{"pageProps":{"contents":[{"slug":"how-to-grant-access-to-the-kubernetes-api","title":"How to Grant Access to the Kubernetes API","description":"Learn how to Grant Access to the Kubernetes API.","content":"\nBy default no access is granted to applications in Kubernetes. So we have to explicitly allow access to the parts of the API that your applications need.\n\nKubernetes includes a built-in role-based access control (RBAC) mechanism that enables you to configure specific sets of permissions that define how a given user (or group of users) can interact with any Kubernetes object in a specific Namespace of your cluster.\n\nThe RBAC API declares four kinds of Kubernetes object: Role, ClusterRole, RoleBinding and ClusterRoleBinding. In this article, I'll focus on Role and RoleBinding.\n\n# How can we grant access to the Kubernetes API?\n\nKubernetes provides two resources that control the access to the API:\n\n* Role: specifies what access is granted (set of permissions). When we create a Role, we need to specify the Namespace it belongs in.\n* RoleBinding: specifies who the Role applies to (links a Role to subjects). \n\n# Create a Role\n\nHere is a yaml configuration file you can use to create a `Role` that let us list the pods and get information on a particular pod:\n\n```yaml\napiVersion: rbac.authorization.k8s.io/v1\nkind: Role\nmetadata:\n  name: my-role\n  namespace: my-namespace\n  labels:\n    app: my-rbac-app\nrules:\n- apiGroups: [\"\"] # \"\" indicates the core API group\n  resources: [\"pods\"]\n  verbs: [\"get\", \"list\"] # verbs to act on the that resource\n```\n\nA Role in isolation doesn't do anything until we bind it with a RoleBinding, so let's do that in the next step.\n\n# Create a RoleBinding\n\nHere is a yaml configuration file you can use to create a `RoleBinding` that give this role (\"my-role\") to all service accounts in the default namespace, meaning that all pods will have access to these APIs:\n\n```yaml\napiVersion: rbac.authorization.k8s.io/v1\n# This role binding allows \"jane\" to read pods in \"my-namespace\" namespace.\n# You need to already have a Role named \"my-role\" in that namespace.\nkind: RoleBinding\nmetadata:\n  name: my-rolebinding\n  namespace: my-namespace\n  labels:\n    app: my-rbac-app\nsubjects:\n# You can specify more than one \"subject\"\n- kind: Group\n  name: system:serviceaccounts # \"name\" is case sensitive\n  apiGroup: rbac.authorization.k8s.io\n  namespace: my-namespace\nroleRef:\n  # \"roleRef\" specifies the binding to a Role\n  kind: Role #this must be Role\n  name: my-role # this must match the name of the Role you wish to bind to\n  apiGroup: \"\"\n```\n\n# Create a Service Account\n\nThe best practice in security is to give as few permissions as possible. Kubernetes recommends to grant a role to an application-specific service account. This requires the application to specify a `serviceAccountName` in its pod spec and for the service account to be created.\n\nHere is a yaml configuration file you can use to create a basic `ServiceAccount`:\n\n```yaml\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  name: my-service-account\n  namespace: my-namespace\n  labels:\n    app: my-rbac-app\n```\n\nWe can start a pod with a `ServiceAccount` by adding that to it's spec definition:\n\n```yaml\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: my-deployment\n  namespace: my-namespace\n  labels:\n    app: my-app\n    rbac: my-service-account\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: my-app\n      namespace: my-namespace\n      rbac: my-service-account\n  template:\n    metadata:\n      labels:\n        app: my-app\n        namespace: my-namespace\n        rbac: my-service-account\n    spec:\n      serviceAccountName: my-service-account\n      containers:\n        - name: my-container\n          image: nginx:1.7.9\n```\n\nIn the pod spec you can see `serviceAccountName: my-service-account`. The pod will be run as this `ServiceAccount` and all containers started from it will be running under that `ServiceAccount`.\n\nLast step is to apply all yaml files in the repository:\n\n```bash\n$ kubectl apply -f my-role.yaml -f my-rolebinding.yaml -f my-serviceaccount.yaml -f my-deployment.yaml -n my-namespace\n```\n\nFor more information related to RBAC Authorization, please check the [Kubernetes documentation](https://kubernetes.io/docs/reference/access-authn-authz/rbac/).