Kubernetes

Today I learned about Cilium network policies. These are much easier to implement than normal network policies because there are some tools available when creating the cilium policies. Network policies were probably my weakest Kubernetes skill and I tended to avoid them. But now I’m exposing some apps to the internet in my homelab and I’m forced to think about security and what would happen if a hacker managed to get root privileges in a container even though I implemented strict security contests and enabled privilege escalation. ...

App Gateway It has App Gateway in the name, but it is an entirely new solution. The App Gateway is the only thing it has in common with Azure Application Gateway. Resources Two types of resources. Azure resources and k8s resources. The App Gateway for Container is an azure resource which listens to changes in k8s resources through the ALB controller. AGWFC is the control plane. ...

In this video I installed Prometheus and Grafana using helm and studied k3s networking. My goal was to make Grafana approachable via ingress using a fake domain and after a bit of tinkering it worked. installed prometheus and grafana with kube-prometheus-stack helm chart reflected on why I use k3s gained understanding of k3s loadbalancing solution configured /etc/hosts file to resolve to fake domain configured k3s ingress to use fake local domain struggled with ingress but figured it out in the end successfully made grafana UI available on fake local domain grafana.homelab.nl Links: 202312261012 ...

This is the first video of my homelab series. I set up the repo for my project and do the initial installation of k3s on an old laptop I had lying around. I had a k8s cluster installed on there with kubeadm which I needed to clean up first. ...

This is a super useful tool to list, download and upload Grafana dashboards as json. Currently using this to occasionally take extra-extra backups of my Grafana creations https://software.es.net/gdg/ Links: 202312301612

In this blog post, I want to share with you how I set up secrets management for my home lab. I use my home lab to explore new technologies, but I also try to keep it in line with the practices I would use when setting up environments for clients. I focus on Microsoft Azure and the ecosystem they provide for cloud native applications. Secrets management is an important aspect of any cloud-native application, as it allows you to securely store and access sensitive information such as passwords, tokens and certificates. ...

In this video I’ll show you how to view your Strava data in Grafana by doing the following steps: creating an application in Strava installing the Strava plugin in Grafana adding the Strava data source importing dashboards exploring data and creating custom dashboard Links: 202312250812 ...

In this video I’ll be installing Prometheus and Grafana in a Kubernetes cluster running in Rancher Desktop on my MacBook. There are many options available out there but this is the easiest one I found to get up and running quickly. helm repo add prometheus-community https://prometheus-community.github.io/helm-charts helm repo update helm install prometheus-stack prometheus-community/kube-prometheus-stack --namespace=prometheus-stack --create-namespace ...

Watched this very insightful talk on microservice architecture. Some things I learned: microservices should be autonomous: they should have minimal dependencies on other microservices if they have dependencies they should only be 1 layer deep a microservice should not be calling another microservice which calls another microservice dependencies can be reversed by pushing data towards the service for example: a pricing database can be dumped and pushed to a catalog service once a day data duplication is not a sin Another powerful point he made is that the architecture is a reflection from the organization’s structure. He explained that the company was organized in teams and that managers of teams were promoted based on the amount of people they managed. This meant that managers were making up services which needed people to build them, which led to a proliferation of services and dependencies. ...

Are you currently working with containerizing older Java or .NET applications? From Kubernetes 1.29, the default cgroups implementation on Azure Linux AKS nodes will be cgroupsv2. Older versions of Java, .NET and NodeJS do not support memory querying v2 memory constraints and this will lead to out of memory (OOM) issues for workloads. Please make sure that your older containerized applications are compatible with cgroupsv2 or you might be in quite some pain in the future. ...