kpexec is a kubernetes cli that runs commands in a container with high privileges. It runs a highly privileged container on the same node as the target container and joins into the namespaces of the target container (IPC, UTS, PID, net, mount).

Hello and welcome to my little Kubernetes on Hetzner tutorial for the first half of 2021. This tutorial will help you bootstrapping a Kubernetes Cluster on Hetzner with KubeOne.

There is concept called "Event Sources" in Falco, these "Event Sources" defines where Falco can consume events, and apply rules to these events to detect abnormal behavior.

Our clients tend to ask us: “Can we have a cheaper alternative to Amazon RDS?”, “Wouldn’t it be awesome to have something like RDS not just in AWS…”. Well, to meet their needs and implement an RDS-like managed solution in Kubernetes, we took a look at the current state of the most popular PostgreSQL operators: Stolon, Crunchy Data, Zalando, KubeDB, StackGres. We compared them and made our own choice.

Replicated Troubleshoot is a framework for collecting, redacting, and analyzing highly customizable diagnostic information about a Kubernetes cluster. Troubleshoot specs are created by 3rd-party application developers/maintainers and run by cluster operators in the initial and ongoing operation of those applications.

Luckily Kyverno is also able to generate objects, like secrets. So the following policy is going to clone the secret under the default namespace to any newly created namespace.

New users to GitOps and Argo CD are not often sure how they should structure their repos, add applications, promote apps across environments, and manage the Argo CD installation itself using GitOps.

Sloth generates understandable, uniform and reliable Prometheus SLOs for any kind of service. Using a simple SLO spec that results in multiple metrics and multi window multi burn alerts.

After the experience of the service level operator and Asadito, I wanted something similar and to be available for everyone, and like everything that I develop in my free time, OSS.

Let’s Encrypt is well-known for issuing certificates that are valid for only 90 days. Since the very first certificates issued by Let’s Encrypt’s infrastructure, those certificates have been given a 90 day validity period by our CA software by taking the issuance time and adding exactly 2,160 hours to yield the certificate’s “not after” date. However, RFC 5280 defines the validity period of a certificate as being the duration between the “not before” and the “not after” timestamps, inclusive. This inclusivity means that Let’s Encrypt’s certificates have all been actually valid for 90 days plus 1 second.

I once worked for a company where they managed to create about half a million subversion commits in just 2 or 3 years, with about 3 developers working on it. I’ll leave it as an exercise to guess how they managed to do that :-)

If you’re a graduate interviewing for a software job and wondering what a typical day is like, here’s some notes from what I did last Tuesday. It was a pretty typical day.

KTail allows you to tail multiple pods in one view. It automatically detects updates and attaches to new pods. Configurable highlighters show how often regular expressions matched and let you quickly navigate in the results.

Today I had the pleasure of releasing Prometheus 2.28 in my function as a member of the Prometheus Team. While there are many changes in this release, let's take a look at some of the most relevant new features for users:

There are various similar guides on other sites, but many of these guides were partially incomplete, so I’ve tried to write the most complete guide as possible, which can be used by paranoid users like me.

Brave is a chromium based browser, which comes with a built-in adblocker and with a “rewards” program, that is supposed to make you earn money. But the relevant part today is that Brave is advertised as a “private browser by default”.

KRunner Cheatsheet

Alle sitzen vor der Glotze, irgendwo vor einer Bar. Warten auf Tore bei der Fußball-Europameisterschaft. Und dann geht der Fernseher aus. Das ist fies. Und lustig. Vielleicht war unser Netzbastler Moritz Metz in der Nähe.

Internet-in-a-Box brings the power of a free Digital Library of Alexandria into the hands of any school, hospital, or community worldwide.

This blog post is about an experiment to automate creation of Kubernetes Network Policies based on actual network traffic captured from applications running on a Kubernetes cluster.