#kubernetes (2020-01)

kubernetes

Archive: https://archive.sweetops.com/kubernetes/

2020-01-31

nutellinoit avatar
nutellinoit

Hi everyone! We OSS our permission manager tool for Kubernetes. If anyone wants to take a look: https://github.com/sighupio/permission-manager

sighupio/permission-manager

Permission Manager is a project that brings sanity to Kubernetes RBAC and Users management, Web UI FTW - sighupio/permission-manager

Zachary Loeber avatar
Zachary Loeber

Saw that one get announced, looks neato. Any alignment with rbac manager?

nutellinoit avatar
nutellinoit

The one from fairwinds?

Zachary Loeber avatar
Zachary Loeber

yeah, different purposes and all but it would be a good pairing for certain (it lets you use CRDs to define your rbac rules)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

This looks rad @nutellinoit! thanks for sharing

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@Jeremy Grodberg @Alex Siegman @Daren

Alex Siegman avatar
Alex Siegman

Saw this get announced. Looks pretty neat. Doesn’t solve any pain points for us now, but if I needed to have more least-access RBAC stuff in kube, or especially for app access if apps start interacting with the kube api directly, this seems like a good potential fit

2020-01-29

2020-01-28

Jonathan avatar
Jonathan
Hi everyone! Been searching around for a while and can't seem to find an answer for this issue. I cant get the lifecycle postStart command to work as intended. This is the error im getting: 



 Warning  FailedPostStartHook  20s (x2 over 21s)  kubelet, gke-nodepool-name  Exec lifecycle hook ([sh -c echo "hello world"]) for Container "container-name" in Pod "pod-name" failed - error: command 'sh -c echo "hello world"' exited with 126: , message: "cannot exec in a stopped state: unknown\r\n

Has anyone run in to this before?

Update: There was an issue in the Docker container that prevented it from ever reaching the lifecycle hook in a healthy state. Fixing the underlying issue also solved this error

2020-01-26

2020-01-22

Chase Ward avatar
Chase Ward
11:54:42 PM

@Chase Ward has joined the channel

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Announcing the Kubernetes bug bounty program attachment image

Authors: Maya Kaczorowski and Tim Allclair, Google, on behalf of the Kubernetes Product Security Committee Today, the Kubernetes Product Security Committee is launching a new bug bounty program, funded by the CNCF, to reward researchers finding security vulnerabilities in Kubernetes. Setting up a new bug bounty program We aimed to set up this bug bounty program as transparently as possible, with an initial proposal, evaluation of vendors, and working draft of the components in scope.

2020-01-21

btai avatar

https://aws.amazon.com/blogs/aws/eks-price-reduction/ $876 annual savings for EKS cluster applied immediately

Amazon EKS Price Reduction | Amazon Web Services attachment image

Since it launched 18 months ago, Amazon Elastic Kubernetes Service has released a staggering 62 features, 14 regions, and 4 Kubernetes versions. While developers, like me, are loving the speed of innovation and the incredible new features, today, we have an announcement that is going to bring a smile to the people in your finance […]

fast_parrot4
1
s2504s avatar
s2504s

it would be great if they added EKS at California

Amazon EKS Price Reduction | Amazon Web Services attachment image

Since it launched 18 months ago, Amazon Elastic Kubernetes Service has released a staggering 62 features, 14 regions, and 4 Kubernetes versions. While developers, like me, are loving the speed of innovation and the incredible new features, today, we have an announcement that is going to bring a smile to the people in your finance […]

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

That’s pretty awesome!

2020-01-18

Carlos Tovar avatar
Carlos Tovar
03:13:30 PM

after some headaches I was finally able to spin up an EKS cluster with gMSA enabled Windows worker nodes

Carlos Tovar avatar
Carlos Tovar

I’ve been unable to get the gmsa-webhook to work yet

2020-01-15

dalekurt avatar
dalekurt

Hey Guys! So last Friday I completed my CKA exam and passed it. If anyone is interested, here are a few resources I used to prepared

• Linux Academy Cloud Native Certified Kubernetes Administrator (CKA) - https://linuxacademy.com/cp/modules/view/id/327

• Udemy - https://www.udemy.com/course/certified-kubernetes-administrator-with-practice-tests Additionally, I have been sharing some tips and tricks on my instagram https://instagram.com/dalekurt

5
2
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

awesome job @dalekurt! congrats and thanks for sharing

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I think that’s going to help others who want to also get their CKA

James D. Bohrman avatar
James D. Bohrman

Big thanks to @Nick Kampe for helping me brainstorm this!

1
cool-doge1

2020-01-14

Arjun Iyer avatar
Arjun Iyer

Hi folks, I’m the founder of a startup building a service for SRE & Devops to monitor and verify rollouts continuously within K8s. This will help devs release with confidence and provide deep visibility into the deployment process. We ingest k8s events, metrics (from prometheus) and logs to monitor rollout progression and determine via statistical analysis whether the service has regressed. If issues are found during the rollout we recommend actions to unblock the rollout or to rollback the deployment. If this is relevant to you can you reply to this msg or send me a DM. We’re looking for folks to sign up for our early beta and would love your feedback. Thanks!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@Arjun Iyer any demo videos?

Arjun Iyer avatar
Arjun Iyer

Not yet. We’ll have that within a few weeks!

:--1:1
Arjun Iyer avatar
Arjun Iyer

But we do have a 1-pager to share with folks who are interested and we would love to get some feedback!

