Process of working with un-merged branches

 1. local check out the branch, for example

     git checkout -b the-dirty-branch

2. pull the remote branch to the local

    git pull the-dirty-branch

3. you can do the same thing for other branches if more branches are needed

4. then switch to the integration (or main) branch

5. cherry-pick from the dirty branch or rebase from the dirty branch

6. do git reset --soft to maintain unchanged release tag

K8S CSI related commands

 

kg csidrivers

kg storageclass

kg volumesnapshotclass

To list volume snapshot and it content

kg volumesnapshot -n test01

kg volumesnapshotcontent -n test01

Volume snapshot class uses driver.

storage class uses provisioner

volume snapshot class uses driver.

So driver and provisioner should be same thing?

How to support multi-arch docker image build on mac

 Simply do the following command:

docker buildx create --use

 

Then run command 

docker buildx ls

You should see amd64 included like the following.


linux/arm64, linux/amd64, linux/riscv64, linux/ppc64le, linux/s390x, linux/386, linux/arm/v7, linux/arm/v6





Some document says turn on the experienmental flag on which is not needed.


k8s backup products

1. https://portworx.com/

    You don’t have to use Portworx storage to use Portworx Backup. Backup and recover Kubernetes applications using Amazon EBS, Google Persistent Disk and Azure Block storage directly via CSI.

2.  https://velero.io/  used to be called Heptio Ark

    uses object storage

3. https://stash.run/

    Stores backup data in AWS S3, Minio, Rook, GCS, Azure, OpenStack Swift, Backblaze B2 and Rest Server

4. https://trilio.io/

5. https://metallic.io/   very weak.

6. https://www.kasten.io/

7. https://www.rubrik.com/

8. https://storware.eu/

 

 

Use k8s rbac for authorization

K8S rbac is solid implementation of rbac. Use it welll can avoid reinvent the wheel for an application.

Use a namespace per user to scope user resources

Use user to represent an actual user. Then use role and role binding to control permissions.

Expose services from k8s clusters running on MacBook

Since Mac won’t route to docker network, it is a big problem when you run multiple clusters on Mac when you need to expose services outside of the k8s clusters, but with Nginx proxy, one can simply use the docker port map to achieve this. 

The idea is to do the following

1. Write a script which  will query every cluster and find all load balancer services

2. With all known load balancer services, create Nginx configuration file to proxy request

3. Once the Nginx configuration file is created, lunch Nginx on the docker network used by k8s clusters and map all the ports used.

4. Based on the nature of the services, either http, https or stream can be used.

The drawback is that the port map certainly will change, and each time a service is added or removed, the Nginx container will need to be restarted with new port map and configuration.

For test purposes, this solution should work.

Allow application to accept incoming network connection

 When k8s kind trying to use a local non loopback ip for api server address, mac firewall will ask if the incoming network connection should be allowed. A screen like this will be popped up,

The right way to avoid this is to change the macbook firewall rule to allow this kind action.