class="conum" data-value="1"></i><b>1</b></td> <td>We are using AWS KMS for encryption/decryption</td> </tr> <tr> <td><i class="conum" data-value="2"></i><b>2</b></td> <td>All files in the directory <code>.secrets</code> will be encrypted</td> </tr> </tbody></table> </div> </li> <li> <p>Inplace Encrypt</p> <div class="listingblock"> <div class="content"> <pre class="highlight"><code class="language-bash" data-lang="bash">sops -e -i .secrets/mysecret.yaml</code></pre> </div> </div> </li> <li> <p>Inplace Decrypt</p> <div class="listingblock"> <div class="content"> <pre class="highlight"><code class="language-bash" data-lang="bash">sops -d -i .secrets/mysecret.yaml</code></pre> </div> https://www.hascode.com/quick-kafdrop-setup-with-helm-charts/ Thu, 10 Aug 2023 00:00:00 +0200 https://www.hascode.com/quick-kafdrop-setup-with-helm-charts/ <div id="preamble"> <div class="sectionbody"> <div class="imageblock"> <div class="content"> <img src="kafdrop-topic-view.png" alt="kafdrop topic view"/> </div> <div class="title">Figure 1. Kafdrop Topic Viewer</div> </div> <div class="paragraph"> <p>In the ever-expanding world of data streaming and event-driven architecture, Apache Kafka has emerged as a cornerstone for reliable and scalable data processing. However, managing and monitoring Kafka clusters can often present its own set of challenges. This is where Kafdrop, a web-based Kafka consumer group and topic viewer, comes to the rescue. With its intuitive interface and insightful visualizations, Kafdrop offers developers and operators an efficient way to gain valuable insights into Kafka clusters.</p> </div> https://www.hascode.com/install-kubernetes-components-kubeadm-kubectl-kubelet/ Fri, 14 May 2021 00:00:00 +0200 https://www.hascode.com/install-kubernetes-components-kubeadm-kubectl-kubelet/ <div id="preamble"> <div class="sectionbody"> <div class="sidebarblock"> <div class="content"> <div class="title">Goals</div> <div class="olist arabic"> <ol class="arabic"> <li> <p>Install kubeadm, kubectl and kubelet on Debian-based Linux</p> </li> <li> <p>Freeze their versions to avoid automatic updates</p> </li> </ol> </div> </div> </div> </div> </div> <div class="sect1"> <h2 id="_installation">Installation</h2> <div class="sectionbody"> <div class="listingblock"> <div class="content"> <pre class="highlight"><code class="language-bash" data-lang="bash">curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add - <i class="conum" data-value="1"></i><b>(1)</b> cat &lt;&lt; EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list <i class="conum" data-value="2"></i><b>(2)</b> deb https://apt.kubernetes.io/ kubernetes-xenial main EOF sudo apt-get update <i class="conum" data-value="3"></i><b>(3)</b> sudo apt-get install -y kubelet=1.15.7-00 kubeadm=1.15.7-00 kubectl=1.15.7-00 <i class="conum" data-value="4"></i><b>(4)</b> sudo apt-mark hold kubelet kubeadm kubectl <i class="conum" data-value="5"></i><b>(5)</b></code></pre> </div> </div> <div class="colist arabic"> <table> <tbody><tr> <td><i class="conum" data-value="1"></i><b>1</b></td> <td>Add the GPG key</td> </tr> <tr> <td><i class="conum" data-value="2"></i><b>2</b></td> <td>Add the kubernetes repo to the sources list</td> </tr> <tr> <td><i class="conum" data-value="3"></i><b>3</b></td> <td>Update the index</td> </tr> <tr> <td><i class="conum" data-value="4"></i><b>4</b></td> <td>Install kubelet, kubeadm and kubectl <div class="admonitionblock warning"> <table> <tbody><tr> <td class="icon"> <i class="fa icon-warning" title="Warning"></i> </td> <td class="content"> It’s important to use the same version for kubelet, kubeadm and kubectl. </td> </tr> </tbody></table> </div> https://www.hascode.com/setting-up-a-kubernetes-master-node/ Fri, 14 May 2021 00:00:00 +0200 https://www.hascode.com/setting-up-a-kubernetes-master-node/ <div id="preamble"> <div class="sectionbody"> <div class="sidebarblock"> <div class="content"> <div class="title">Goals</div> <div class="olist arabic"> <ol class="arabic"> <li> <p>Setup a kubernetes master node on a Linux machine</p> </li> </ol> </div> </div> </div> </div> </div> <div class="sect1"> <h2 id="_setup">Setup</h2> <div class="sectionbody"> <div class="paragraph"> <p>Initialize the cluster on the master node</p> </div> <div class="listingblock"> <div class="content"> <pre class="highlight"><code class="language-bash" data-lang="bash">sudo kubeadm init --pod-network-cidr=10.244.0.0/16</code></pre> </div> </div> <div class="paragraph"> <p>This might