Kubernetes

Implementation guide for creating an ArgoCD cluster that manages its own configuration and updates through GitOps, including repository structure, app-of-apps pattern, and self-healing configuration.

Limit exposure of web applications on Kubernetes using Traefik ingress controller with IP whitelist middleware configuration.

Running Kubernetes on bare metal can be challenging on several aspects. One of those is the use of load balancers. MetalLB is a bare metal load balancer that uses ARP to dynamically create new load balancers using dedicated internal IP addresses.

It’s easy to deploy Elasticsearch on Kubernetes. You get yourself a copy of the Elastic Helm Charts and you run helm install. Job well done… or not? The default Elasticsearch configuration doesn’t enable any encryption or security mechanism, that doesn’t sound really safe! In this blog post, I’ll explain how you secure your Elasticsearch instance by enabling encryption (SSL transport and HTTP over SSL) and native authentication.

In this blog post, I’ll explain how you deploy a brand new Kubernetes Cluster with Rancher Kubernetes Engine (RKE). Rancher Kubernetes Engine doesn’t include the Rancher management application itself and will deploy a vanilla Kubernetes Cluster for you, the exact same thing as kubeadm can do for you but much more simple!

Kubernetes Certificate Manager (cert-manager) is a native Kubernetes controller helping you to issue certificates from a variety of sources, such as Let’s Encrypt, HashiCorp Valut, a signing keypair and self-signed. The Certificate Manager ensures certificates are valid and up-to-date, and attempt to renew certificates at a configured time before expiry.

Officially, GitLab doesn’t support RBAC enabled Kubernetes clusters yet, but with some manual configuration, it is possible to integrate your Kubernetes cluster into Gitlab with RBAC enabled.

In Kubernetes it is possible to use Persistent Volumes to add persistent storage to your Docker containers. When creating a Persistent Volume (Claim) you have to configure a storage type and storage capacity. When your application gets successful and your storage exceeds the limits, you have to extend the volume or create a new persistent volume. The latter isn’t a feasible solution in a production environment, but extending a persistent volume isn’t supported out-of-the-box in Kubernetes. There is a solution though! Extending the volume outside Kubernetes!

The last few weeks I’m working with Kubernetes and OpenStack. It’s a steep learning curve to get a production-ready Kubernetes Cluster running on OpenStack, especially because I didn’t want to use the available ready-to-use tools. In the next few blog posts, I want to share my experience how to run Kubernetes on an OpenStack platform.