2020-01-13

Mikael Fridh avatar
Mikael Fridh

Kapitan has an intersting thing added more recently… -https://github.com/deepmind/kapitan/pull/190

Similar as Kuku - https://github.com/xarg/kuku

and Karavel - https://medium.com/@greegorey/writing-yet-another-kubernetes-templating-tool-2c5de0e2e7a

I really like these projects… reminds a bit of the Apache Aurora config languages (and its immense possibilities), plus you can create really nice terse wrapping classes which abstracts away everything, and include any python function for sourcing/generating whatever anywhere you’d like….

Anyone else on the Kuku or Karavel pill?

Kadet input type *experimental* by ramaro · Pull Request #190 · deepmind/kapitan

This introduces a new experimental input type called Kadet. Kadet is essentially a Python module offering a set of classes and functions to define objects which will compile to JSON or YAML. A comp…

xarg/kuku

Kubernetes templating tool. Contribute to xarg/kuku development by creating an account on GitHub.

Writing yet another Kubernetes templating tool attachment image

If you are working with Kubernetes environment then you probably make use of several existing templating tools, some of them being a part…

2020-01-12

Chris Fowles avatar
Chris Fowles

damn it

Chris Fowles avatar
Chris Fowles

lens quickly became an everyday tool for me

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Latest update…

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Still hope for it!

Chris Fowles avatar
Chris Fowles

here’s hoping!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I could see it becomign that - especially for local dev, or sandbox environments

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

doesn’t appear to be open source though, right? The lens repo doesn’t contain the source

Chris Fowles avatar
Chris Fowles

yeh it’s just issue management on the github project i think

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)


We tried to build something amazing but our plans of creating business around open source software has failed

Chris Fowles avatar
Chris Fowles

(i’m kind of sick of the faux open source vibe that gives off)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

just curious what that refers to

Chris Fowles avatar
Chris Fowles
kontena/pharos-cluster

The simple, solid, certified Kubernetes distribution that just works. - kontena/pharos-cluster

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

lol, yes, a repo for issues doesn’t count as “open source”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

aha

Chris Fowles avatar
Chris Fowles

i think they were trying to go the Banzai route and build cloud on k8s company

Chris Fowles avatar
Chris Fowles

tanka looks promising

Chris Fowles avatar
Chris Fowles

i’ve been working through trying to build out our deployments using kustomize and there’s a few pretty big limitations in getting a decently dry structure

1

2020-01-11

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Farewell attachment image

This is a sad day for team Kontena. We tried to build something amazing but our plans of creating business around open source software has failed. We couldn’t build a sustainable business. Despite all the effort, highs and lows, as of today, Kontena has ceased operations. The team is no

2020-01-10

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Introducing Tanka, Our Way of Deploying to Kubernetes attachment image

YAML sucks! This blog post explains why existing tools hardly ease this pain, and what we at Grafana Labs did about it.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Interesting choice on using jsonnet again…

kskewes avatar
kskewes

The Prometheus ecosystem is pretty deep in jsonnet already. Need some big wins to warrant redoing in something else like Cue.

Pinterest doing CRD for everything (effectively server side templating controlled by sre/platform team) is an interesting alternative approach.

:--1:1
kskewes avatar
kskewes

I suggest Cue because it has similar feel (from outside looking at it) but big gain is schema validation (eg from k8s API).

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)


Early efforts with ksonnet were focused around creating patterns to help organize configurations across many applications for large deployments of Kubernetes. Feedback from the community was that the purpose of ksonnet was meaningful, but the language and concepts could be intimidating for new and casual users. We worked to streamline the user experience through a Visual Studio Code extension and a new command line tool, ks, but despite our efforts, ksonnet has not yet resonated with its intended audience.
>
Prior to the acquisition, Heptio had been shifting focus and resources away from ksonnet; with the acquisition, we felt it was the right time to rethink our investment in ksonnet. As a result, work on ksonnet will end and the GitHub repositories will be archived.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Welcoming Heptio Open Source Projects to VMware - Cloud Native Apps Blog attachment image

By Ross Kukulinski, Product Line Manager, and Tim Hinderliter, Senior Engineering Manager   Heptio is now VMware (read the acquisition close post), and as you can imagine, the last two months have been a whirlwind. Our newly combined team is eager to expand the impact Heptio’s open source projects have on the cloud native ecosystem through open

roth.andy avatar
roth.andy
Blaise Pabon avatar
Blaise Pabon

Hi @roth.andy This link didn’t work for me, do you know if there is a new one? thanks!

roth.andy avatar
roth.andy

sent you an invite

Blaise Pabon avatar
Blaise Pabon

Got it, Thank you!!

2020-01-07

2020-01-03

Pierre Humberdroz avatar
Pierre Humberdroz

Did someone use VPA with kops ?

Pierre Humberdroz avatar
Pierre Humberdroz

I would like to know if everything is working as aspected (I do not know why it should not)..

2020-01-02

Austin Cawley-Edwards avatar
Austin Cawley-Edwards

Heyo, does anyone have experience with fluentd-kubernetes-daemonset / restricting the namespaces it has access to? I’m running into large logging costs for namespaces that are not mission-critical. Thanks!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

it might be easier to instead filter on the fluentd side, rather than attempt to restrict it

Austin Cawley-Edwards avatar
Austin Cawley-Edwards

Sounds good - wasn’t familiar with fluentd filtering but the builtin grep filter looks like it will do the trick. Thanks!

:100:1
    keyboard_arrow_up