Eline
@eliine.dev
Platform engineer at Telenor. Friend of stuffed animals. Nagging people about #a11y since 2014. she/her
Apparently whether you say billion or milliard for 1000 millions depends on where you live.And we can thank the US for popularising the short scale, which was never widespread before its adoption in USA. Thanks America.
December 21, 2024 at 9:41 PM
Apparently whether you say billion or milliard for 1000 millions depends on where you live.And we can thank the US for popularising the short scale, which was never widespread before its adoption in USA. Thanks America.
If you are using Gateway API, have you tried out gwctl yet? It's a new CLI to help you use GW API 💁♀️
It can even generate charts of how your HTTPRoutes relate to your Gateways and GatewayClasses!
🔗 github.com/kubernetes-s...
It can even generate charts of how your HTTPRoutes relate to your Gateways and GatewayClasses!
🔗 github.com/kubernetes-s...
November 22, 2024 at 9:12 PM
If you are using Gateway API, have you tried out gwctl yet? It's a new CLI to help you use GW API 💁♀️
It can even generate charts of how your HTTPRoutes relate to your Gateways and GatewayClasses!
🔗 github.com/kubernetes-s...
It can even generate charts of how your HTTPRoutes relate to your Gateways and GatewayClasses!
🔗 github.com/kubernetes-s...
I have to break my silence. When is Pepper's movie coming to the box office, @joegran.bsky.social?
November 16, 2024 at 3:10 PM
I have to break my silence. When is Pepper's movie coming to the box office, @joegran.bsky.social?
While not technically a kubectl plugin, Popeye is another interesting one that allows you to scan your cluster for potential issues. It’s a linter for a live cluster, basically!
It can also be run as a service that outputs metrics to a Grafana Dashboard. But a terminal text UI is much cooler, no?
It can also be run as a service that outputs metrics to a Grafana Dashboard. But a terminal text UI is much cooler, no?
November 4, 2024 at 8:28 PM
While not technically a kubectl plugin, Popeye is another interesting one that allows you to scan your cluster for potential issues. It’s a linter for a live cluster, basically!
It can also be run as a service that outputs metrics to a Grafana Dashboard. But a terminal text UI is much cooler, no?
It can also be run as a service that outputs metrics to a Grafana Dashboard. But a terminal text UI is much cooler, no?
Trying to get an overview of which container image versions are in use on the cluster? Istio sidecar versions for example? kubectl images does that super easily!
November 4, 2024 at 8:27 PM
Trying to get an overview of which container image versions are in use on the cluster? Istio sidecar versions for example? kubectl images does that super easily!
When updating Kubernetes it’s useful to get some hints on which workloads are no longer supported in the next version of Kubernetes.
Kubectl deprecations will tell you which workloads will no longer work on the target version when you upgrade. It can also be run in CI before running an upgrade.
Kubectl deprecations will tell you which workloads will no longer work on the target version when you upgrade. It can also be run in CI before running an upgrade.
November 4, 2024 at 8:27 PM
When updating Kubernetes it’s useful to get some hints on which workloads are no longer supported in the next version of Kubernetes.
Kubectl deprecations will tell you which workloads will no longer work on the target version when you upgrade. It can also be run in CI before running an upgrade.
Kubectl deprecations will tell you which workloads will no longer work on the target version when you upgrade. It can also be run in CI before running an upgrade.
NetworkPolicies are great, but can be kind of tricky to debug. Cyclonus can help! It can show you the NetworkPolicies in a namespace and how they apply. Useful for getting a birds eye view of a namespace.
It can also «simulate» a request and see if it gets blocked, which is pretty cool, right? 👀
It can also «simulate» a request and see if it gets blocked, which is pretty cool, right? 👀
November 4, 2024 at 8:24 PM
NetworkPolicies are great, but can be kind of tricky to debug. Cyclonus can help! It can show you the NetworkPolicies in a namespace and how they apply. Useful for getting a birds eye view of a namespace.
It can also «simulate» a request and see if it gets blocked, which is pretty cool, right? 👀
It can also «simulate» a request and see if it gets blocked, which is pretty cool, right? 👀
The next plugin is view-utilisation. It’s a similar tool, but can help you by looking at requests grouped by namespaces.
Grouping by namespace can sometimes help you find the greatest over-commiters of resource requests!
Grouping by namespace can sometimes help you find the greatest over-commiters of resource requests!
November 4, 2024 at 8:23 PM
The next plugin is view-utilisation. It’s a similar tool, but can help you by looking at requests grouped by namespaces.
Grouping by namespace can sometimes help you find the greatest over-commiters of resource requests!
Grouping by namespace can sometimes help you find the greatest over-commiters of resource requests!
You’ll often want to optimise your cluster resource usage. In those cases there’s two plugins I find handy, the first one is resource-capacity.
It can either tell us our nodes and their status is in terms of resource requests, or list all pods on the cluster and their resource usage. Neat!
It can either tell us our nodes and their status is in terms of resource requests, or list all pods on the cluster and their resource usage. Neat!
November 4, 2024 at 8:22 PM
You’ll often want to optimise your cluster resource usage. In those cases there’s two plugins I find handy, the first one is resource-capacity.
