Kubernetes

Kustomize is built into kubectl with -k. Great samples on kubernetes.io/docs Kustomize provides a template-free way to customize kubernetes manifests Contents: Generating resources Setting cross cutting fields Composing and customizing resources Composing Customizing Patches Images Replacements Reference In a nutshell provides 3 key features: generating resources from other sources setting cross-cutting fields for resources composing and customizing collections of resources Generating resources To generate a ConfigMap from an .env file, add an entry to the envs list in configMapGenerator. Kustomize supports other formats such as .properties. ...

The Problem You have a (headless) background worker process that needs to communicate its readiness to kubernetes. The Solution ASP.NET Core provides a decent approach to performing a series of agnostic health checks. There are hundreds of health probes available such as Network, Elasticsearch, Kafka and NpgSql. However being part of ASP.NET Core, does mean that some of these dependencies, such as Microsoft.AspNetCore.Diagnostics.HealthChecks package, will bleed into the worker as a needed dependency. The plus side is that you can avoid reinventing the wheel. ...

Trying to deploy an NGINX container to an OpenShift cluster today, ran into: nginx: [emerg] mkdir() "/var/cache/nginx/client_temp" failed (13: Permission denied) To do some investigating spun up a new Pod an attached an interactive shell using oc: oc run --rm -i -t frontend --image=artifactory.evilcorp.com/frontend:1.0.0 --restart=Never --command -- /bin/sh Indeed a quick ls -la /var/cache revealed that the nginx subdirectory is writtable by root. No good for OpenShift, which by default is non-root: ...

Kubernetes provides a neat concept for managing sensitive pieces of data, the Secret A Secret is an object that contains a small amount of sensitive data such as a password, a token, or a key. Such information might otherwise be put in a Pod specification or in a container image. Using a Secret means that you don’t need to include confidential data in your application code. Secret text is by default base64 encoded. For this reason it’s recommended that secret definitions are not published to git. ...