#kubernetes (2023-08)
Archive: https://archive.sweetops.com/kubernetes/
2023-08-10
![Xu Pengfei avatar](https://avatars.slack-edge.com/2023-09-07/5860666704338_53032b583721937d334f_72.jpg)
KCL Biweekly Newsletter | KCL v0.5.1 and v0.5.2 is out! https://medium.com/@xpf6677/kcl-biweekly-newsletter-kcl-v0-5-1-and-v0-5-2-is-out-a900ce4491e |
![attachment image](https://miro.medium.com/v2/resize:fit:1141/0*oSvApX9c_9LWSp7s.png)
KCL is an open-source, constraint-based record and functional language that enhances the writing of complex configurations, including those…
![OliverS avatar](https://avatars.slack-edge.com/2020-04-30/1107989667377_3841766be8721753183c_72.jpg)
Has anyone tried kamus (https://github.com/Soluto/kamus) for kubernetes secrets management? How does it compare to the more mature external-secrets (https://github.com/external-secrets/external-secrets)?
![Hao Wang avatar](https://secure.gravatar.com/avatar/aa01de6ab42f1576bbb56a203c660939.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
great to have alternatives, one concern is the project seems not quite active
![OliverS avatar](https://avatars.slack-edge.com/2020-04-30/1107989667377_3841766be8721753183c_72.jpg)
indeed!
2023-08-13
![Xu Pengfei avatar](https://avatars.slack-edge.com/2023-09-07/5860666704338_53032b583721937d334f_72.jpg)
I just published a blog on medium about the landscape of configuration programming language. https://medium.com/dev-genius/the-landscape-of-declarative-configuration-55bb85d6997b Welcome to read and provide feedback
![attachment image](https://miro.medium.com/v2/resize:fit:1200/0*bhsC5lnnti-eGF0o.png)
The blog is only used to clarify the landscape of declarative configuration, KCL core concept and features, as well as the comparison with…
2023-08-14
2023-08-22
![Xu Pengfei avatar](https://avatars.slack-edge.com/2023-09-07/5860666704338_53032b583721937d334f_72.jpg)
I just published a blog on medium about KPM and docker hub. https://medium.com/stackademic/just-4-steps-use-docker-hub-to-store-and-share-your-kubernetes-configuration-package-a18bb1e7ceb7 《Just 4 steps, use Docker Hub to store and share your Kubernetes configuration package》. Welcome to read and provide feedback
![attachment image](https://miro.medium.com/v2/resize:fit:1200/1*bMN1av3VwhQzP2cg9p6AIQ.jpeg)
Just 4 steps, use Docker Hub to store and share your Kubernetes configuration package
![Milosb avatar](https://avatars.slack-edge.com/2020-02-24/966891046949_8b28874492925e3ee6dc_72.jpg)
Did you combine istio service-mesh with another gateway instead using istio gateway? I already have apisix in place as api gateway with all configs, but want to introduce service mesh for mtls, and authorization policies, but really not sure what is the right way to go.
2023-08-23
![Alec Fong avatar](https://avatars.slack-edge.com/2021-05-08/2030225937975_3a228d6b7b8a03dcb491_72.png)
Hi All! I’m using this EKS Terraform module https://github.com/cloudposse/terraform-aws-eks-cluster It hasn’t changed much but it suddenly started throwing this error:
│ Error: configmaps "aws-auth" is forbidden: User "system:anonymous" cannot get resource "configmaps" in API group "" in the namespace "kube-system"
│
│ with module.eks_cluster.kubernetes_config_map.aws_auth_ignore_changes[0],
│ on .terraform/modules/eks_cluster/auth.tf line 115, in resource "kubernetes_config_map" "aws_auth_ignore_changes":
│ 115: resource "kubernetes_config_map" "aws_auth_ignore_changes" {
Have any of you seen this? Where should I be looking to debug this
Terraform module for provisioning an EKS cluster
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
check under which IAM role you are running the commands
Terraform module for provisioning an EKS cluster
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
when you create a cluster using an IAM role, only that role will be able to access the cluster. Plus, the roles and users that you add to the auth ConfigMap (with diff k8s permissions) after that
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
the above means that the IAM role with which you create the cluster must be static, not an SSO role
2023-08-28
![idan levi avatar](https://avatars.slack-edge.com/2021-10-18/2629280056609_a23e173158a977252a76_72.png)
Hey all !!