It can either tell us our nodes and their status is in terms of resource requests, or list all pods on the cluster and their resource usage. Neat!
It can either tell us our nodes and their status is in terms of resource requests, or list all pods on the cluster and their resource usage. Neat!
The first plugin I love is kubectl tree. Like it’s literally so great for showing stuff like the generated secrets of external-secrets, ACME certificates’ orders, Argo CD appsets’ generated applications and so on.
You want this. kubectl krew install tree!
You want this. kubectl krew install tree!
November 4, 2024 at 8:22 PM
The first plugin I love is kubectl tree. Like it’s literally so great for showing stuff like the generated secrets of external-secrets, ACME certificates’ orders, Argo CD appsets’ generated applications and so on.
You want this. kubectl krew install tree!
You want this. kubectl krew install tree!
There’s also a third system that is in alpha called Falco Talon. This system allows you to react to events immediately based on rules. For example you could say that a set of rules would terminate the container immediately! Or it could run a script, do a tcpdump, cordon a node or many other things 💫
November 3, 2024 at 7:57 PM
There’s also a third system that is in alpha called Falco Talon. This system allows you to react to events immediately based on rules. For example you could say that a set of rules would terminate the container immediately! Or it could run a script, do a tcpdump, cordon a node or many other things 💫
But what to do with these events? Falco also has a system called Falcosidekick which does two things. First, it enables you to forward events to other systems, like a SIEM or PagerDuty. Second, it provides a neat UI to visualise events and stats.
November 3, 2024 at 7:56 PM
But what to do with these events? Falco also has a system called Falcosidekick which does two things. First, it enables you to forward events to other systems, like a SIEM or PagerDuty. Second, it provides a neat UI to visualise events and stats.
An example rule can be one that detects a shell being executed in a container, like this video.
Here I am executing into a container and getting the /etc/shadow file, which then generates an event in the Falco log.
Here I am executing into a container and getting the /etc/shadow file, which then generates an event in the Falco log.
November 3, 2024 at 7:55 PM
An example rule can be one that detects a shell being executed in a container, like this video.
Here I am executing into a container and getting the /etc/shadow file, which then generates an event in the Falco log.
Here I am executing into a container and getting the /etc/shadow file, which then generates an event in the Falco log.
The Falco agent is installed on a cluster where it will start listening to kernel syscalls with eBPF. This enables it to pick up filesystem events, network calls and pretty much anything.
With this info we can write rules that will generate events that we can use to detect suspicious behaviour.
With this info we can write rules that will generate events that we can use to detect suspicious behaviour.
November 3, 2024 at 7:54 PM
The Falco agent is installed on a cluster where it will start listening to kernel syscalls with eBPF. This enables it to pick up filesystem events, network calls and pretty much anything.
With this info we can write rules that will generate events that we can use to detect suspicious behaviour.
With this info we can write rules that will generate events that we can use to detect suspicious behaviour.
Kargo can also verify the deploy has gone successfully. Imagine you have a staging environment - Kargo can run a deploy there automatically, then verify it’s up and finally trigger a deploy to prod.
It uses the AnalysisTemplate CRD from Argo Rollouts that support sources like Prometheus metrics.
It uses the AnalysisTemplate CRD from Argo Rollouts that support sources like Prometheus metrics.
November 2, 2024 at 8:35 PM
Kargo can also verify the deploy has gone successfully. Imagine you have a staging environment - Kargo can run a deploy there automatically, then verify it’s up and finally trigger a deploy to prod.
It uses the AnalysisTemplate CRD from Argo Rollouts that support sources like Prometheus metrics.
It uses the AnalysisTemplate CRD from Argo Rollouts that support sources like Prometheus metrics.
Kargo also introduces a new paradigm called Freight.
Freight is the combination of artifacts like a git manifest repo and a container image version. This enables idempotency in deploys, where a container image can be promoted and reverted between multiple environments without the config changing
Freight is the combination of artifacts like a git manifest repo and a container image version. This enables idempotency in deploys, where a container image can be promoted and reverted between multiple environments without the config changing
November 2, 2024 at 8:34 PM
Kargo also introduces a new paradigm called Freight.
Freight is the combination of artifacts like a git manifest repo and a container image version. This enables idempotency in deploys, where a container image can be promoted and reverted between multiple environments without the config changing
Freight is the combination of artifacts like a git manifest repo and a container image version. This enables idempotency in deploys, where a container image can be promoted and reverted between multiple environments without the config changing
Kargo solves promotion by building a tool on top of GitOps. It doesn’t re-invent the wheel, what it does is essentially commit updates into the manifest repositories, like a new container image into a helm chart. Then Argo syncs it. In addition it provides a really nice UI for visualising this flow!
November 2, 2024 at 8:34 PM
Kargo solves promotion by building a tool on top of GitOps. It doesn’t re-invent the wheel, what it does is essentially commit updates into the manifest repositories, like a new container image into a helm chart. Then Argo syncs it. In addition it provides a really nice UI for visualising this flow!
