#kubernetes (2021-11)
Archive: https://archive.sweetops.com/kubernetes/
2021-11-10
![Muhammad Nadeem Shahzad avatar](https://avatars.slack-edge.com/2021-11-10/2694979795671_377112505fc1c20f1f9c_72.png)
@Muhammad Nadeem Shahzad has joined the channel
2021-11-15
![Zach avatar](https://avatars.slack-edge.com/2020-07-21/1278358623280_e99d673db1471fc93095_72.jpg)
Anyone know how to workaround the prom-operator alertmanager and its desire to only match alerts by namespace (where the AlertmanagerConfig was created), when you’re using a single prom/alertmanager for the entire cluster?
2021-11-21
![Brad McCoy avatar](https://avatars.slack-edge.com/2021-01-27/1690488301364_5ff70ab63e55fbb69a4d_72.png)
I have just finished my latest blog to help people study and pass the new KCNA exam, hope it helps! https://blog.bradmccoy.io/how-to-pass-your-kcna-exam-cf98cfa7d70f
![attachment image](https://miro.medium.com/max/1200/1*mlkcAMJ-tJWW7DySUOxA6Q.png)
The CNCF has just launched the new Kubernetes and Cloud Native Associate Exam also known as the KCNA. I was one of the first 400 people to…
2021-11-25
![contact871 avatar](https://secure.gravatar.com/avatar/b6ee6875b333ed77349dfb90dd004f0d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0021-72.png)
Hi, anyone experienced with Vault Injector could help me with the issue I described here https://sweetops.slack.com/archives/CLWUJP0SH/p1637862515011400
Hello,
I use the following workflow:
• created a temporary pod with vault
binary inside. Used for it serviceAccount: vault-injector-agent-injector
, which is also used by the vault-injector-agent-injector
pod
• then I exec into the temporary pod and execute
$ vault write "auth/k8s-main/config" \
token_reviewer_jwt="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
kubernetes_ca_cert=@/var/run/secrets/kubernetes.io/serviceaccount/ca.crt \
kubernetes_host="https://${KUBERNETES_HOST}" \
issuer="${ISSUER}"
Success! Data written to: auth/k8s-main/config
As long as this pod is running everything is fine and Vault Injector works as expected.
When I kill the temporary pod then my pods (which use Vault Injector) get stuck in Init:0/1
state and the logs hang with:
$ kubectl -n some-ns logs -f --tail 10 some-pod-69785cc69b-4j9mt -c vault-agent-init
2021-11-25T17:34:42.918Z [INFO] auth.handler: authenticating
2021-11-25T17:34:42.972Z [ERROR] auth.handler: error authenticating:
error=
| Error making API request.
|
| URL: PUT <https://vault.example.com/v1/auth/k8s-main/login>
| Code: 403. Errors:
|
| * permission denied
backoff=4m48.8s
I would appreciate any feedback, tips how to make this more permanent
2021-11-30
![Vlad Ionescu (he/him) avatar](https://avatars.slack-edge.com/2020-10-03/1417676895681_ea45b3f22e5fea04f2fc_72.png)
FYI, if you wanna play with k8s for free: https://twitter.com/iamvlaaaaaaad/status/1465646492899758082
TIL about the DigitalOcean Kubernetes Challenge
TL;DR: credits and prizes to run fun k8s challenges on DO’s managed k8s offering. They have different levels, from newbies to experts (wanna play around with @crossplane? This is your chance!)
Lasts until EOY, so get in there! https://twitter.com/digitalocean/status/1460661461030780934
Introducing the DigitalOcean Kubernetes Challenge - open to all levels!
Sharpen your devops skills, learn more about CNCF projects, win prizes and have fun! See how you can participate: http://do.co/kubernetes-challenge