Forem: krzwiatrzyk

Kargo - promote your application changes in a controlled (GitOps) way!

krzwiatrzyk — Sat, 28 Sep 2024 07:14:31 +0000

Simply told, Kargo will bump up your image tag reference in the git whenever new version is released.

Not simply told, Kargo is a release management tool with environment as a pipeline delivery solution (few hard to understand phrases and voule'a!)

Source: https://akuity.io/blog/why-continuous-promotion/

To continue reading, visit: https://blog.windkube.com/kargo-application/

Patch your servers! It's time of regreSSHion

krzwiatrzyk — Wed, 03 Jul 2024 06:39:52 +0000

OpenSSH CVE-2024-6387 vulnerability allows to perform an unauthenticated RCE that grants root access to the host machine.

Template Kubernetes manifests with dynamic data using Gomplate functions

krzwiatrzyk — Tue, 28 May 2024 06:39:44 +0000

TL;DR:

TargetGroupBinding AWS Load Balancer Controler custom resource requires TargetGroup ARN to be specified
TargetGroup ARN includes a random ID at the end of ARN to uniquely identify a target group — like:

arn:aws:elasticloadbalancing:eu-west-1:<account-id>:targetgroup/<target-group-name>/ba7a3694de41e946

To deploy multiple TargetGroupBindings user is forced to copy & paste TargetGroupARNs from AWS
Gomplate functions can use TargetGroupName to TargetGroupARN mapping from AWS and template Kubernetes resources in git
GitHub Actions can be used to automatically prepare a PR if new manifests are supplied or TargetGroup will be recreated on AWS

To learn how to implement that, read the full story:

https://blog.windkube.com/template-kubernetes-manifests-with-dynamic-data-using-gomplate-functions/

Kubernetes Headless Service

krzwiatrzyk — Sat, 02 Oct 2021 08:27:37 +0000

What is a headless service?

A headless service is a Kubernetes Service without ClusterIP.

What is the difference between headless service and normal service?

First, let's see the differences between headless and headful service.

NOTE: Originally, there isn't something like "headful" service in Kubernetes nomenclature. It is used in this article to differentiate services.

After creating both services, it is visible that ClusterIP was not set for headless service.

I have 3 containers (called test-*) that will be included in headless and headful services.

First, let's check (with usage of dnsutils pod) what addresses will be returned from DNS for particular services.

Can you see the difference? If ClusterIP is set, then only one IP address is returned in answer, thus load balancing is done by the cluster itself. However, if ClusterIP is empty, addresses of all available endpoints are returned, allowing the application to know and decide which target instance to connect to.

Another approach with StatefulSets

With StatefulSets you can achieve the same behavior as with headless service by specifying spec.serviceName field (headful or headless, doesn't matter).

I have created a StatefulSet with 3 pods (test-*).

And pointed a headful service in the spec.

Now, it is possible to resolve specific pods in this service (this is not normally possible).

That's great, you can create an application that can connect to particular instances by name of the pod.

Drawback? Somehow, your client must know how many instances of the target application are there.

Headless service with StatefulSet

If StatefulSet has specified spec.serviceName field and targeted a headless service, then DNS discovery can be used for getting the number of instances available (i.e. 3) and then using the above solution to connect (i.e.: test-0.headful, test-1.headful, test-3.headful).

Where this is useful? One of the best examples is Kafka, where sometimes a particular topic's partition leader is on a different broker than the application connected to. Check the diagram below.