Penny dropped - why is my job immutable ?
I'm tinkering with kube-bench at present, and wanted to deploy it as a Kubernetes Job using the job.yaml that's included with the repo.However, my custom-built kube-bench image is stored in a private...
View ArticleNew day, new Docker, new capability - image scanning
Whilst I was upgrading some of my Ubuntu boxes the other day, I noticed a new plugin - docker-scan-plugin - in the list of things being upgraded.A quick Google brought me this: -Vulnerability scanning...
View ArticleWow, SSHD on Synology - fun and games
Having created a new user on my Synology DS414+, I was trying/failing to SSH using a non-admin user, via the command: -ssh hayd@diskstationI kept getting asked for a password, even though I was...
View ArticleDebugging Kubernetes - some things for me to remember ....
Just making a few notes of things to which I need to refer back on a frequent basis ...Firstly, debugging kubelet when it's running as a systemd service on Ubuntu ....journalctl -u kubelet -f-- Logs...
View ArticleKubernetes - debugging the API Server - and there's more
Whilst trying to work out why my Kubernetes API Server ( kube-apiserver ) was crashing n' burning every 8-10 minutes, I found a few more useful things at which to look ...kubectl get...
View ArticleTinkering with containerd on Linux - "cannot delete a non stopped container"
I'm getting to grips with containerd as an alternate container runtime, having spent much of the past 5 years tinkering with docker etc.I'm using an IBM Cloud Virtual Server to do this work, which is...
View ArticleGrubbing about with Grub on Ubuntu 20.04
Whilst updating my Ubuntu 20.04 virtual machine ( actually an LPAR running on an IBM z/15 box ) : -apt-get update && apt-get --with-new-pkgs upgrade -y I saw this.../usr/sbin/update-grub: not...
View ArticleToday I learned ... when is Bash not Bash ?
Having written Bash ( Bourne Again Shell ) scripts for the longest time, I couldn't quite work out why some things that worked on my Mac did NOT work on my colleague's Mac, even though he was using my...
View ArticleCalico Node, more like Calico No
I spent a happy few hours over the weekend, trying to work out why my Kubernetes 1.21 cluster wasn't behaving as expected.I was seeing a bunch o' weirdness whereby certain pods weren't able to access...
View ArticleGah, again with the ImagePullBackOff
So, following on from this: -Gah, ImagePullBackOff with Calico CNI running on KubernetesI was again seeing this: -kube-system calico-node-lxmk4 0/1 Init:ImagePullBackOff...
View ArticleKata Containers and Ubuntu Linux - lessons learned - 1/many
This is the first of a few consecutive posts about my recent experiences with Kata Containers and Ubuntu, running on various platforms including my Mac ( via VMware Fusion 12 ).I'm building up a list...
View ArticleClik here to view.
Kata Containers and Ubuntu Linux - lessons learned - 2/many
Following on from Kata Containers and Ubuntu Linux - lessons learned - 1/many here's another one ...Testing the Kata Containers 2.0 runtime environment was failing, again using Ubuntu 20.04 on VMware...
View ArticleKata Containers and Ubuntu Linux - lessons learned - 3/many - a WIP
Following on from: -Kata Containers and Ubuntu Linux - lessons learned - 1/manyand: -Kata Containers and Ubuntu Linux - lessons learned - 2/manyhere's one I've yet to solve ....Having overcome the...
View ArticleKata Containers and Ubuntu Linux - lessons learned - 4/many
Building on the series: -Kata Containers and Ubuntu Linux - lessons learned - 1/manyKata Containers and Ubuntu Linux - lessons learned - 2/manyKata Containers and Ubuntu Linux - lessons learned -...
View ArticleBuilding Kubernetes on Linux on IBM Z - it's a matter of trust ...
One of my colleagues saw an interesting issue when trying to build a new Kubernetes cluster on an Ubuntu Linux environment ( on IBM Z ).For the record, we're running Kubernetes inside Ubuntu...
View ArticleInspecting certificates using OpenSSL and a variant of grep
In the context of: -Building Kubernetes on Linux on IBM Z - it's a matter of trust ...today I learned (TIL) that one could use egrep to examine x509 certificates: -echo | openssl s_client -connect...
View ArticleNow that I did not know - using pushd and popd to navigate the Bourne Again...
Further tinkering with Kata Containers etc. led me here: -Install cri-toolsYou can install the cri-tools from source code:$ go get github.com/kubernetes-incubator/cri-tools$ pushd...
View ArticleClik here to view.
Apple Remote - tell the telly to turn the heck off !
One nice feature of the Apple TV ( I have a couple of 'em ) is that they can turn the HDMI-attached TV on when you hit the [Menu] button on the remote ... which is nice ....But, of course, there's no...
View ArticleWrangling Kubernetes using crictl
I needed to find a way to remove a bunch of NotReady pods from my K8s 1.21 cluster, on both the Control Plane and Compute Nodes.Simples, use crictlA useful StackOverflow post - Master not pods in...
View ArticleClik here to view.
Why won't Kubernetes kubelet come up ?
After an unscheduled reboot of the VMs that host my K8s cluster, I was struggling to work out why the kubelet wasn't starting properly.I ran systemctl start kubelet.service to start it and then...
View Article