http://blog.cloudcover.ch/Recent content on CloudCover.chHugo -- gohugo.ioen-usFri, 19 Jul 2024 21:47:09 +0100http://blog.cloudcover.ch/posts/thoughts-on-crowdstrike-outage/Fri, 19 Jul 2024 21:47:09 +0100http://blog.cloudcover.ch/posts/thoughts-on-crowdstrike-outage/Today, 19th July 2024, will be remembered as the day of the so-called ’largest global IT outage’ in recent history. Crowdstrike, a leading cybersecurity company, released an update for its Falcon Sensor software, a component of its cloud-based endpoint protection solution designed to assist in Real-time Threat Detection and Incident Response. This update was at the heart of the incident. Endpoint security software updating itself is nothing new, but this update contained a problematic channel file, which caused Windows endpoints that installed this update to run into a blue screen of death (BSoD), making the endpoint inoperable.http://blog.cloudcover.ch/posts/replace-local-terraform-provider-binary/Tue, 02 Jan 2024 16:00:06 +0200http://blog.cloudcover.ch/posts/replace-local-terraform-provider-binary/Terraform uses providers to allow for the management of various types of infrastructure. These providers are downloaded to the machine that executes Terraform as a binary. Sometimes, you may need to replace an existing provider binary with a version you have compiled. This can be useful for testing changes to a provider or using a version not yet available through the Terraform Registry. Here’s a step-by-step guide on using a locally compiled version of a Terraform provider after a binary has been compiled for the appropriate platform.http://blog.cloudcover.ch/posts/overcoming-gke-terraform-difficulties/Wed, 08 Feb 2023 12:15:39 +0100http://blog.cloudcover.ch/posts/overcoming-gke-terraform-difficulties/Google Kubernetes Engine (GKE) is a powerful platform for managing and deploying containerised applications. It provides a managed Kubernetes environment, making it easy to run, manage, and scale your applications. With Terraform, you can automate creating and managing your GKE cluster, making it easier and faster to get started. However, working a GKE cluster with Terraform can be challenging, especially if you are new to either tool or trying to do something more advanced.http://blog.cloudcover.ch/posts/reusing-existing-kubernetes-secrets-in-helm-templates/Mon, 26 Dec 2022 13:52:06 +0200http://blog.cloudcover.ch/posts/reusing-existing-kubernetes-secrets-in-helm-templates/Generating values in Kubernetes secrets Helm templates can generate values that can be used in Kubernetes secrets. A Helm template for a Kubernetes secret which generates a password if a value isn’t defined in the Helm values looks something like this: apiVersion: v1 kind: Secret metadata: name: postgres-credentials type: Opaque data: postgresPassword: {{ default (randAlphaNum 64) .Values.postgresPassword.value | b64enc | quote }} Using the lookup function What if we only wanted Helm to generate a new value in the secret if there was no existing Kubernetes secret containing a key from which we wanted to reuse the value?http://blog.cloudcover.ch/posts/guis-for-administering-kubernetes/Fri, 23 Dec 2022 16:05:18 +0200http://blog.cloudcover.ch/posts/guis-for-administering-kubernetes/Kubernetes (k8s) is an open-source platform for automating containerised applications’ deployment, scaling, and management. It is the de facto standard for container orchestration. Organisations of all sizes use it to run their applications in the cloud, on-premises, and at the edge. While Kubernetes offers a rich set of APIs and tools for administering and managing clusters, navigating and using these tools effectively can be challenging, especially for those new to Kubernetes.http://blog.cloudcover.ch/posts/writing-good-prometheus-alerting-rules/Wed, 21 Dec 2022 14:02:18 +0200http://blog.cloudcover.ch/posts/writing-good-prometheus-alerting-rules/Prometheus is a robust monitoring and alerting tool, but it’s only as effective as the rules you set up to trigger alerts. Here are some tips for writing good Prometheus alerting rules: Be specific: Make sure your rules target a particular issue. Avoid creating overly broad rules that could trigger false positives or missed alerts. Use appropriate thresholds: Set thresholds that are realistic and appropriate for your system. Keep them high enough to avoid false alerts.http://blog.cloudcover.ch/posts/grafana-helm-dashboard-import/Thu, 18 Aug 2022 21:03:18 +0200http://blog.cloudcover.ch/posts/grafana-helm-dashboard-import/Steps to import the JSON of a Grafana dashboard: Create a ConfigMap including the dashboard JSON Create a new Grafana dashboardProvider in the Grafana helmRelease values Map the new dashboardProvider to the new ConfigMap in the Grafana helmRelease values ConfigMap definition Create a new ConfigMap. The name of the ConfigMap should match the JSON filename; in the example below, this is graph-services-response-times. The ConfigMap must be in the same namespace as the Grafana helmRelease.http://blog.cloudcover.ch/posts/fluxcd-cli-shorthands/Sat, 09 Apr 2022 15:47:15 +0200http://blog.cloudcover.ch/posts/fluxcd-cli-shorthands/Flux CD’s command-line interface provides the following shorthands / shortcuts / aliases for commonly used parameters. Unfortunately these shorthands / shortcuts / aliases are not well documented in the official documentation. Parameter Shorthand / Shortcut / Alias namespace / namespaces ns helmrelease / helmreleases hr kustomization / kustomizations kshttp://blog.cloudcover.ch/posts/prometheus-metric-alerting-rule-with-multiple-conditions/Sun, 27 Mar 2022 13:55:06 +0200http://blog.cloudcover.ch/posts/prometheus-metric-alerting-rule-with-multiple-conditions/Alerts require fine-tuning and continuous optimisation to increase their accurateness, which can be achieved by adding more conditions to the alerting rule. As an example, we want to be alerted if a Kubernetes Pod has been unhealthy for longer than 15 minutes. The alerting rule could by written like this: min_over_time(sum by(namespace, pod) (kube_pod_status_phase{phase=~"Pending|Unknown|Failed"})[15m:1m]) > 0 We could add another condition to the rule to avoid a false positive, ensuring that the pod is at least 15 minutes old before triggering an alert.http://blog.cloudcover.ch/posts/schedule-elasticsearch-curator-tasks-natively-kubernetes/Mon, 24 Jan 2022 22:30:09 +0100http://blog.cloudcover.ch/posts/schedule-elasticsearch-curator-tasks-natively-kubernetes/As of Kubernetes 1.21, CronJobs are a stable native Kubernetes feature. Using Kubernetes CronJobs and Elasticsearch Curator, we can schedule periodic changes on an Elasticsearch instance. Unfortunately, Elasticsearch does not currently publish a native Elasticsearch Curator Docker image. Luckily, however, Bitnami provides such a Docker image, available on DockerHub. To use the Elasticsearch Curator with a Kubernetes CronJob we need to define two Kubernetes objects, a CronJob and a ConfigMap. We use the ConfigMap to save the configuration of Curator and the task steps we want Curator to take.http://blog.cloudcover.ch/posts/traefik-helm-kubernetes-deployment/Sun, 16 Jan 2022 18:32:06 +0100http://blog.cloudcover.ch/posts/traefik-helm-kubernetes-deployment/Traefik is a powerful cloud-native edge router that can be utilised in many different environments, the most popular being Kubernetes and Docker. The built-in ACME client, amongst other features, makes Traefik a great choice as an edge router. Traefik has two types of configuration: Dynamic configuration, which is set on the Kubernetes services we want to expose as annotations, and static configuration, which configures Traefik itself. The first configuration that needs to be defined is the static configuration, used when Helm installs Traefik.