OpenEBS provides a Kubernetes native distributed storage solution which is friendly on developers and administrators. It is completely open source and part of the CNCF. Previously I wrote about installing and using OpenEBS, Jiva storage engine, on the Charmed Kubernetes distribution of Canonical. The Jiva storage class uses storage inside managed pods. cStor however can use raw disks attached to Kubernetes nodes. Since I was trying out Kubespray (also a CNCF project) on KVM and it is relatively easy to attach raw storage to KVM nodes, I decided to give cStor a try. cStor (which uses ZFS behind the scenes) is also the more recent and more robust storage engine and suitable for more serious workloads. See here. You can download the scripts I used to setup my Kubernetes environment here.
Articles containing tips, tricks and nice to knows related to IT stuff I find interesting. Also serves as online memory.
Friday, July 31, 2020
Thursday, July 30, 2020
Production ready Kubernetes on your laptop. Kubespray on KVM
There are various options to install a production-like Kubernetes distribution
on your laptop. Previously I tried out using the
Canonical stack
(Juju, MAAS, Charmed Kubernetes) for this. This worked nicely but it gave me the
feeling that it was a bit Canonical specific and with the recent discussions
around Snaps and the Canonical Snap Store, I decided to take a look at another
way to install Kubernetes on my laptop in such a way that it would approximate a
production environment. Of course first I needed to get my virtual
infrastructure ready (KVM hosts) before I could use Kubespray to deploy
Kubernetes. My main inspirations for this were two blog posts
here
and
here. Like with Charmed Kubernetes, the installed distribution is bare. It does not
contain things like a private registry, distributed storage (read here) or load balancer (read here). You can find my scripts
here (which are
suitable for Ubuntu 20.04).
Monday, July 27, 2020
Scanning container images for vulnerabilities using Anchore Engine
Applications nowadays, are usually deployed inside containers. A container consists of libraries and tools which allow the application to run inside. Since there can be exploitable vulnerabilities, it is not only important to keep your application up to date but also the container it runs in. There are various tools available to scan container images for those vulnerabilities. Having little experience with them, but recognizing the importance of having such a tool, I decided to give Anchore Engine a try. Why? Because it appeared popular when looking for tools, it has an open source variant which I can appreciate and it was very easy to get started with. In addition, it provides several integration options which make using it easy, such as a Jenkins plugin and a Kubernetes Admission Controller.