Tag: security
Azure Kubernetes Service (AKS): batteries not included
The difference between Azure AKS and Google GKE is stark. GKE just worked. Single sign on, login, create cluster. It walked me through a couple of questions (how many nodes, what size of node). A minute or so later it was done. Azure. Still working on it. Attempt 1. Use the web interface. Now, it…
Navigating the restrictions of CI and Bazel
Working on a tool called ‘envoy‘. Its a proxy server that’s at the heart of Istio. And its build process is a tool called ‘Bazel‘. I’ve been having some battles with Bazel. First it ate my laptop (well not literally, but it uses more resources than the laptop has. The laptop has 2C4T w/ 16GB,…
Should I use my CI pipeline to do continuous delivery? A controversy!
I’m using Gitlab, and one of the things they promote is Auto-Devops. In a nutshell, you use the Gitlab-CI as your means from start to finish, starting w/ an idea, through code, unit-test, address-space-tests, dynamic-tests, thread-tests, license-checks, lint, code-format, static scans, … all the way until it lands on a running server somewhere for your…
Endoscope: snoop around inside your Kubernetes pods
Today I ‘released’ endoscope. This is a tool that solves a couple of ‘simple’ problems: I have a running container in Kubernetes. I wish I could have a shell inside it that is root, but also with a bunch of tools like gdb or ptrace. My container doesn’t allow root or ptrace. I don’t want…
Changing the size of a persistent volume in Kubernetes 1.10 on GKE
In Kubernetes v1.11 you can resize persistent volume claims. Great! Sadly, Google has not rolled this out to us great unwashed yet (its available to early-adopters or for everyone on alpha clusters), we are on v1.10. Side note: Docker registry. One of the most commonly asked questions is: how do I delete or clean up?…