Posts tagged: kubernetes

GitHub - stackrox/kube-linter: KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices. KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices. - stackrox/kube-linter GitHub · github.com [1] A linter for linting kubernetes manifests and help charts. Note This post is a thought [2]. It’s a short note that I make about someone else’s content online #thoughts References: [1]: https://github.com/stackrox/kube-linter [2]: /thoughts/

GitHub - argoproj/argo-events: Event-driven Automation Framework for Kubernetes Event-driven Automation Framework for Kubernetes. Contribute to argoproj/argo-events development by creating an account on GitHub. GitHub · github.com [1] Argo events is an event driven automation framework for kubernetes that can create kubernetes objects among other things based on events. I’ve been using native kubernetes cronjobs to kick off jobs based on a cron trigger. For instance I am running reader.waylonwalker.com every hour, to rebuild the site and re-deploy it. It takes about two minutes to fetch every rss feed, so this is a nice application of a job compared to a web server fetching the feeds live. Now my posts may be up to an hour stale but they load fast. Argo events takes event drien architecture to the next level allowing to be triggered by many more things, and do many more things than creating a cron job. I’m definitely thinking about dropping this in my homelab [2]. Note This post is a thought [3]. It’s a short note that I make about someone else’s content online #thoughts References: [1]: https://github.com/argoproj/argo-events?tab=readme-ov-file [2]: /homelab/ [3]: /thou...

GitHub - eraser-dev/eraser: 🧹 Cleaning up images from Kubernetes nodes 🧹 Cleaning up images from Kubernetes nodes. Contribute to eraser-dev/eraser development by creating an account on GitHub. GitHub · github.com [1] This is kinda sick, its a tool to clean up container images in a k8s cluster. Note This post is a thought [2]. It’s a short note that I make about someone else’s content online #thoughts References: [1]: https://github.com/eraser-dev/eraser?tab=readme-ov-file [2]: /thoughts/

https://boot.dev/blog/devops/how-to-restart-all-pods-in-a-kubernetes-namespace/ blog.boot.dev [1] As of kubernetes 1.15 there is an easy way to restart all pods in a deployment. kubectl -n {NAMESPACE} rollout restart deploy Thanks Lane give him a follow @wagslane [2] Note This post is a thought [3]. It’s a short note that I make about someone else’s content online #thoughts References: [1]: https://blog.boot.dev/open-source/how-to-restart-all-pods-in-a-kubernetes-namespace/ [2]: https://twitter.com/wagslane [3]: /thoughts/

![[none]] --- apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: kanboard namespace: argocd spec: project: default destination: namespace: kanboard server: 'https://kubernetes.default.svc' source: path: kanboard repoURL: 'https://github.com/waylonwalker/homelab-argo' targetRevision: HEAD syncPolicy: automated: prune: true Note This post is a thought [1]. It’s a short note that I make about someone else’s content online #thoughts References: [1]: /thoughts/

Manual Upgrades | K3s You can upgrade K3s by using the installation script, or by manually installing the binary of the desired version. docs.k3s.io [1] You can give k3s an install channel to install stable, latest, or specific versions like 1.26. This is handy to make sure that you install the same version on all of your workers. curl -sfL https://get.k3s.io | INSTALL_K3S_CHANNEL=latest <EXISTING_K3S_ENV> sh -s - <EXISTING_K3S_ARGS> Note This post is a thought [2]. It’s a short note that I make about someone else’s content online #thoughts References: [1]: https://docs.k3s.io/upgrades/manual [2]: /thoughts/

