Open Policy Agent (OPA) focuses on creating a single declarative policy language (rego) that can enforce compliance and promote security. Different projects focused on a range of areas can use Open Policy Agent, so users have one familiar language to use, and projects don’t have to invent their policy language.
You’re debugging in production again. You find a process in the output of ps aux, but you need to know which pod created that process.
First, find the process id (PID). The PID is in the second column in the output of ps aux.
Kind is one of my favorite Kubernetes development tools. I’ve written a couple of articles on talking to internal services and pods from outside of the kind cluster:
Resolving Kubernetes Services from Host when using kind Using Docker to Resolve Kubernetes Services in a kind Cluster This article tackles communication through an ingress controller running in a kind cluster.
This is the third part of a series on Docker and Kubernetes networking. We’ll be tackling how Kubernetes’s kube-proxy component uses iptables to direct service traffic to pods randomly. We’ll focus on the ClusterIP type of Kubernetes services.
The goal of this post is to implement the iptables rules needed for a service like:
Some executables need elevated privileges, but we don’t always want to provide a user with root access. Fortunately, Linux and macOS support setuid. setuid instructs the OS to run an executable as the owner of the executable instead of the current user.