\n","type":"article","tags":["code","kubernetes","k8s","access"],"publishedAt":"2020-05-09T14:46:10.915Z","image":"/contents/article/how-to-grant-access-to-k8s-api.png?v1","updatedAt":null,"readingTime":{"text":"3 min read","minutes":2.89,"time":173400,"words":578},"data":{"title":"How to Grant Access to the Kubernetes API","description":"Learn how to Grant Access to the Kubernetes API.","tags":["code","kubernetes","k8s","access"],"image":"/contents/article/how-to-grant-access-to-k8s-api.png?v1","publishedAt":"2020-05-09T14:46:10.915Z","updatedAt":null,"type":"article"}},{"slug":"how-to-use-secrets-in-kubernetes","title":"How to Use Secrets in Kubernetes","description":"Learn how to use Secrets in Kubernetes with some examples.","content":"\nKubernetes Secrets let you store and manage sensitive information like as passwords, OAuth tokens, ssh keys, etc. \n\nWith this article, you'll learn how to use them easily.\n\n# What is a Secret in Kubernetes?\n\nA secret is an object that contains sensitive information like passwords, keys, tokens...\n\nTo use it, a Pod needs to reference it:\n* As files in a volume mounted on one or more of its containers.\n* By the `kubelet` when pulling images for the Pod.\n\n# Optimal way to create and mount a Secret\n\nFor me the easiest way to use Secrets is defining a YAML and reference them using `envFrom/secretRef`.\n\n1. Here is a yaml configuration file you can use to create a Secret that holds a username and a password:\n\n```yaml\napiVersion: v1\nkind: Secret\nmetadata:\n  name: my-secret\ndata:\n  username: my-username\n  password: vdg7JbgkdnRnN03e\n```\n\n2. Reference the Secret (my-secret-pod.yaml):\n\n```yaml\nkind: Pod\napiVersion: v1\nmetadata:\n  name: my-secret-pod\n  namespace: my-namespace\nspec:\n  containers:\n    - name: my-container\n      image: nginx:1.7.9\n      envFrom:\n        - secretRef:\n            name: my-secret\n```\n\n3. Then you just need to create the Pod:\n\n```bash\n$ kubectl apply -f my-secret-pod.yaml -n my-namespace\n```\n\nFor more information related to Secrets, please check the [Kubernetes documentation](https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/).\n","type":"article","tags":["code","kubernetes","k8s","secret"],"publishedAt":"2020-04-18T10:10:10.915Z","image":null,"updatedAt":"2020-04-18T11:27:10.915Z","readingTime":{"text":"1 min read","minutes":0.99,"time":59400,"words":198},"data":{"title":"How to Use Secrets in Kubernetes","description":"Learn how to use Secrets in Kubernetes with some examples.","tags":["code","kubernetes","k8s","secret"],"publishedAt":"2020-04-18T10:10:10.915Z","updatedAt":"2020-04-18T11:27:10.915Z","type":"article"}},{"slug":"how-to-use-configmaps-in-kubernetes","title":"How to Use ConfigMaps in Kubernetes","description":"Learn how to use ConfigMaps in Kubernetes with some examples.","content":"\nWhen starting to use a new technology, one of the first questions to answer is how to manage your application's configuration. In the Kubernetes world, that answer is ConfigMaps.\n\nWith this article, you'll learn how to use them.\n\n# What is a ConfigMap?\n\nA ConfigMap is a dictionary composed of by a key-value pairs of strings.\nIt basically stores (public) configuration settings for your code. If you want to store secret configuration settings, you'll need to store them in another manner.\n\n# How ConfigMaps are deployed\n\n1. You have ConfigMap/s for every environment.\n2. A ConfigMap is created and added to a Kubernetes cluster.\n3. Containers in a Pod reference the ConfigMap to use its values.\n\n# Optimal way to create and mount a ConfigMap\n\nFor me the best way to use ConfigMaps is defining a YAML and reference them using `envFrom/configMapRef`.\n\n## Here is an example of a ConfigMap in a YAML file\n\n```yaml\nkind: ConfigMap\napiVersion: v1\nmetadata:\n  name: env-vars-configmap\n  namespace: my-namespace\ndata:\n  # Configuration values as key-value properties where value is a string\n  base_url: https://my.website.dev/\n  database_port: \"3306\"\n\n  # Also you can read those values from variables\n  base_url: ${BASE_URL}\n  database_port: \"${DATABASE_PORT}\"\n\n  # Or set as file contents\n  file_keys: |\n    color.good=purple\n    color.bad=yellow\n```\n\nTo added it to your namespace in the Kubernetes cluster:\n\n```bash\n$ kubectl apply -f env-vars-configmap.yaml -n my-namespace\n```\n\nAlso you can see the values of the environment variables executing:\n\n```bash\n$ kubectl get configmap -n my-namespace env-vars-configmap.yaml -o yaml\n```\n\n_Tip: this last command is useful when you have errors in the ConfigMap. If you use variables, try replace them with the real values and see which one fails._\n\n## Reference the ConfigMap\n\nSet the `envFrom/configMapRef` in each container to an object containing the list of ConfigMaps you want to include.\n\n```yaml\nkind: Pod\napiVersion: v1\nmetadata:\n  name: pod-configmap\n  namespace: my-namespace\nspec:\n  containers:\n    - name: my-container\n      image: nginx:1.7.9\n      envFrom:\n        - configMapRef:\n            name: env-vars-configmap\n```\n\nAttach to the created Pod using:\n\n```bash\n$ kubectl exec -it pod-configmap sh\n```\n\nThen run `env` and see that all keys are now available as environment variables.