Category Archives: Uncategorized

kubernetes unable to delete namespace

Resolving the problem Run the following command to view the namespaces that are stuck in the Terminating state: Select a terminating namespace and view the contents of the namespace to find out the finalizer. Run the following command: Your YAML contents might resemble the following output: Run the following command to create a temporary JSON file: Edit your tmp.json file.… Read More »

Kubernetes Audit Logging Introduction

Explanation of Kubernetes Audit logging and an example of some policy configurations. Overview Kubernetes Auditing is part of the kube-apiserver, and will log all requests that the API Server processes for audit purposes. This is what an audit log looks like: These logs can give very useful information about what is happening in your cluster, and… Read More »

What Is A DNS Leak And How To Fix It

Perhaps one of the most important services on the internet is one that I’m betting most people never give a second thought to: the Domain Name System (DNS). In this article, I’ll explain how DNS servers can be a threat to your privacy, what a DNS leak is and how you can fix it.  Table… Read More »

Adding a Name to the Kubernetes API Server Certificate

In this post, I’m going to walk you through how to add a name (specifically, a Subject Alternative Name) to the TLS certificate used by the Kubernetes API server. This process of updating the certificate to include a name that wasn’t included could find use for a few different scenarios. A couple of situations come… Read More »

Kubernetes Cilium Timeout while waiting for lock, forcefully unlocking…

level=warning msg=“Timeout while waiting for lock, forcefully unlocking…” path=“cilium/state/identities/v1/locks/k8s:app=branch-event-reporter;k8s:component=worker;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=default;k8s:io.kubernetes.pod.namespace=default;” subsys=kvstore ETCDCTL_API=3 etcdctl –endpoints http://localhost:4001 get cilium –prefix | grep locks ETCDCTL_API=3 etcdctl –endpoints http://localhost:4001 lease revoke 2fbe6e11f2b4f3c3

Kafka JMX with SSL and user password authentication

The YUM repositories provide packages for RHEL, CentOS, and Fedora-based distributions. You can install individual Confluent Platform packages or the entire platform. For a list of available packages, see the documentation or you can search the repository (yum search <package-name>). Install the curl and which tools.sudo yum install curl which Copy Install the Confluent Platform public key. This key is used to sign… Read More »

Authenticating API Clients with JWT and NGINX Plus

JSON Web Tokens (JWTs, pronounced “jots”) are a compact and highly portable means of exchanging identity information. The JWT specification has been an important underpinning of OpenID Connect, providing a single sign‑on token for the OAuth 2.0 ecosystem. JWTs can also be used as authentication credentials in their own right and are a better way to control access to… Read More »