• JSON Schema for custom Kubernetes objects Jan 22, 2020

    A large fraction of DevOps work is writing manifests, most often in YAML. This format is easy to read by humans, but challenging to form correctly. It is ubiquitous, but there may be better options.

    JSON Schema is vocabulary that allows you to…

  • Patching GitLab jobs with Admission Controller Jan 10, 2020

    GitLab CI Runner with Kubernetes executor is a service that can run CI jobs by creating kubernetes Pods. The Runner itself has limited configuration and most of the config is abstracted by Runner Helm Chart.

    Many Kubernetes features cannot be used…

  • Kubernetes by Parts: Controllers (5) Dec 23, 2019

    So far we have deployed a highly available kube-apiserver backed by etcd and we verified we can connect to the API with highest privileges.

    As kube-apiserver’s purpose is to be a REST API wrapper of etcd and handle authentication and…

  • Kubernetes by Parts: kube-apiserver (4) Dec 22, 2019

    In the previous chapters we set-up a highly available etcd cluster with three members. Kube-apiserver is a REST API built on top of etcd, with a solid authentication and authorization layer. To illustrate a point about availability, we will only…

  • Kubernetes by Parts: etcd cluster (3) Dec 21, 2019

    etcd is a distributed key-value store. Kubernetes uses it for persisting all cluster data. (Not to be confused with application data, which is a different concept.) Kubernetes might as well be backed by a relational database such as PostgreSQL, or…

  • Kubernetes by Parts: Certificate Management (2) Dec 20, 2019

    Kubernetes and the supporting components rely heavily on TLS for security. In this chapter, we will explain the architecture, create multiple certificate authorities and issue all server and client certificates.

  • Kubernetes by Parts: Intro (1) Dec 19, 2019

    This tutorial builds on the legacy of Kubernetes The Hard Way by Kelsey Hightower. While KTHW is a great resource, it’s aging and not using many new Kubernetes features which make manual cluster deployment both easier and more robust.


  • Simulating negative-lookahead in regular expressions Sep 28, 2019

    Task: rewrite a regular expression with negative-lookahead to a regular expression without any negative-lookahead, while matching the same strings.

    Algorithm in pseudo code:

    Write an expression RE with negative lookahead groups
    For all negative…
  • Reconciler in kube-apiserver Sep 25, 2019

    When deploying a cluster manually, you may have noticed --endpoint-reconciler-type option on kube-apiserver.

    The official documentation offers little help:

    --endpoint-reconciler-type   string     Default: "lease"
    Use an endpoint reconciler…
  • Introducing kubectl-repl Sep 19, 2019

    Wrap kubectl with namespace and variables. Run commands in current namespace without copy and pasting all the time!

    kubectl-repl demo

    Almost any kubectl interaction consists of those steps:

    1. Inspect the current state of a certain object in a given namespace and…
  • Tips for passing Certified Kubernetes Administrator (CKA) exam Sep 18, 2019

    Contrary to many reports [1][2][3][4], the exam is very adequately timed. There are many questions with lower grading that you should be able to solve in a matter of minutes. In fact, I had to double check the exam info on multiple occasions to…