Argo CD is amazing for deploying to Kubernetes by synchronising manifests from a manifest repo to Kubernetes, also known as GitOps. But when you need a promotion pipeline, like deploy to dev, then prod, you’re kind of on your own.
That's where Kargo comes in! (Look how cute he is! 😻)
That's where Kargo comes in! (Look how cute he is! 😻)
November 2, 2024 at 8:33 PM
Argo CD is amazing for deploying to Kubernetes by synchronising manifests from a manifest repo to Kubernetes, also known as GitOps. But when you need a promotion pipeline, like deploy to dev, then prod, you’re kind of on your own.
That's where Kargo comes in! (Look how cute he is! 😻)
That's where Kargo comes in! (Look how cute he is! 😻)
Switch to the next page in the UI and you get some pretty cute metrics too. It’s like looking into an alternate universe where Grafana was made in 1980 🍷
November 1, 2024 at 8:26 PM
Switch to the next page in the UI and you get some pretty cute metrics too. It’s like looking into an alternate universe where Grafana was made in 1980 🍷
Since it’s meant to be a container host, it boots straight into a kubernetes server running kubelet. All you have to do is to make it join a cluster.
The first thing you see when you boot up is a really handy UI that tells you what’s going on in the kubelet. Girl, look at that pretty text UI 💁♀️
The first thing you see when you boot up is a really handy UI that tells you what’s going on in the kubelet. Girl, look at that pretty text UI 💁♀️
November 1, 2024 at 8:25 PM
Since it’s meant to be a container host, it boots straight into a kubernetes server running kubelet. All you have to do is to make it join a cluster.
The first thing you see when you boot up is a really handy UI that tells you what’s going on in the kubelet. Girl, look at that pretty text UI 💁♀️
The first thing you see when you boot up is a really handy UI that tells you what’s going on in the kubelet. Girl, look at that pretty text UI 💁♀️
Being so tiny is obviously useful for scaling up new nodes quickly, so don’t underestimate that.
It’s a ground-up rewrite of the userspace, from PID 1. Everything is written in go, so super fast and super safe.
It’s a ground-up rewrite of the userspace, from PID 1. Everything is written in go, so super fast and super safe.
November 1, 2024 at 8:21 PM
Being so tiny is obviously useful for scaling up new nodes quickly, so don’t underestimate that.
It’s a ground-up rewrite of the userspace, from PID 1. Everything is written in go, so super fast and super safe.
It’s a ground-up rewrite of the userspace, from PID 1. Everything is written in go, so super fast and super safe.
Finally, Jsonnet is one of the three tools supported out of the box by Argo CD, so there is almost no friction if you already use Argo CD today.
Just add some jsonnet and libsonnet files to your existing manifest repositories and you’re off! 🏎️
Just add some jsonnet and libsonnet files to your existing manifest repositories and you’re off! 🏎️
October 31, 2024 at 8:50 PM
Finally, Jsonnet is one of the three tools supported out of the box by Argo CD, so there is almost no friction if you already use Argo CD today.
Just add some jsonnet and libsonnet files to your existing manifest repositories and you’re off! 🏎️
Just add some jsonnet and libsonnet files to your existing manifest repositories and you’re off! 🏎️
There are some clever ideas in play too. Like creating a re-usable object, then easily adding a field to an object instead of overwriting it by using the + operator. With this and the more advanced functions you can pretty much create any JSON structure you need 🪄
October 31, 2024 at 8:48 PM
There are some clever ideas in play too. Like creating a re-usable object, then easily adding a field to an object instead of overwriting it by using the + operator. With this and the more advanced functions you can pretty much create any JSON structure you need 🪄
First of all, JSON is Jsonnet. Meaning you don’t need to learn a whole new language, all JSON is valid Jsonnet and Jsonnet is essentially JSON with added functions.
Jsonnet files basically contain the JSON you want to return, so just write a JSON structure and add your data, nice and easy.
Jsonnet files basically contain the JSON you want to return, so just write a JSON structure and add your data, nice and easy.
October 31, 2024 at 8:47 PM
First of all, JSON is Jsonnet. Meaning you don’t need to learn a whole new language, all JSON is valid Jsonnet and Jsonnet is essentially JSON with added functions.
Jsonnet files basically contain the JSON you want to return, so just write a JSON structure and add your data, nice and easy.
Jsonnet files basically contain the JSON you want to return, so just write a JSON structure and add your data, nice and easy.
Once a reusable policy like the above restricting replica numbers is defined, you map it to resources using a ValidatingAdmissionPolicyBinding.
This is similar to policy engines where the policy engines can be defined, templated and re-used. Except it’s built in to Kubernetes. Neat!
This is similar to policy engines where the policy engines can be defined, templated and re-used. Except it’s built in to Kubernetes. Neat!
October 30, 2024 at 9:26 PM
Once a reusable policy like the above restricting replica numbers is defined, you map it to resources using a ValidatingAdmissionPolicyBinding.
This is similar to policy engines where the policy engines can be defined, templated and re-used. Except it’s built in to Kubernetes. Neat!
This is similar to policy engines where the policy engines can be defined, templated and re-used. Except it’s built in to Kubernetes. Neat!