Implementing a CAPI IPAM Provider One of the oldest problems of Cluster API and Kubernetes cluster creation is managing the Nodes IPs. While it is possible to rely on DHCP for the node IP allocation, and some other cloud providers have their own way of managing the IPs, for some enterprises and onpremises environments …

NGINX NJS and the dynamic config Recently, due to some bugs in Ingress NGINX I have decided to look into alternatives on the dynamic upstream configuration. For those not familiar with Ingress NGINX dynamic configuration, it relies massively on Lua and Openresty components to allow the reconfiguration of backends …

Using Falco to monitor outbound traffic for Pods in Kubernetes Falco is an opensource project from Sysdig focused on container runtime and cloud native security, that uses modern technologies like eBPF to monitor environment situations using syscalls and other events sources We’ve used Falco some time ago as a …

Introduction I’ve been trying, on the past few days make Kubernetes usable on FreeBSD. Why? Some would say I like to suffer. Others would say I have much spare time. To be honest, I’m doing this for fun. FreeBSD, for me, is one of the most stable and performant Operating Systems, and it’s sad that we …

Introduction In the first part of this article, I’ve shown the most common (so far) methods of doing packet filtering in Linux. This part of the article is all dedicated to cover a brief introduction of eBPF and XDP, being used to packet filtering. I’ll not cover the usage of eBPF to monitor resources and performance, …

Introduction So you’ve got a brand new Linux distribution. You start your Kubernetes distributions, and decide for a specific CNI that provides network policies. Then you figure out that something is (or is not) working, does an iptables -L to check what is going on and boom: where are all my iptables rules? Worst of …

So I needed to create a new Kubernetes Lab. Back in time, I’ve created a shell script to deploy a lot of CoreOS servers to my VMware Player, but I hadn’t touched that script since that time. With the deprecation of CoreOS and the glorious rise of Flatcar Linux to save us, and while needing to test some stuffs in …