#kubernetes (2019-08)

kubernetes

Archive: https://archive.sweetops.com/kubernetes/

2019-08-02

2019-08-05

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
2
1
2
1
Tega McKinney avatar
Tega McKinney

I’m still explaining that to folks in my org. Every few weeks; lets switch providers b/c we won’t have much work

2019-08-06

btai avatar
Announcing the HashiCorp Vault Helm Chart

This week we’re releasing an official Helm Chart for Vault. Using the Helm Chart, you can start a Vault cluster running on Kubernetes in just minutes. This Helm chart will also be …

3
5
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Announcing the HashiCorp Vault Helm Chart

This week we’re releasing an official Helm Chart for Vault. Using the Helm Chart, you can start a Vault cluster running on Kubernetes in just minutes. This Helm chart will also be …

2019-08-08

Hetal S avatar
Hetal S

I am facing issue in TF 0.11.14 when I am creating multiple cluster

Hetal S avatar
Hetal S
 * module.eks.local.kubeconfig: local.kubeconfig: Resource 'aws_eks_cluster.eks' does not have attribute 'certificate_authority.0.data' for variable 'aws_eks_cluster.eks.*.certificate_authority.0.data'

2019-08-12

i5okie avatar

Hi, anyone here have experience with Flux where it keeps re-applying manifests even if nothing was changed?

pericdaniel avatar
pericdaniel

Does anyone have experience with oauth2 and kubernetes dashboard?

kskewes avatar
kskewes

Joel Speed from Pusher did a good KubeCon video on what they do with oauth2_proxy, Dex and dashboard

pericdaniel avatar
pericdaniel

thank you foor the tip!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

We’ve integrated it with Keycloak + Gatekeeper (kops + k8s dashboard)

2019-08-16

btai avatar

is there an easy way to grab the headers on the http request from one service to another in a k8s cluster

2019-08-17

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Like for observability?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

—-

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
vmware/octant

A web-based, highly extensible platform for developers to better understand the complexity of Kubernetes clusters. - vmware/octant

2019-08-20

guigo2k avatar
guigo2k
Security release of Kubernetes v1.15.3, v1.14.6, v1.13.10 - CVE-2019-9512 and CVE-2019-9514

Hello Kubernetes Community, A security issue has been found in the net/http library of the Go language that affects all versions and all components of Kubernetes. The vulnerabilities can result in a DoS against any process with an HTTP or HTTPS listener. Am I vulnerable? Yes. All versions of Kubernetes are affected. Go has released versions go1.12.8 and go1.11.13, and we have released the following versions of Kubernetes built using patched versions of Go. Kubernetes v1.15.3 - go1.12.9 Kub…

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
vitaly.markov avatar
vitaly.markov

@Erik Osterman (Cloud Posse) but why?

ruan.arcega avatar
ruan.arcega

and how do we have to treat? what’s the best way to do this? i think he meant that if you are on this level you are already accommodated…

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

kelsey has a theme going on right now to remove some of the sugar coating around kubernetes. it’s been touted up as this magical container platform that solve all our problems. the reality is that like any other piece of software you run, there are tradeoffs. one of the common best practices is to toss traditional DR out the window; no more treating servers (and services) as “pets”, instead treat them as cattle. the crude analogy is with cattle is if they get sick you put them down rather than spend thousands at the vet making them well again. with servers, it’s a little less crude. terminate them and move on. kubernetes makes that very easy, however, there’s still an operator responsible for kubernetes. it’s not “serverless”. So like the Rancher responsible for the cattle, we are in the end responsible the cluster. Not everything will be fully automated in an unattended fashion (or should be).

2
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

2019-08-21

btai avatar

anyone not running k8s 1.13+ in production? now that CVEs aren’t being fixed in 1.11 what are y’all strategies? I feel like everyone I talk to is still on 1.11

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

EkS or kops?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

We just upgraded our first kops clusters from 1.12 to the latest release in 1.13

2019-08-22

btai avatar

how was the upgrade from 1.11 to 1.12?

Jan avatar

Been testing that recently

Jan avatar

Fairly mixed results in terms of predictably, at least on my side thus far

Jan avatar

I had planned to focus on building in support for automated https://github.com/heptio/velero as a fall back plan

heptio/velero

Backup and migrate Kubernetes applications and their persistent volumes - heptio/velero

Jan avatar

Though mit something I will be able to focus on, at least in the current company I’m at

2019-08-26

Sandeep Kumar avatar
Sandeep Kumar

is it possible to Clone existing Google cloud Kubernetes cluster using gcloud command line options? I see the documentation available for cloning existing cluster manually from GCP console (https://cloud.google.com/kubernetes-engine/docs/how-to/creating-a-cluster#clone-existing-cluster)

2019-08-27

pericdaniel avatar
pericdaniel

What are people using using to terraform custom resource definitions for kubernetes?

Jan avatar

Null resource local exec, with a life cycle hook for destroy

thumbsup_all1
aaratn avatar

Null resources

Alejandro Rivera avatar
Alejandro Rivera

Hi, I’m using nginx ingress controller to expose thanos sidecar, I have validated that service is setup correctly and it’s responding as expected, but when using Nginx I get 400 error:

Alejandro Rivera avatar
Alejandro Rivera
00.00.00.00 - [00.00.00.00] - - [27/Aug/2019:23:58:28 +0000] "PROXY TCP4 00.00.00.00 00.00.00.00 44782 30226" 400 163 "-" "-" 0 0.000 [] [] - - - -...

(edited out the ip addresses)

this is the ingress config:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    external-dns.alpha.kubernetes.io/hostname: foo.bar
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/backend-protocol: GRPC
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    service.beta.kubernetes.io/aws-load-balancer-internal: "true"
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: foo
  creationTimestamp: "2019-08-27T23:52:59Z"
  generation: 1
  labels:
    service: thanos-sidecar
  name: thanos-sidecar
  namespace: monitoring
  resourceVersion: "foo"
  selfLink: /apis/extensions/v1beta1/namespaces/monitoring/ingresses/thanos-sidecar
  uid: foo
spec:
  rules:
  - host: foo.bar
    http:
      paths:
      - backend:
          serviceName: thanos-sidecar
          servicePort: grpc
status:
  loadBalancer:
    ingress:
    - hostname: foo.bar
Alejandro Rivera avatar
Alejandro Rivera

Enabled TLS and still getting 400 errors

Alejandro Rivera avatar
Alejandro Rivera
00.00.00.00 - [00.00.00.00] - - [28/Aug/2019:02:13:40 +0000] "PRI * HTTP/2.0" 400 163 "-" "-" 0 0.002 [] [] - - - -

2019-08-28

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
kubernetes5
Alex Siegman avatar
Alex Siegman

I haven’t looked at the material, but I saw it advertised as “agnostic” which is really nice

Alex Siegman avatar
Alex Siegman

Linked it to my team this morning, I’ll pass on any feedback I get if they try it

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

cool, lmk!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
HashiCorp looks into easier secret management for Kubernetes • DEVCLASSattachment image

HashiCorp has finished work on Consul 1.6 and offered a first insight on upcoming Vault features aimed at users of container orchestrator Kubernetes.

2

2019-08-29

Robert avatar
Robert
07:19:12 PM

@Robert has joined the channel

    keyboard_arrow_up