Introduction I have been procastinating on this for a while, and did not post since march: shame on me! Since I just rebuilt my production cluster with proxmox/talos, I took the opportunity to run some storage benchmarks to compare rook-ceph’s performance between k8s running on proxmox and k8s running on raspberry pi (version 4 wit 8GB). Read more

Introduction Update and install minikube make sure that you have the most up-to-date version installed: minikube update-check. At the time of writing it’s v1.29.0 delete any previous minikube config: minikube delete install minikube in docker on the stable version: minikube start --driver=docker --kubernetes-version=v1.26.1. Note after the initial install you only need to run minikube start since the config is sticky check that minikube is up-and-running: kubectl get nodes The output should look like this: Read more

Introduction In the last months I have been dealing with Kubernetes based (micro)services that I could not change, either because they were off-the-shelf or because they had been externally developed. In terms of observability this is a challenge, especially when application metrics are only partially available. I could have opted for a service mesh, but implementing Istio for an application composed of 20 microservices seemed quite overkill, adding a lot of complexity and cognitive load. Read more

Introduction Since the Grafana Image Renderer plug-in is not supported anymore from Grafana 7.0 some changes are required to switch to the remote image renderer, and run it as a docker container. This post goes into the details of setting-up a remote image renderer for Kubernetes, on amd64, arm/v7 and arm64. Multi-arch build The official git repo only supports linux/amd64 at this moment but there is an issue for arm-support. Read more

Introduction Whether it is from CI/CD or from the command-line, I often see the default kube-config with cluster-admin rights being used. This is like permanently working with root privileges and there certainly are more secure ways. In this post we will look into demystifying Kubernetes RBAC, and setting-up more suitable permissions for two use-cases: a CI/CD pipeline that needs full permissions on anything located in a given Namespace a reader who needs to access resources for troubleshooting purposes Concepts Roles and ClusterRoles define sets of permissions to objects at the namespace and cluster scope. Read more