Bonjour !

In the world of Kubernetes and Helm, managing secrets securely and efficiently is crucial, especially when dealing with production databases. This article chronicles my journey to implement a dynamic secret generation mechanism for a StatefulSet’s database container using Helm. My objective was to generate a password for the database container of a StatefulSet using Helm. The requirements were to create the secret during the initial installation, to reuse the same secret when upgrading the release and to ensure the secret persists even if the release is deleted...

Today a colleague of mine who is new to Kubernetes asked me what was the CNI running on our production cluster, I knew the answer but I wanted to doublecheck, just to see if I could climb up to the source of truth. My first reflex was to search in the kube-system namespace for pods with a CNI-like name. And I quickly found what I was looking for : With this I was pretty sure Antrea was the chosen CNI, but I knew there were other ways to verify it....

Today at my job I managed to get our new product up and running on kubernetes, deployment and statefulsets are working but I wanted to test the app’s behavior while accessing it from the outside. As we have multiple services running on the cluster and as we want to secure the connection through TLS it is best to use an Ingress (resources and controllers). I already did the Ingress controller setup earlier, using Ingress-nginx-controller so I just had to create an Ingress-resources and I wanted to discuss about my process here....

Pulling images from a private registry with kubernetes In this example I am going to use Harbor. For the sake of best practices and security we first have to create a robot account on harbor : Then select the harbor repo on which the robot account will have these permissions : You then have a confirmation message from harbor, keep the secret : we will register it into a kubernetes secret in our cluster....

I recently had to setup an Ingress in one of the Kubernetes cluster of my job, so I wrote a short explanation for my colleagues that are not aware of Kubernetes Ingresses and since it provide usefull explanations on it I figured I’ll also share it here : Classic Ingress in Kubernetes An Ingress in Kubernetes is an object that makes microservices available outside the cluster. It routes incoming requests to the appropriate services, much like a traditional load balancer....

When you try to optimize the size of an image it is possible to display the size of every layers : docker history <image-id> For example : (ins)❯ docker history 7383c266ef25 IMAGE CREATED CREATED BY SIZE COMMENT 7383c266ef25 12 days ago CMD ["nginx" "-g" "daemon off;"] 0B buildkit.dockerfile.v0 <missing> 12 days ago STOPSIGNAL SIGQUIT 0B buildkit.dockerfile.v0 <missing> 12 days ago EXPOSE map[80/tcp:{}] 0B buildkit.dockerfile.v0 <missing> 12 days ago ENTRYPOINT ["/docker-entrypoint.sh"] 0B buildkit....