/series/k8s/ Recent content in k8s on Georg Pauer Hugo -- gohugo.io en-us Thu, 14 Nov 2024 00:00:00 +0000 /posts/argocd-ingress-processing/ Thu, 14 Nov 2024 00:00:00 +0000 /posts/argocd-ingress-processing/ I usually enjoy ArgoCD and deployments via Helm charts. Just sometimes an unexpected behaviour pops up. In my case the ingress deployed via a helm run by ArgoCD were stuck in status progressing. Meanwhile the ingress where there, from k8s perspective (kubectl get ing was all fine). Ingress in progressing causes the ArgoCD application to stay in status progressing. This tends to mask other errors. Let’s deep dive into the issue… /posts/k8s-stalk/ Wed, 14 Aug 2024 00:00:00 +0000 /posts/k8s-stalk/ Today I learned about stalk, a CLI tool to watch a set of Kubernetes resources. Was quite handy to figure out a race condition where two operators overwrote the same resource. (This should never have happened, but this is another story.) stalk GitHub link /posts/k8s-security-learning2/ Fri, 26 Jul 2024 00:00:00 +0000 /posts/k8s-security-learning2/ More resources to have fun with kubernetes from a security point of view and for learning: challenges If you had fun with the Damn Vulnerable Web Application (DVWA), there is something equivalent for Kubernetes from Madhu Akula: Kubernetes Goat. You can also deploy your own playground. K8S lan party seems also quite promising. (from Wiz) tooling offensive Peirates is a bit alike a (still lightweight) Metasploit (payload) for k8s. One “batteries included” binary. /posts/k8s-deleting-stuck-namespaces/ Tue, 25 Jun 2024 00:00:00 +0000 /posts/k8s-deleting-stuck-namespaces/ When you create and delete resources and according objects in a namespace in your kubernetes cluster, you might just want to delete your namespace after your tests: kubectl delete ns test stuck namespace When namespace deletion seems stuck in a Terminating status, check if there are any object left over in your namespace: kubectl get all -n test for CRD you need to check for each type: kubectl api-resources --verbs=list --namespaced -o name | xargs -n 1 kubectl get --show-kind --ignore-not-found -n <terminating-namespace> (I found this snipped and also hints for the API calls here) If all is clean, but the namespace is stuck in Terminating, check (kubectl get ns test -o yaml) for Finalizers. /posts/k8s-network-policies/ Sat, 27 Apr 2024 00:00:00 +0000 /posts/k8s-network-policies/ What a shame that I was writing my Kubernetes Network Policies mostly by hand until now. There is this handy graphic interactive editor available. To bad it doesn’t support reading a netpol as input. Sometimes a visualization helps debugging. Network policies won’t provide the visibility you can achieve with a mesh network (e.g. Istio/linkerd/Consul ) regarding attempted policy violations. But sometimes all you want is the separation. This provides it the easy way. /posts/observability-cloudland-2023/ Wed, 09 Aug 2023 00:00:00 +0000 /posts/observability-cloudland-2023/ Cloudland this year was quite some time ago, but better late then never: Michael Friedrich spoke about Observability for Efficient DevSecOps Pipelines. While there is (obviously) some GitLab promotion, some issues to me seem common with other pipelines: slow pipelines unnecessary blocking/sequentiality missing cache for common transferred static data container registry, blobs, external artefacts observability principles need to be applied to CI/CD pipelines, too. telemetry! Don’t try to do everything in one step. /posts/iger2023/ Fri, 21 Jul 2023 00:00:00 +0000 /posts/iger2023/ The IGER is running 🎉 quite some art 😊 inspiring “how to data fusion” discussion at the hackcenter presented Schlanke OCI Container (GER) (recording) and a lightning-talk about Marp WOC 💛 forging!! also: visiting this heritage site update: the Hands-Free Coding in 2023 talk was very good. /posts/gpn21/ Thu, 15 Jun 2023 00:00:00 +0000 /posts/gpn21/ recordings from GPN21 are online. (Already enjoyed From 0 to Kubernetes, Modern Observability .. LGTM Stack, buffer overflow, Seitenkanalanalyse der SHAKE-Funktion in CRYSTALS-Dilithium, mit Mathematik API übernehmen - more to follow 😀 ) O-Auth intro /posts/k8s-security-learning/ Fri, 04 Nov 2022 00:00:00 +0000 /posts/k8s-security-learning/ on hackingkubernetes you can get the first half of the ORlly book “Hacking Kubernetes”, so the pod & runtime specific part, as well as supply chain related: controlplaneio/simulator - simulator setup for creating environments, where you can try attacking and debugging k8s (a bit AWS specific) /posts/rc3-nowhere-suggestions/ Sun, 09 Jan 2022 00:00:00 +0000 /posts/rc3-nowhere-suggestions/ from rC3 nowhere: Kubernetes security (more recordings at media.ccc.de: algebra in “Math for Hackers”, some more security relevant stuff, social, infrastructure and so much more) /posts/packagingcon/ Thu, 25 Nov 2021 00:00:00 +0000 /posts/packagingcon/ PackagingCon videos are released 🎉 - my suggestions are How Helm, The Package Manager For Kubernetes, Works and An Invitation to Order-Theoretic Models of Package Dependencies /posts/kubeinvaders/ Mon, 07 Jun 2021 00:00:00 +0000 /posts/kubeinvaders/ for everyone who want´s to play around with k8s, chaos engineering in a gamified way