Im working on Postgres backup job, basically i want to create a job that run pg_dump
command and backup the Postgres cluster that sits on another pod in the same k8s env.
When i run that command from outside of the cluster (with nginix endpoint or port-fowrded endpoint AS the cluster endpoint) all work great, when i try to run the exec same command from the job (inside of the k8s env) it looks like it stuck with no connectivity between the cluster to the job’s pod (with k8s service/nginix as cluster endpoint), Although that telnet is working between the two.
Is someone is familiar with that issue ? maybe it something to related port types of the service??
![Balazs Varga avatar](https://secure.gravatar.com/avatar/944e59f1543dc43935bda4d7b9be7f85.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0019-72.png)
Do you use any mesh? Can be Velero an option for you ? https://velero.io/docs/v1.9/backup-hooks/ with hooks you can do a dump before backup. can you check with telnet or ping that your pod can access the other pod ?
![idan levi avatar](https://avatars.slack-edge.com/2021-10-18/2629280056609_a23e173158a977252a76_72.png)
So ping and telnet are working fine, why do i need to use mesh ? im using k8s internal routing
![idan levi avatar](https://avatars.slack-edge.com/2021-10-18/2629280056609_a23e173158a977252a76_72.png)
@Balazs Varga have any idea ?
![Balazs Varga avatar](https://secure.gravatar.com/avatar/944e59f1543dc43935bda4d7b9be7f85.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0019-72.png)
My guess was if you use mesh and have a wrong destination rule or config. that can cause this kind of issue. Anything in debug log?
![M3irf avatar](https://secure.gravatar.com/avatar/d4457235738498ace3487b0c43f09405.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0006-72.png)
Hi all I have a question regarding Kubernetes & Fluentd & Prometheus I’m trying to configure podMonitor to collect metrics from Fluentd pods in my cluster
this is the YAML file that I wrote, (I have changed it multiple times without success)
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: fluentd-prometheus-pm
labels:
app: fluentd-kafka-producer-pm
spec:
namespaceSelector:
matchNames:
- fluentd-procuder
selector:
matchLabels:
app: fluentd-kafka-producer
podMetricsEndpoints:
- port: metrics
path: '/metrics'
scheme: 'http'
interval: '5s'
In the Prometheus UI I see the target but I don’t see any metrics from the pods any idea what I did wrong in the configuration
when I’m exec to the pods and running curl <HTTP://localhost:24231/metrics> I’m getting the metrics
I have in my cluster prometheuse-operator, fluentd-producer (which I want to collect metrics)
Thanks
![Hao Wang avatar](https://secure.gravatar.com/avatar/aa01de6ab42f1576bbb56a203c660939.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
any logs were seen in the pods indicating it is sending metrics?
![M3irf avatar](https://secure.gravatar.com/avatar/d4457235738498ace3487b0c43f09405.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0006-72.png)
@Hao Wang,
yes I see the metrics when I exec to the pod and run curl http://localhost:24231/metrics.
![Hao Wang avatar](https://secure.gravatar.com/avatar/aa01de6ab42f1576bbb56a203c660939.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
is it the service bound on localhost only?
![Igor Peric avatar](https://secure.gravatar.com/avatar/97e36b2940304426d05f070a9e53f5d5.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0014-72.png)
Not sure is it relevant, but you have misspelled the “fluentd-procuder”:
spec:
namespaceSelector:
matchNames:
- fluentd-procuder
![M3irf avatar](https://secure.gravatar.com/avatar/d4457235738498ace3487b0c43f09405.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0006-72.png)
@Igor Peric yes I know i have already fixed it in my yaml file