\n\nFor more information related to ConfigMaps, please check the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/).\n","type":"article","tags":["code","kubernetes","k8s","configmap"],"publishedAt":"2020-04-13T11:11:11.915Z","image":"https://boxboat.com/2018/07/05/gitops-kubernetes-rolling-update-configmap-secret-change/kube-configmap-secret-deployment.png","updatedAt":"2020-05-09T14:56:10.915Z","readingTime":{"text":"2 min read","minutes":1.79,"time":107400,"words":358},"data":{"title":"How to Use ConfigMaps in Kubernetes","description":"Learn how to use ConfigMaps in Kubernetes with some examples.","tags":["code","kubernetes","k8s","configmap"],"image":"https://boxboat.com/2018/07/05/gitops-kubernetes-rolling-update-configmap-secret-change/kube-configmap-secret-deployment.png","publishedAt":"2020-04-13T11:11:11.915Z","updatedAt":"2020-05-09T14:56:10.915Z","type":"article"}},{"slug":"how-to-get-changes-from-forked-project","title":"How to Get Changes from Forked Project","description":"Learn how to get changes committed to a project you forked.","content":"\n## 1. Clone your forked project\n\nThis is only important if it's not yet in your workspace\n\n```bash\ngit clone git@github.com:YOUR-USERNAME/YOUR-FORKED-PROJECT.git\n```\n\n## 2. Add remote from original repository in your forked one\n\n```bash\ncd into/cloned/forked-project\ngit remote add upstream git://github.com/ORIGINAL-DEV-USERNAME/PROJECT-YOU-FORKED-FROM.git\ngit fetch upstream\n```\n\n## 3. Updating your forked project from the original one to have their changes\n\n```bash\ngit pull upstream master\n```\n\n## 4. Solve conflicts (if any)\n\n## 5. Finally push changes\n\n```bash\ngit push\n```\n","type":"tip","tags":["git","code","fork"],"publishedAt":"2020-04-12T12:44:00.915Z","image":null,"updatedAt":null,"readingTime":{"text":"1 min read","minutes":0.4,"time":24000,"words":80},"data":{"title":"How to Get Changes from Forked Project","description":"Learn how to get changes committed to a project you forked.","tags":["git","code","fork"],"publishedAt":"2020-04-12T12:44:00.915Z","updatedAt":null,"type":"tip"}},{"slug":"for-whom-is-this-blog-for","title":"For Whom Is This Blog For?","description":"Learn about this blog and if it's for you.","content":"\nAs developers, we are learning new things every day.\n\nIn this blog I want to share what I'm currently learning, but also what I've learned.\n\nSo if you want to know more about the development of APIs and machine learning, from a developer with more than 10 years of experience, please follow me on Twitter, subscribe to my newsletter or to my RSS feed.\n\nSpecial thank you to Lailo and his [open source code](https://github.com/lailo/next-with-tailwindcss) that I used for this blog.\n","type":"article","tags":["blog","ml","code","api"],"publishedAt":"2020-03-29T07:07:37.915Z","image":null,"updatedAt":"2020-04-18T11:18:10.915Z","readingTime":{"text":"1 min read","minutes":0.4,"time":24000,"words":80},"data":{"title":"For Whom Is This Blog For?","description":"Learn about this blog and if it's for you.","tags":["blog","ml","code","api"],"publishedAt":"2020-03-29T07:07:37.915Z","updatedAt":"2020-04-18T11:18:10.915Z","type":"article"}},{"slug":"500-error","title":"500 Error","description":"We built 500error.co because we had to solve one of our own problems.","content":"\n<small>Co-Written by [Lailo](https://lailo.ch)</small>\n\nWe built [500error.co](https://www.500error.co) because we had to solve one of our problems. The idea was first pitched on [Pitchcard.io](https://www.pitchcard.io) and got a lot of traction. So we decided to built it, and we did it in less than two weeks.\n\n# How It Started\n\nWe ([Susana Garcia](https://susana.dev) and I) like to build things. We don’t like to talk about how cool it would be to do this and that — we just do it. The outcome is that we have a lot of projects simultaneously.\n\nAs we all know, servers can crash and “oooh boy they do”. And you know what, they crash at the worst time. They crash while your release and you lose important leads. Or they crash while you sleep and we really like to sleep 💤. We decided to fix this problem.\n\n# Developing in Bratislava\n\nWe’re digital nomads and we moved to a new city every other month, but that’s another story. For this month, we’re in Bratislava.\n\nWe used our very first day in Bratislava to collect all feedback from Pitchcard.io, friends and other developers. We picked the most important features for a MVP.\n\nWe used the second day to choose the right tools to built this, and ended up using NodeJS with Express for the backend and React for the front end, as we had already positive experiences with these tools building [Pitchcard.io](https://www.pitchcard.io).