Author image

Alen Komljen

Total 42 Posts

All things DevOps.

  • Sarajevo
kubernetes, show me

Installing Kubernetes Dashboard per Namespace

Even though I'm not Kubernetes Dashboard user, I understand why for most people this is the easiest way to interact with their apps running on top of Kubernetes. If you are interacting with it daily or managing the cluster itself, you are probably more fine with CLI aka kubectl. Kubernetes Dashboard is easy to install, but you might want to have it per namespace to limit what users can do. Let's see how to install and configure it for this ...

kubernetes, aws, security

Integrating AWS IAM and Kubernetes with kube2iam

Containers deployed on top of Kubernetes sometimes requires easy access to AWS services. You have a few options to configure this. Most common is providing AWS access credentials to a particular pod or updating existing worker nodes IAM role with additional access rules. Pods in the AWS environment, by default, have the same access rules as underlying nodes. However, both solutions are a terrible practice, because there are projects that resolve this issue more elegantly. Two most popular are kube2iam ...

show me

An Easy Way to Track New Releases on GitHub

As a software developer, you need to keep track of many projects/tools hosted on GitHub. While GitHub has a watch feature, I found it too noisy. I open GitHub notifications once in a year, or maybe less. If you like GitHub notifications, great, you can watch a repo only for releases; they made this possible two months ago. This blog post probably doesn't make any sense for you then.However, I don't want to get a notification on new ...

kubernetes, ingress, aws

AWS ALB Ingress Controller for Kubernetes

More than one year ago CoreOS introduced AWS ALB (Application Load Balancer) support for Kubernetes. This project was born out of Ticketmaster's tight relationship with CoreOS. It was in an alpha state for a long time, so I waited for some beta/stable release to put my hands on it. The project is donated to Kubernetes SIG-AWS on June 1, 2018, and now there is a lot more activity. A few months ago the first stable version got released. Let's ...

10 Most Read Kubernetes Articles on My Blog in 2018

Let's start this year with some stats from the last one, 2018. Probably 99% of the articles on this blog are Kubernetes related. I wrote 28 articles in 2018 which is good, but my goal was 50 actually. I think that Kubernetes adoption in 2019 will grow, at least stats from my blog shows that and you will see the same in Google trends:Before listing 10 most read Kubernetes articles on my blog in 2018, I will share some ...

kubernetes, show me

Kubernetes API Resources: Which Group and Version to Use?

Kubernetes uses declarative API which makes the system more robust. But, this means that we create an object using CLI or REST to represent what we want the system to do. For representation, we need to define things like API resource name, group, and version. But users get confused. The main reason for the confusion is that we as humans are not good at remembering things like this. In one deployment definition you could see this apiVersion: apps/v1beta2, and ...

kubernetes, show me

How to Run on Kubernetes

Recently I was checking community. I must say, I really like how the application looks, clean and simple. And more important I like the community there. I also started to republish some posts because I want to show Kubernetes to the larger audience, preferably developers. But, any time I check something new I get some new ideas. This time I saw that is open source and thought, it would be pretty interesting for people to see ...

kubernetes, ingress

Kubernetes Contour Ingress Controller for Envoy Proxy

Most users while starting to learn Kubernetes will get to the point of exposing some resources outside the cluster. This is like a Hello World example in the Kubernetes world. And in most cases, the solution to this problem is the ingress controller. Think of ingress as a reverse proxy. Ingress sits between the Kubernetes service and Internet. It provides name-based routing, SSL termination, and other goodies. Often when approaching this problem users will choose Nginx. And the reason is ...

kubernetes, show me

Kubernetes Add-ons for more Efficient Computing

I will say that "starting" a Kubernetes cluster is a relatively easy job. Deploying your application to work on top of Kubernetes requires more effort especially if you are new to containers. For people that worked with Docker this can also be a relatively easy job, but of course, you need to master new tools like Helm for example. Then, when you put all together and when you try to run your application in production you will find out there ...


The Importance of Tech Blogging

I have a lot to share when it comes to blogging. This is actually my third tech blog and a pretty successful one. Yay, finally! :) It's a shame that really good engineers, with a lot to share often find excuses to not start blogging. Usually, you will hear things like "I have no time for writing" or they just don't see the point. They don't understand how the blog can help them professionally among other things. Now, more than ever ...

kubernetes, security

Protect Kubernetes External Endpoints with OAuth2 Proxy

Sometimes you just want to expose some services that don't have any authentication mechanism. Many users have this issue, especially with Kubernetes, because it is damn easy to expose any service over ingress and also to have HTTPS by default with Let's Encrypt. The missing piece could be authentication in the application you want to expose. In this case, we can always leverage external authentication from GitHub, Google, and many others via OAuth. This is where OAuth2 Proxy comes into ...

kubernetes, ingress, security

Get Automatic HTTPS with Let's Encrypt and Kubernetes Ingress

A few days ago I read a great post from Troy Hunt about HTTPS. The title "HTTPS is easy" is there for a good reason! HTTPS is easy, especially with the platforms like Kubernetes. Unfortunately, not all people agree with this. I understand that for some huge organizations moving all traffic to HTTPS is not trivial, but for all others saying how Google is evil with forcing it is just nonsense. You should use HTTPS for every external endpoint and ...