For my reader app I am using cronjobs to schedule my a new build and upload to cloudflare pages every hour. In this example I have built a docker image docker.io/waylonwalker/reader-waylonwalker-com and pushed it to dockerhub. It uses a CLOUDFLARE_API_TOKEN secret to access cloudflare, and the entrypoint itself does the build and upload. apiVersion: v1 kind: Namespace metadata: creationTimestamp: null name: reader namespace: reader --- apiVersion: batch/v1 kind: CronJob metadata: name: reader-cronjob namespace: reader spec: schedule: "0 * * * *" successfulJobsHistoryLimit: 6 failedJobsHistoryLimit: 6 jobTemplate: spec: template: spec: containers: - name: reader-container image: docker.io/waylonwalker/reader-waylonwalker-com:latest env: - name: CLOUDFLARE_API_TOKEN valueFrom: secretKeyRef: name: cloudflare-secret key: cloudflare-secret restartPolicy: OnFailure

External Link sealed-secrets.netlify.app [1] kubeseal is a pretty simple to get started with way to manage secrets such that they can be stored in a git [2] repo and be picked up by your continuous delivery service. Sealed Secrets provides declarative Kubernetes Secret Management in a secure way. Since the Sealed Secrets are encrypted, they can be safely stored in a code repository. This enables an easy to implement GitOps flow that is very popular among the OSS community. Note This post is a thought [3]. It’s a short note that I make about someone else’s content online #thoughts References: [1]: https://sealed-secrets.netlify.app/ [2]: /glossary/git/ [3]: /thoughts/

In my homelab [1] kubernetes cluster I am using kubeseal to encrypt secrets. I have been using it successfully for a few months now wtih great success. It allows me to commit all of my secrets manifests to git [2] with out risk of leaking secrets. You see kubeseal encrypts your secrets with a private key only stored in your cluster, so only the cluster itself can decrypt them using the kubeseal controller. [3] KubeSeal # [4] https://sealed-secrets.netlify.app/ [5] installation # [6] Installation happens in two steps. You need the kubernetes controller and the client side cli to create a sealed secret. For a more complete instruction see the [docs#installation](https://github.com/bitnami-labs/sealed-secrets?tab=readme-ov-file#installation] installation - controller # [7] Warning **context** Make sure that you are in the right context before running any kubectl commands. kubectl config current-context sealed-secrets is installed using the helm package manager. To install sealed-secrets run the following command. helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets helm install sealed-secrets -n kube-system --set-string fullnameOverride=sealed-...

Configure Liveness, Readiness and Startup Probes This page shows how to configure liveness, readiness and startup probes for containers. For more information about probes, see Liveness, Readiness and Startup Probes. Before you begin You need to h... Kubernetes · kubernetes.io [1] What is the difference between health, liveness, readiness, and startup? This article does a great job at a full writeup description of how it works in kubernetes, here is my TLDR. - health 200 OK - I’m still responding to requests - health ERR - something happened and I cant respond to requests - liveness 200 OK - I’m ready for more work - liveness ERR - I’m still responding to requests, and i’m already working send requests to another pod, or scale up Z-pages # [2] These probes are commonly deployed at /healthz and /livez endpoints. Why the z? z is a convention that comes from google for meta endpoints to reduce conflict with actual endpoints, and can be deployed to any application. Note This post is a thought [3]. It’s a short note that I make about someone else’s content online #thoughts References: [1]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readin...

Uptime Kuma A self-hosted monitoring tool uptime.kuma.pet [1] Uptime kuma is a fantastic self hosted [2] monitoring tool. One docker run command and you are up and running. Once you are in you have full control over checking status of urls, frequency, allowed timeouts, and a HUGE list of notification providers docker run -d --restart=always -p 3001:3001 -v uptime-kuma:/app/data --name uptime-kuma louislam/uptime-kuma:1 I deployed it in my homelab [3] today. [4] Note This post is a thought [5]. It’s a short note that I make about someone else’s content online #thoughts References: [1]: https://uptime.kuma.pet/ [2]: /self-host/ [3]: /homelab/ [4]: https://twitter.com/_WaylonWalker/status/1723077941649707468 [5]: /thoughts/

