Tuesday, January 17, 2023

k8s backup products

1. https://portworx.com/

    You don’t have to use Portworx storage to use Portworx Backup. Backup and recover Kubernetes applications using Amazon EBS, Google Persistent Disk and Azure Block storage directly via CSI.

2.  https://velero.io/  used to be called Heptio Ark

    uses object storage

3. https://stash.run/

    Stores backup data in AWS S3, Minio, Rook, GCS, Azure, OpenStack Swift, Backblaze B2 and Rest Server

4. https://trilio.io/

5. https://metallic.io/   very weak.

6. https://www.kasten.io/

7. https://www.rubrik.com/

8. https://storware.eu/

 


 

Posted by at No comments:

Monday, January 16, 2023

Use k8s rbac for authorization

K8S rbac is solid implementation of rbac. Use it welll can avoid reinvent the wheel for an application.

Use a namespace per user to scope user resources
Use user to represent an actual user. Then use role and role binding to control permissions.
Posted by at No comments:

Tuesday, January 10, 2023

Expose services from k8s clusters running on MacBook

Since Mac won’t route to docker network, it is a big problem when you run multiple clusters on Mac when you need to expose services outside of the k8s clusters, but with Nginx proxy, one can simply use the docker port map to achieve this. 

The idea is to do the following

1. Write a script which  will query every cluster and find all load balancer services
2. With all known load balancer services, create Nginx configuration file to proxy request
3. Once the Nginx configuration file is created, lunch Nginx on the docker network used by k8s clusters and map all the ports used.
4. Based on the nature of the services, either http, https or stream can be used.

The drawback is that the port map certainly will change, and each time a service is added or removed, the Nginx container will need to be restarted with new port map and configuration.

For test purposes, this solution should work.
Posted by at No comments:

Thursday, January 5, 2023

Allow application to accept incoming network connection

 When k8s kind trying to use a local non loopback ip for api server address, mac firewall will ask if the incoming network connection should be allowed. A screen like this will be popped up,


The right way to avoid this is to change the macbook firewall rule to allow this kind action.

Posted by at No comments:
Subscribe to: Posts (Atom)