Kubernetes Operations Console

A client to interact with the Kubernetes cluster

Recent Uploads

KeyCloak : A Brief Introduction to OAuth 2.0, OpenID Connect, SAML 2.0. and JWT(Part-1)...

In this article we are going to get a brief introduction to the standards that enable us to integrate web applications securely and easily with Keycloak. This blog will give we a gentle introduction without going too much into detail. Even if we are new to these standards, we may still want to skim through them. Authorizing applicatio

-n access with OAuth 2.0 OAuth 2.0 is by now a massively popular industry-standard protocol for authorization. At the core of OAuth 2.0 sits the OAuth 2.0 framework, which enabled a whole ecosystem of websites to integrate with each other. Prior to OAuth 2.0 there was OAuth 1, by sharing user credentials to allow thirdparty applications to access data on behalf of the user, but these approaches were complex or not easily interoperable. With OAu...

ARM64 based Graviton worker node in EKS and run Postgres cluster using statefulset...

I am writing this blog in series as covering everything in one blog is difficult. In this blog we will see some encouragement to move to ARM64 along with a proof-of-concept (poc) of running Postgres Cluster on ARM based Graviton ec2 in aws cloud. We will proceed through the running of multi-architecture Docker images to leverage the

- latest AWS Graviton2 processors. The AWS projected performance and pricing advantages over the latest generation of AWS x86–64 instances are too impressive to ignore. In the next blog will show you performance numbers on using postgres with ARM64 compared with AMD64, as AWS suggests will have 40% performance improvement after migration with 20% less cost https://aws.amazon.com/blogs/containers/eks-on-graviton-generally-available/ and another b...

Kubernetes Keycloak : Add admin console url...

After creating the Keycloak application on aws eks seems some additional stuff is required to get Admin Console. Before discussing the issue, let me give you below the links in order to create and run keycloak application. I am using steps defined in the below codecentric helm repo for installing the application. Download the values.y

-aml and make changes related to ingress. I'll update the values.yaml and club all my changes but meantime below is the flow to override the default behavior. helm-charts/charts/keycloak at master · codecentric/helm-charts (github.com) After installing the chart as you can see the URL asks me to connect localhost to create admin user. Below are the changes that are required in statefulset for my keycloak:- kubectl edit statefulset...

unsupported Kubernetes version (Service: Eks, Status Code: 400, Request ID) but its actually eksc...

Firstly, sorry for the misleading error code as this forced even me to scratch my head and spend a few hours in order to figure out the confusion around "CloudFormation" always leading me to the error below:- 2022-01-27 17:56:55 UTC+0530ControlPlaneCREATE_FAILEDResource handler returned message: "unsupported Kubernetes version (Servic

-e: Eks, Status Code: 400, Request ID: aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa, Extended Request ID: null)" (RequestToken: aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaa, HandlerErrorCode: InvalidRequest) I found it surprising that there wasn't a single google result revealing the actual cause of this error and by hit and trial method I have come up with a solution. The below document does not tell anything about this issue, as it was last updated a long tim...

Unable to create ArgoCD application, Error: manifest does not contain a layer with mediatype appl...

We are utilizing ArgoCD for Gitops and everything works fine and the application is getting created with docker images stored in the ECR repository. But when we create an application using OCI enabled helm ecr repository in ArgoCD we face issues. The version of ArgoCD is v2.0.5. This is the command that I use to create an appli

-cation in the ArgoCD using a helm chart stored in the OCI registry as a source. argocd repo add oci://accountid.dkr.ecr.us-east-1.amazonaws.com --type helm --name mychart --enable-oci --username AWS --password $(aws ecr get-login-password --region us-west-5h) Unable to create application: application spec is invalid: InvalidSpecError: Unable to get app details: rpc error: code = Unknown desc = helm chart pull accountid.dkr.ecr.us-west-1.ama...

pgAdmin hosting on the Kubernetes and design advantages...

pgAdmin 4 is a free open source graphical management tool for PostgreSQL. This article will help you to understand the advantages of hosting a pgAdmin application as a web application in your Cloud environment and the steps involved on how to install pgAdmin on Kubernetes using Helm Chart. For documentations on pgAdmin visit the official

- website. My web application developers required access to the Postgres database server for some development activity and same time I am concerned about the security of our database from in-house and externally as opening up a database port to the internet is always a terrible idea. Developers set up PGAdmin in several ways who need quick access to debug databases running on the Kubernetes cluster in Cloud. I solved this problem by deployi...

Helm Push/Pull Error: scheme "OCI" not supported...

There are a few issues reported by the developers when storing Helm charts in AWS ECR. Common errors occur when they are using the old version of the Helm chart. below is one of the many scenarios and others can be solved by just updating the Helm chart. In case you would like to know what is OCI and how to install add charts into

- the ecr repo please visit my other blog Helm OCI based charts into AWS ECR and OCI feature Case 1: When I run |helm push/pull| on a chart stored in ECR below is the error:- helm pull oci://accountid.dkr.ecr.us-east-1.amazonaws.com/mychart --version 1.1.1 Error: scheme "oci" not supported Now let's check the version of the Helm chart installed on your local machine $ helm version version.BuildInfo{Version:"v1.1.1", GitCommit:"aaaaa...

Helm OCI based charts into AWS ECR and OCI feature...

We are using AWS ecr for storing our application images and the AWS ecr support of Open Container Initiative (OCI) artifacts for Helm has greatly boosted the development effort on our Helm charts. This article will show you how to create, push and pull helm chart into the AWS ecr repository. Also will showcase if you face any error relat

-ed to ocr what necessary steps you need to take in order to resolve it. For more information on documentation on this feature, you can visit on AWS blog https://aws.amazon.com/blogs/containers/oci-artifact-support-in-amazon-ecr/The Open Container Initiative (OCI), an open-source community for creating open standards around containers. This is a community standard for how image artifacts should look. For more information on OCI, please visi...

