Tagged "2020"

Backup and Restore Stateful Workloads using Velero and Restic

This is quick post to summarise using Velero to backup your stateful workloads running on Kubernetes without the use of cloud provider plugin to snapshot the persistent volumes. The current setup I’ve got a Tanzu Kubernetes Grid cluster provisioned with the Guestbook application installed into a namespace called (imaginatively) guestbook. I’ve also added some random comments to the guestbook so we have some data to backup from the persistent volume.

vSphere with Tanzu Deployment Error

While I was enabling enabling Workload Management (Tanzu) on vSphere 7.0 U1 with NSX, I hit an error. Error configuring cluster NIC on master VM. This operation is part of API server configuration and will be retried. This isn’t a particularly complicated fix but I wanted to document the steps taken to find the issue. TL;DR: Enabling Workload Management on vSphere 7.0.1 with NSX-T deploys a medium Load Balancer.

NCP - Network Policies

One of the features I really like with the NSX Container Plugin (NCP) is how easy it is to create Distributed Firewall Rules (DFW) at an NSX level using Kubernetes Network Policies. By adding these rules in your’e enabling microsegmentation, but implementing it with the application. This means you can get all the code driven goodness from your microsegmentation! Which in turn enables the velocity of application deployments not be slowed down through either security or network team bottlenecks, everyone is a winner.

Backing Up Tanzu Kubernetes Grid Integrated Edition

Backing up a Tanzu Kubernetes Grid Integrated Edition (TKGI, formerly known as PKS) installation is a bit of a mishmash of different elements. Unfortunately TKGI doesn’t support image based backups, neither does Kubernetes, before we look at the tools at your disposal what components require backing up? This diagram shows each layer of a TKGI deployment, let’s step through each layer and discuss the options for backing it up. Infrastructure (vCenter / NSX-T) Bread and butter backups here - point the appliance at the appropriate endpoint and hit go.

Kubernetes - Secrets

This is a quick post about something I was asked about recently for a customer - Secrets within Kubernetes. The ask from the customer was: Our engineer says that standard Kubernetes secrets aren’t secure, what are our options? This is an overview of those options. I won’t be going into too much depth as there is no right or wrong answer here, it depends on the requirements of each individual organisation.

Kubernetes 101 – Application Configuration

This is the fifth in a series of blog posts that will explain the different components of Kubernetes. Primarily because if I can explain it here, I’ll have learned it quite well myself. The first part is about Pods and can be found here. The second part is about Controllers and can be found here. The third part is about Services and can be found here. The fourth part is about Volumes and can be found here.

Blog Move

Relocation A few of you may have noticed that my blog layout has changed a little bit. My renewal had come up for Wordpress, and while it wasn’t hugely expensive (I am from Yorkshire). I also wanted to learn some more about AWS. So inspired by definit.co.uk, grantorchard.com, thehumblelab.com and many more, I set about looking at Hugo as a static site generator. It didn’t take long for the simplicity of it to win me over.

Kubernetes 101 – Volumes

This is the fourth in a series of blog posts that will explain the different components of Kubernetes. Primarily because if I can explain it here, I’ll have learned it quite well myself. The first part is about Pods and can be found here. The second part is about Controllers and can be found here. The third part is about Services and can be found here. Where does the data go?

Kubernetes 101 – Services

This is the third in a series of blog posts that will explain the different components of Kubernetes. Primarily because if I can explain it here, I’ll have learned it quite well myself. The first part is about Pods and can be found here. The second part is about Controllers and can be found here. What is a Service? So you’ve deployed a pod, now how do you access it? How do other pods access it?

Kubernetes 101 – Controllers

This is the second in a series of blog posts that will explain the different components of Kubernetes. Primarily because if I can explain it here, I’ll have learned it quite well myself. The first part is about Pods and can be found here. Why Controllers Before we answer the why, we ought to think about what a controller is. The atomic unit in Kubernetes is the pod. You can create and manage them manually.

CKA Exam Experience

On Wednesday 29th January I took my Certified Kubernetes Administrator exam, and after much baited breath (31 hours worth), I passed. This briefly covers my experience and the resources I used to get there. Lead Up In the weeks leading up to the exam I was becoming fairly proficient with Kubernetes but felt I needed a target to get to the required standard. So I booked my exam, on the basis that

Kubernetes 101 – Pods

This is the start of a series of blog posts that will explain the different components of Kubernetes. Primarily because if I can explain it here, I’ll have learned it quite well myself. Primer on Containers I think most people are at least aware of the existence of containers. Fundamentally they’re a construct used to make an application component self contained & portable. It holds all the libraries and binaries required to run the component.