Introduction In this article we will explore how to create a sample operator using typescript and to deploy it to our cluster, the operator will be pretty dummy in the sense that it will only deploy some resources based in a CRD, but you can customize it to do whatever you might need or want, the idea is to get an idea of all that it takes to do an operator outside of the magic land of Go and kubebuilder.
Introduction In this article we will explore how webhook works in kubernetes and more specifically about the ImagePolicyWebhook, the kubernetes documentation about it is kind of vague, since there is no real example or implementation that you can get out of it, so here we will break it down to the different alternatives, in a real world scenario I would prefer to rely in OPA Gatekeeper, I’m planning to make this trip worth by adding a database and make the webhook allow or disallow images based in the vulnerability scan, for example allow only medium or lower vulnerabilities in your containers, but that will be a post for another day, if you are interested you can help in this repo, see more.
Introduction In this article we will explore how authentication and authorization works in kubernetes. But first what’s the difference? Authentication: When you validate your identity against a service or system you are authenticated meaning that the system recognizes you as a valid user. In kubernetes when you are creating the clusters you basically create a CA (Certificate Authority) that then you use to generate certificates for all components and users.
Introduction In this article we will explore different alternatives for spinning up a cluster locally for testing, practicing or just developing an application. The source code and/or documentation of the projects that we will be testing are listed here: minikube kind Kubernetes the hard way using vagrant Kubernetes with kubeadm using vagrant There are more alternatives like Microk8s but I will leave that as an exercise for the reader.
Introduction In this article we will explore how to create an operator that can prefetch our images (from our deployments to all nodes) using the Operator SDK, you might be wondering why would you want to do this? the main idea is to get the images in advance so you don’t have to pull them when the pod actually needs to start running in a given node, this can speed up things a bit and it’s also an interesting exercise.
Introduction In this article we will test how to lint and get automatic checks in our github pull requests for our terraform code using reviewdog and the tflint github action, this is particularly useful to prevent unwanted changes or buggy commits to be merged into your principal branch whatever that is. In order for this to work you just need to configure a Github action in your repo and that’s it, you don’t need to generate any token or do any extra step.
Introduction In this article we will continue where we left off the forward project last time, in this article we will use gitlab-ci to test, build and push the image of our operator to dockerhub. Gitlab offers a pretty complete solution, but we will only sync our repo from github and set a basic pipeline to test, build and push our docker image to the registry, note that I do not have any kind of affiliation with gitlab, but I like their platform.