schnatterer

Getting a shell on each node

I run several K8S cluster on EKS and by default do not setup inbound SSH to the nodes. Sometimes I need to get into each node to check things or run a one-off tool.

Rather than update my terraform, rebuild the launch templates and redeploy brand new nodes, I decided to use kubernetes to access each node directly.

Alternative option

https://github.com/alexei-led/nsenter

Kubernetes v1.16 API deprecation testing

Examples of how to test the impact of the v1.16 API deprecations and ways to debug early!

If this is the first time you're hearing of these deprecations STOP and read this blog post (thanks @vllry!).

Common misunderstandings

The exact apiVersion: value that I use in my manifest is stored on disk (etcd).

Falsehoods programmers believe about time

This is a compiled list of falsehoods programmers tend to believe about working with time.

Don't re-invent a date time library yourself. If you think you understand everything about time, you're probably doing it wrong.

Falsehoods

There are always 24 hours in a day.
February is always 28 days long.
Any 24-hour period will always begin and end in the same day (or week, or month).

	KEYMAPOPTS="us us"
	HOSTNAMEOPTS="-n alpine"
	INTERFACESOPTS="auto lo
	iface lo inet loopback

	auto eth0
	iface eth0 inet dhcp
	hostname alpine
	"
	TIMEZONEOPTS="-z UTC"

	➜ docker run -t -p 8080:8080 applications/gradle-boot-2.2.8
	Container memory limit unset. Configuring JVM for 1G container.
	Calculated JVM Memory Configuration: -XX:MaxDirectMemorySize=10M -XX:MaxMetaspaceSize=88901K -XX:ReservedCodeCacheSize=240M -Xss1M -Xmx652474K (Head Room: 0%, Loaded Class Count: 13282, Thread Count: 50, Total Memory: 1073741824)
	Adding 127 container CA certificates to JVM truststore

	. ____ _ __ _ _
	/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
	( ( )\___ \| '_ \| '_\| \| '_ \/ _` \| \ \ \ \
	\\/ ___)\| \|_)\| \| \| \| \| \|\| (_\| \| ) ) ) )
	' \|____\| .__\|_\| \|_\|_\| \|_\__, \| / / / /

	Add the following in .zshrc:

	...
	plugins=(osx git zsh-autosuggestions zsh-syntax-highlighting zsh-nvm docker kubectl)
	...

	### Fix slowness of pastes with zsh-syntax-highlighting.zsh
	pasteinit() {
	OLD_SELF_INSERT=${${(s.:.)widgets[self-insert]}[2,3]}
	zle -N self-insert url-quote-magic # I wonder if you'd need `.url-quote-magic`?

	#!/bin/sh

	alias dm='docker-machine'
	alias dmx='docker-machine ssh'
	alias dk='docker'
	alias dki='docker images'
	alias dks='docker service'
	alias dkrm='docker rm'
	alias dkl='docker logs'
	alias dklf='docker logs -f'

	#!/bin/bash

	IMAGE="gcr.io/google-containers/ubuntu-slim:0.14"
	COMMAND="/bin/bash"
	SUFFIX=$(date +%s \| shasum \| base64 \| fold -w 10 \| head -1 \| tr '[:upper:]' '[:lower:]')

	usage_exit() {
	echo "Usage: $0 [-c command] [-i image] PVC ..." 1>&2
	exit 1
	}

	apiVersion: extensions/v1beta1
	kind: PodSecurityPolicy
	metadata:
	name: restricted
	annotations:
	seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default'
	apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
	seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
	apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
	spec: