Introduction Gatekeeper is a validating webhook that enforces CRD-based policies executed by Open Policy Agent. In a previous post, we went into details about OPA: this post superseeds it. The differences between OPA and Gatekeeper are listed here. In this post we will explore Gatekeeper and start with implementing a policy to enforce a given label to be present at the namespace level. In future posts coming soon we will implement policies as described here: Read more

Introduction Understanding Kubernetes' concepts is key to running highly available applications. This article will take you through the scenario of deploying a new version of a pod, and show how understanding the pod lifecycle and implementing a readiness probe will help you deploying new releases without downtime. Without a readiness probe Kubernetes will try to guess when your pod is ready, and then schedule traffic to it. If the pod has latency between the point-in-time when the container is running and when it can handle traffic, this will cause transactions to be dropped, a. Read more

Introduction There are lots of articles explaining what is important and what you should consider to securing your Kubernetes configurations, but I have not found that many guiding you through the steps of implementing these recommendations. And I am not talking about securing the code of the application (this is something that software engineers should be used to) or the containers (this is something for another time). These recommendations are in the realm of: Read more

Introduction While Prometheus' default architecture is scraping there may be good reasons to want to push metrics: from sources that are not reachable from Prometheus from source that are short-lived, e.g. batch jobs For such use-cases Prometheus comes with a pushgateway. When using this architecture you should be aware of the fact that the pushgateway is a single-point-of-failure. In this post we will look at implementing pushing metrics to Prometheus from a backup job running on another node. Read more

Introduction I run my workloads (blog, different apps) on my home-lab server (Proxmox) and Kubernetes, because I can. I have been working on backup as well as automated provisioning of Azure Kubernetes Service (aks) lately so I thought why not put both together and automate a disaster recovery scenario. Depending on conditions the azure provisioning time may vary but based on different tests the end-to-end process takes about 15 minutes. Read more