take a few minutes …​ afterward we set up our local kubeconfig:</p> </div> <div class="listingblock"> <div class="content"> <pre class="highlight"><code class="language-bash" data-lang="bash">mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config</code></pre> </div> </div> </div> </div> <div class="sect1"> <h2 id="_verify_the_cluster_setup">Verify the Cluster Setup</h2> <div class="sectionbody"> <div class="paragraph"> <p>Shows that the cluster is responding and kubectl working:</p> </div> <div class="listingblock"> <div class="content"> <pre class="highlight"><code class="language-bash" data-lang="bash">kubectl version</code></pre> </div> </div> </div> </div> https://www.hascode.com/helm-snippets/ Mon, 01 Mar 2010 00:00:00 +0100 https://www.hascode.com/helm-snippets/ <div class="sect1"> <h2 id="_common_operations">Common operations</h2> <div class="sectionbody"> <div class="sect2"> <h3 id="_add_helm_repository">Add Helm Repository</h3> <div class="listingblock"> <div class="content"> <pre class="highlight"><code class="language-bash" data-lang="bash">helm repo add NAME URL</code></pre> </div> </div> <div class="paragraph"> <p>e.g. for the Bitnami repository:</p> </div> <div class="listingblock"> <div class="content"> <pre class="highlight"><code class="language-bash" data-lang="bash">helm repo add bitnami https://charts.bitnami.com/bitnami 1 ↵ &#34;bitnami&#34; has been added to your repositories</code></pre> </div> </div> </div> <div class="sect2"> <h3 id="_list_repositories">List Repositories</h3> <div class="listingblock"> <div class="content"> <pre class="highlight"><code class="language-bash" data-lang="bash">helm repo list 130 ↵ NAME URL bitnami https://charts.bitnami.com/bitnami</code></pre> </div> </div> </div> <div class="sect2"> <h3 id="_searching_in_a_helm_repository">Searching in a Helm Repository</h3> <div class="listingblock"> <div class="content"> <pre class="highlight"><code class="language-bash" data-lang="bash">helm search repo wordpress NAME CHART VERSION APP VERSION DESCRIPTION bitnami/wordpress 15.2.30 6.1.1 WordPress is the world&#39;s most popular blogging ... bitnami/wordpress-intel 2.1.31 6.1.1 DEPRECATED WordPress for Intel is the most popu...</code></pre> </div> https://www.hascode.com/java-snippets/ Mon, 01 Mar 2010 00:00:00 +0100 https://www.hascode.com/java-snippets/ <div class="sect1"> <h2 id="_remote_debug_a_pods_java_process">Remote Debug a Pod’s Java Process</h2> <div class="sectionbody"> <div class="paragraph"> <p>Simple steps for remote debugging a Java process running on a k8 pod:</p> </div> <div class="olist arabic"> <ol class="arabic"> <li> <p>Edit deployment and add the following parameters to the Java start line: <code>-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=127.0.0.1:5005</code></p> <div class="paragraph"> <p>Also add the following port mapping at the section <code>container → ports</code> in the deployment:</p> </div> <div class="listingblock"> <div class="content"> <pre class="highlight"><code>- containerPort: 5005 protocol: TCP</code></pre> </div> </div> </li> <li> <p>Safe, wait for the new pods and then add a port forward for port 5005 for this pod:</p> <div class="listingblock"> <div class="content"> <pre class="highlight"><code class="language-bash" data-lang="bash">kubectl port-forward podname 5005</code></pre> </div> https://www.hascode.com/kubernetes-snippets/ Mon, 01 Mar 2010 00:00:00 +0100 https://www.hascode.com/kubernetes-snippets/ <div class="sect1"> <h2 id="_rerun_existing_completed_job">Rerun existing completed Job</h2> <div class="sectionbody"> <div class="admonitionblock caution"> <table> <tbody><tr> <td class="icon"> <i class="fa icon-caution" title="Caution"></i> </td> <td class="content"> kubectl replace deletes the old job, if there is any error, your job definition is lost, don’t forget to save it first! </td> </tr> </tbody></table> </div> <div class="listingblock"> <div class="title">Replace an existing Job with itself</div> <div class="content"> <pre class="highlight"><code class="language-bash" data-lang="bash">kubectl get job JOBNAME -o yaml | kubectl replace --force -f -</code></pre> </div> </div> <div class="admonitionblock tip"> <table> <tbody><tr> <td class="icon"> <i class="fa icon-tip" title="Tip"></i> </td> <td class="content"> Sometimes there are errors importing the job template due to auto-generated labels or selectors .. a quick and dirty hack is to filter them out using jq </td> </tr> </tbody></table> </div>