- I am converting my docker compose env secrets over to k8s secrets. This guide was clear and to the point how I can replicate this exact workflow. First set the secret, the easiest way is to use kubectl wtih –from-literal because it automatically base64 encodes for you. kubectl create secret generic minio-access-key --from-literal=ACCESS_KEY=7FkTV**** -n shot If you don’t use the --from-literal you will have to base64 encode it. echo "7FkTV****" | openssl base64 Once you have your secret deployed, you have to update the container spec in your deployment manifest to get the valueFrom secretKeyRef. spec: containers: - env: - name: ACCESS_KEY valueFrom: secretKeyRef: key: ACCESS_KEY name: minio-access-key - name: SECRET_KEY valueFrom: secretKeyRef: key: SECRET_KEY name: minio-secret-key image: registry.wayl.one/shot-scraper-api name: shot-wayl-one ports: - containerPort: 5000 protocol: TCP resources: {} restartPolicy: Always Note This post is a thought [1]. It’s a short note that I make about someone else’s content online #thoughts References: [1]: /thoughts/

External Link X (formerly Twitter) · twitter.com [1] Wow, shocked at these results. All this time I’ve been told and believed that k8s is incredibly hard, and you need a $1M problem before you think about it because it will take a $1M team to maintain it. So far my experience has been good, and I definitely do not have a $1M problem in my homelab [2]. [1] Note This post is a thought [3]. It’s a short note that I make about someone else’s content online #thoughts References: [1]: https://twitter.com/_WaylonWalker/status/1718300097174270193 [2]: /homelab/ [3]: /thoughts/

External Link thoughts.waylonwalker.com [1] I was looking to add running kubernetes jobs to a python cli I am creating, and I found this solution, mostly thanks to ollama run mistral:7b-instruct-q4_K_M and my loose understanding of what the yaml syntax is supposed to look like for a kubernetes job. This will let me create a job in the cluster, choose the image that runs, the command that is called, and how long until the job expires and is cleaned up. While the job still exists I can go in and look at the logs, but once its ttl has expired they are gone. from kubernetes import client, config # Load the default kubeconfig config.load_kube_config() # Define the API client for batch jobs api_instance = client.BatchV1Api() # Create a new job object job = client.V1Job( api_version="batch/v1", kind="Job", metadata=client.V1ObjectMeta(name="myjob"), spec=client.V1JobSpec( ttl_seconds_after_finished=100, template=client.V1PodTemplateSpec( metadata=client.V1ObjectMeta(labels={"app": "myjob"}), spec=client.V1PodSpec( containers=[ client.V1Container( name="myjobcontainer", image="busybox", command=["ls", "/"], ), ], restart_policy="Never", ), ), backoff_limit=1, )...

GitHub - mkimuram/k8sviz: Generate Kubernetes architecture diagrams from the actual state in a namespace Generate Kubernetes architecture diagrams from the actual state in a namespace - mkimuram/k8sviz GitHub · github.com [1] This is a sick kubernetes architecture diagran generation tool. Here is an example [2] installation # [3] $ curl -LO https://raw.githubusercontent.com/mkimuram/k8sviz/master/k8sviz.sh $ chmod u+x k8sviz.sh Usage # [4] ./k8sviz.sh --kubeconfig ~/.config/kube/falcon-k3s.yaml -t png -o k8sviz.png Note This post is a thought [5]. It’s a short note that I make about someone else’s content online #thoughts References: [1]: https://github.com/mkimuram/k8sviz [2]: https://raw.githubusercontent.com/mkimuram/k8sviz/master/examples/wordpress/default.png [3]: #installation [4]: #usage [5]: /thoughts/

Translate a Docker Compose File to Kubernetes Resources What Kubernetes · kubernetes.io [1] kompose is a sick cli to convert docker-compose.yml to kubernetes manifest. # install curl -L https://github.com/kubernetes/kompose/releases/download/v1.26.0/kompose-linux-amd64 -o kompose kompose convert kompose convert -o deployment.yaml Note This post is a thought [2]. It’s a short note that I make about someone else’s content online #thoughts References: [1]: https://kubernetes.io/docs/tasks/configure-pod-container/translate-compose-kubernetes/ [2]: /thoughts/