How to avoid Helm warning due to config permissions...

When a developer working on Kubernetes he/she generally forgets to secure the Kubernetes config file that contains the cluster tokens of environments that can be sensitive. So if you are seeing the below warning from helm chart you are one of them:- WARNING: Kubernetes configuration file is group-readable. This is insecure. Locati

-on: /home/mukesh/.kube/config WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /home/mukesh/.kube/config Reason for the above warning: Your ~/.kube/config should only be readable by you. Use chmod to change the file's read/write permissions. Check the group permissions by running below command:- mukesh@CXS-MukeshK:pgadmin$ ls -al ~/.kube/config -rw-r--r-- 1 mukesh mukesh 53732 Jan 6 16:02 /home/mukesh/...

GitOps using ArgoCD with Azure git repository...

To learn more on ArgoCD you can visit documentation by clicking the link https://argo-cd.readthedocs.io/en/stable/ Let us start by generating the PAT for Azure Git Repository, please follow the below steps:- A personal access token (PAT) is used as an alternate password to authenticate into Azure DevOps. Learn how to create, us

-e, modify, and revoke PATs for Azure DevOps. Sign in to your organization in Azure DevOps (https://dev.azure.com/{yourorganization})From your home page, open your user settings, and then select Personal access tokens.And then select + New Token.Name your token, select the organization where you want to use the token, and then choose a lifespan for your token.Select the scopes for this token to authorize for your specific tasks.When you're done...

Let's Encrypt CN = R3: Certificate has expired or is not yet valid....

Manually Renew Let's Encrypt Certificates via CLI I work with a series of Kubernetes clusters that are restricted to public access via Mutual authentication and encrypted using Let’s Encrypt certificates. Normally, when renewal is required, this process is automatically done for you. But somehow on one of my dev eks clusters configu

-red without autorenewal cert manager deployment. The process of autorenewal is straightforward. But the challenge is difficult to recall when it is required in urgent mode. therefore I am writing this for all those who are like me who need a blog to keep it handy in time of need. So here we go... Below screen rings the bell or we can write a script to verify the near expiry certificates in question:- Now we know what is the applicat...

Kubernetes Operations Console...

We need a framework using which we can build and manage a Kubernetes Cluster. When it comes to building a Kubernetes cluster, Kos Console provides you templates to choose from. Running a Kubernetes application(small, mid or big) there are lots of things that you need to know before migrating application to Kubernetes but

-if you are using Kos Console you just need to run functions provided in Kos Console and the rest of the important things are already taken care based on industry/community best practice. Kos Console helps interact with Kubernetes Cluster by just selecting various functionality already integrated to it and when you build something new(in any programming language) it is a matter of a few steps to integrate them with Kos Console. Kos Console h...

My Big Data solution using AWS services......

Goal A global advertising agency that manages marketing for different customers in Asia, Europe and US required the solution on development of a Big Data platform. The company data analysts required a Big Data solution to run their models, reports and development effort can be handled by their own IT Team. The company is looking for r

-ecommendations on how to setup the Big Data Platform that will allow them to analyse trends and patterns over time across different clients. They would need a presentation layer to provide reporting capabilities to individual clients on only their specific data. Therefore, the main goal of this document is proposing a solution for IT team, Analyst and other stake holder so that it can be managed flexible, elastic, fault-tolerant, cost-efficient, ...

Part -2: Operators teach Kubernetes how to simplify stateful application......

I hope you have enjoyed my first article(link below) on Operator extension and Kubernetes Introduction. Now level up to this series another article where I'll show case a Kafka operator and the Operator capabilities on Kubernetes to achieve a stateful behaviour. In case you miss first article here is the link. https://ammozon.co.i

-n/headtohead/?p=601 Now let's jump on Operator, If we want to understand the Operator we first need to have an understanding of CR(Custom Resource) and CRD(Custom Resource Definition). Kubernetes API use store an object using API endpoints and a Custom resource(CR) allows you to create your own API object. Means CR allows you to extend Kubernetes capabilities by adding any kind of API object useful to your resource. CRD is just what we use to...

Operators teach Kubernetes how to simplify the stateful application......

This is the first article to a series of articles to showcase how we use Operator that can leverage Kubernetes to create a stateful application such as Kafka Cluster. An Operator is a way to package, run, and maintain a Kubernetes application. An Operator builds on Kubernetes to automate the entire lifecycle of the software it manages

-. Because Operators extend Kubernetes, they provide application-specific automation. Before we begin to describe how Operators do these jobs, let’s define a few Kubernetes terms to provide context. How Kubernetes Works Kubernetes automates the lifecycle of a stateless application, such as a static web server. Without a state, any instances of an application are interchangeable. This simple web server retrieves files and sends them to a...

Azure Arc - redefine hybrid cloud......

Azure delivered 59% revenue growth in the latest quarter which is more than expected from its other Microsoft products. MSFT introducing various new cloud services and acquisitions giving it edge over the rivals Amazon and Google. https://www.zdnet.com/article/azure-synapse-analytics-combines-data-warehouse-lake-and-pipelines/ ht

-tps://www.cnbc.com/2019/11/04/microsofts-azure-arc-lets-customers-use-its-tools-on-other-clouds.html “Azure Arc enables customers to have a central, unified, and self-service approach to manage their Windows and Linux Servers, Kubernetes clusters, and Azure data services wherever they are,” writes Jeremy Winter, director of Program Management for Microsoft Azure. “Azure Arc also extends adoption of cloud practices like DevOps and Azure ...