#kubernetes (2023-08)
Archive: https://archive.sweetops.com/kubernetes/
2023-08-10
| KCL Biweekly Newsletter | KCL v0.5.1 and v0.5.2 is out! https://medium.com/@xpf6677/kcl-biweekly-newsletter-kcl-v0-5-1-and-v0-5-2-is-out-a900ce4491e |
Has anyone tried kamus (https://github.com/Soluto/kamus) for kubernetes secrets management? How does it compare to the more mature external-secrets (https://github.com/external-secrets/external-secrets)?
great to have alternatives, one concern is the project seems not quite active
indeed!
2023-08-13
I just published a blog on medium about the landscape of configuration programming language. https://medium.com/dev-genius/the-landscape-of-declarative-configuration-55bb85d6997b Welcome to read and provide feedback
2023-08-14
2023-08-22
I just published a blog on medium about KPM and docker hub. https://medium.com/stackademic/just-4-steps-use-docker-hub-to-store-and-share-your-kubernetes-configuration-package-a18bb1e7ceb7 《Just 4 steps, use Docker Hub to store and share your Kubernetes configuration package》. Welcome to read and provide feedback
Did you combine istio service-mesh with another gateway instead using istio gateway? I already have apisix in place as api gateway with all configs, but want to introduce service mesh for mtls, and authorization policies, but really not sure what is the right way to go.
2023-08-23
Hi All! I’m using this EKS Terraform module https://github.com/cloudposse/terraform-aws-eks-cluster It hasn’t changed much but it suddenly started throwing this error:
│ Error: configmaps "aws-auth" is forbidden: User "system:anonymous" cannot get resource "configmaps" in API group "" in the namespace "kube-system"
│
│ with module.eks_cluster.kubernetes_config_map.aws_auth_ignore_changes[0],
│ on .terraform/modules/eks_cluster/auth.tf line 115, in resource "kubernetes_config_map" "aws_auth_ignore_changes":
│ 115: resource "kubernetes_config_map" "aws_auth_ignore_changes" {
Have any of you seen this? Where should I be looking to debug this
when you create a cluster using an IAM role, only that role will be able to access the cluster. Plus, the roles and users that you add to the auth ConfigMap (with diff k8s permissions) after that
the above means that the IAM role with which you create the cluster must be static, not an SSO role
2023-08-28
Hey all !!
Im working on Postgres backup job, basically i want to create a job that run pg_dump command and backup the Postgres cluster that sits on another pod in the same k8s env.
When i run that command from outside of the cluster (with nginix endpoint or port-fowrded endpoint AS the cluster endpoint) all work great, when i try to run the exec same command from the job (inside of the k8s env) it looks like it stuck with no connectivity between the cluster to the job’s pod (with k8s service/nginix as cluster endpoint), Although that telnet is working between the two.
Is someone is familiar with that issue ? maybe it something to related port types of the service??
Do you use any mesh? Can be Velero an option for you ? https://velero.io/docs/v1.9/backup-hooks/ with hooks you can do a dump before backup. can you check with telnet or ping that your pod can access the other pod ?
So ping and telnet are working fine, why do i need to use mesh ? im using k8s internal routing
@Balazs Varga have any idea ?
My guess was if you use mesh and have a wrong destination rule or config. that can cause this kind of issue. Anything in debug log?
Hi all I have a question regarding Kubernetes & Fluentd & Prometheus I’m trying to configure podMonitor to collect metrics from Fluentd pods in my cluster
this is the YAML file that I wrote, (I have changed it multiple times without success)
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: fluentd-prometheus-pm
labels:
app: fluentd-kafka-producer-pm
spec:
namespaceSelector:
matchNames:
- fluentd-procuder
selector:
matchLabels:
app: fluentd-kafka-producer
podMetricsEndpoints:
- port: metrics
path: '/metrics'
scheme: 'http'
interval: '5s'
In the Prometheus UI I see the target but I don’t see any metrics from the pods any idea what I did wrong in the configuration
when I’m exec to the pods and running curl <HTTP://localhost:24231/metrics> I’m getting the metrics
I have in my cluster prometheuse-operator, fluentd-producer (which I want to collect metrics)
Thanks
any logs were seen in the pods indicating it is sending metrics?
@Hao Wang,
yes I see the metrics when I exec to the pod and run curl http://localhost:24231/metrics.
is it the service bound on localhost only?
Not sure is it relevant, but you have misspelled the “fluentd-procuder”:
spec:
namespaceSelector:
matchNames:
- fluentd-procuder
@Igor Peric yes I know i have already fixed it in my yaml file