Kubernetes Persistent Volumes with Deployment and StatefulSet How to use Kubernetes persistent volumes with deployment and stateful set and also when you should use one or another. Alen Komljen · akomljen.com [1] Example of how to add a pvc to a deployment. Note This post is a thought [2]. It’s a short note that I make about someone else’s content online #thoughts References: [1]: https://akomljen.com/kubernetes-persistent-volumes-with-deployment-and-statefulset/ [2]: /thoughts/

[1] I was curious to see what was going on inside of my minio object storage. Great technique here by Frank to create an inspector pod, then you can do as you wish with the data. I created the manifest as pvc-inspector.yml apiVersion: v1 kind: Pod metadata: name: pvc-inspector spec: containers: - image: busybox name: pvc-inspector command: ["tail"] args: ["-f", "/dev/null"] volumeMounts: - mountPath: /pvc name: pvc-mount volumes: - name: pvc-mount persistentVolumeClaim: claimName: pvc-name Then used it like this. # create pvc-inspector pod kubectl apply -f pvc-inspector.yml # exec into inspector kubectl exec -it pvc-inspector -- sh # explore data ls /pvc # cleanup kubectl delete -f pvc-inspector.yml Note This post is a thought [2]. It’s a short note that I make about someone else’s content online #thoughts References: [1]: /static/https://frank.sauerburger.io/2021/12/01/inspect-k8s-pvc.html [2]: /thoughts/

External Link stackoverflow.com [1] In order to use k8s secrets manifest you first need to encode the data values. echo -n 'mega_secret_key' | openssl base64 Note This post is a thought [2]. It’s a short note that I make about someone else’s content online #thoughts References: [1]: https://stackoverflow.com/questions/53394973/cant-create-secret-in-kubernetes-illegal-base64-data-at-input [2]: /thoughts/

Can I access k3s using just kubectl (no sudo and no k3s command) Can I access k3s using just kubectl (no sudo and no k3s command) Reddit · reddit.com [1] Right after installing k3s you are going to need to use sudo to use any kubectl command. The reason for this is that the default config is owned by root. To get around this you will need to make your own config and set the KUBECONFIG environment variable To do this I used sudo one last time to copy the k3s.yaml file into my own directory and take ownership of it. sudo cp /etc/rancher/k3s/k3s.yaml /home/waylon/.config/kube sudo chown -R waylon:waylon ~/.config/kube export KUBECONFIG=~/.config/kube/k3s.yaml Note This post is a thought [2]. It’s a short note that I make about someone else’s content online #thoughts References: [1]: https://www.reddit.com/r/kubernetes/comments/cojjf5/can_i_access_k3s_using_just_kubectl_no_sudo_and/ [2]: /thoughts/

Quick-Start Guide | K3s This guide will help you quickly launch a cluster with default options. Make sure your nodes meet the requirements before proceeding. docs.k3s.io [1] I recently spun up k3s in my homelab [2]. I’m trying to offload some work off of my free tier fly.io app in order to keep it free tier without crashing. # install and start k3s curl -sfL https://get.k3s.io | sh - # check to see if your nodes are started sudo kubectl get nodes My main hiccup so far was the machine I am running on runs zfs on root, and it would not start the master node. Rather than figuring out how to make zfs play nice I just pointed k3s to a drive that is not zfs. # manuallly sudo k3s server -d /mnt/vault/.rancher/k3s # without editing systemd service sudo ln -s /mnt/vault/.rancher/k3s /var/lib/rancher/k3s Note This post is a thought [3]. It’s a short note that I make about someone else’s content online #thoughts References: [1]: https://docs.k3s.io/quick-start [2]: /homelab/ [3]: /thoughts/