Tag: security
How to avoid being logged, Kubernetes-style
So you have a K8S cluster. Its got a lovely Ingress controller courtesy of helm install stable/nginx-ingress. You’ve spent the last hours getting fluent-bit + elastic + kibana going (the EFK stack). Now you are confident, you slide the user-story to completed and tell all and sundry “well at least when you’re crappy code gets…
Accessing a service in a different namespace from a single ingress in Kubernetes
IPv4. Its rare when its public, and annoying when its private. So we try and conserve this precious resource. One of the things that makes it complex is Kubernetes namespaces. A Kubernetes Ingress controller is not namespace aware (you can’t have a shared Ingress that has services in multiple namespaces). Or can you? What if…
Lessons from the cloud: it’s not fast: it’s wide
Starting to work w/ Azure. Go to create my first Kubernetes cluster. After 15 minutes of watching the slide dots in the web, I give up. I try the CLI, same deal. This must be just me right? Wrong. This is a general observation about cloud tooling. Things are very slow because of all the…
I’m picturing a museum with 4 billion exhibits
A museum is where you go to see old technology, now retired. The steam museum, etc. Let’s get together and create an IPv4 museum. It will have 2^32 exhibits. There will be Class-A halls, class-B halls, class-C halls. I’m not sure yet how to arrange the class-D hall, maybe its everywhere and nowhere at the…
Using Azure Container Instances to expand CI?
So Azure has a ‘serverless’ kubelet concept. In a nutshell we follow virtual-kubelet instructions (except they were missing az provider register –namespace ‘Microsoft.ContainerInstance’, pull request sent). What this does is schedule Pods (which have a special annotation) to a farm of servers which are willing to accept ‘foreign’ containers (Pods). This means your Kubernetes master delegates…