\n\nFrom day three up to day seven, we built the MVP and send some invite emails to the investors of [Pitchcard.io](https://www.pitchcard.io). They liked the simplicity and gave us really good feedback, what we could improve and what they were missing.\n\nWe used the second week to improve the UI for mobile, tablet and desktop. We also added a simple subscription with [Stripe](https://medium.com/u/3ecae35d6d66) (we really like Stripe). And we added better documentation of how to integrate it into Heroku, GitHub Pages and more.\n\n# Customize Your Page\n\nOur beta users like the way they could customize their error pages. They like it because it’s simple and funny. Here is what some things you can customize:\n\n- Add your own brand color\n- Choose one of the funny GIFs or just add your own Logo\n- Define your title and description so it sounds like you\n\n# The Result\n\nWe’re happy that our beta users liked the first version and we’re proud of what we could built in less than two weeks.\n\nNow we can sleep at night without worrying about a crash on all these projects. If a server crash happens, we can fix it the day after and notify the new subscribed users. It’s simple as that.\n\nDo you want to be able to sleep at night without worrying about your server? [Visit **500error.co**](https://www.500error.co), create your own error page, integrate it into your existing projects and have one less thing to worry about.\n","type":"project","tags":["error","server","web"],"publishedAt":"2016-12-18T20:47:11.000Z","image":"/contents/project/500-error.jpg?v1","updatedAt":null,"readingTime":{"text":"3 min read","minutes":2.36,"time":141600,"words":472},"data":{"title":"500 Error","description":"We built 500error.co because we had to solve one of our own problems.","websiteUrl":"https://www.500error.co","image":"/contents/project/500-error.jpg?v1","tags":["error","server","web"],"publishedAt":"2016-12-18T20:47:11.000Z","updatedAt":null,"type":"project"}},{"slug":"pitchcard","title":"Pitchcard","description":"Since the iPhone released and the following AppStore boom, a lot of people began to tell us: \"Hey, I have an app idea...\".","content":"\n<small>Co-Written by [Lailo](https://lailo.ch)</small>\n\nSince the iPhone released and the following AppStore boom, a lot of people around us began to have amazing ideas: “Hey, I have a really cool idea for a new app!”. Every single one of them thought, they had the next billion dollar idea.\n\n# Get to the Point\n\nThey usually tried to explain it in a very complex way or sent us very long emails. As we both don’t like emails, long emails even less, we told most people to get to the point.\n\nWe believe that every good idea needs to be pitched in _2–3 sentences._ And this is only possible if you exactly know what the goal of your idea is.\n\n# Share Your Idea\n\nThere are another few things that some people don’t know about good ideas.\n\nSome people don’t talk much about their idea to protect it. They are afraid of someone stealing it. Fact is, **the more you share your idea, the better it gets.** Each time you explain your idea to people, they’ll ask you questions. First you won’t have an answer but it will force you to rethink your idea.\n\nAnother important thing is, what for you might be a pretty good idea, others wouldn’t even use it. And _what’s the point of creating something no one will ever use?_ Evaluate your idea first, then decide to build it or to move on.\n\n# Quick Feedback\n\nThat’s why we’ve built [Pitchcard.io](https://www.pitchcard.io/) to get quick feedback. We’ve picked this name because of the elevator pitch.\n\n> “\\[..\\] the idea that it should be possible to deliver the summary in the time span of an elevator ride, or approximately thirty seconds \\[..\\]”\n\n## How it works\n\n1.  Visit [www.pitchcard.io](https://www.pitchcard.io/)\n2.  Create your _Pitchcard_\n3.  Share it\n\nWe know that ideas can pop up anytime and anywhere (having lunch, doing sport or meeting up with friends). That’s why we made it very easy to create a _Pitchcard._\n\nYou can share your _Pitchcard_ with close friends via WhatsApp and email, or with everyone via Facebook, Twitter or others.\n\nAnother important point of _Pitchcard_ is, that we consequently set a **200 chars limit on the description** of the idea**.** As we already mentioned before, we want that people get to the point.\n\nWe hope you like our product and wish you good luck with your next billion dollar idea. 😜\n","type":"project","tags":["pitch","idea","web"],"publishedAt":"2016-05-08T07:07:37.915Z","image":"/contents/project/pitchcard.jpg?v1","updatedAt":null,"readingTime":{"text":"2 min read","minutes":1.965,"time":117900,"words":393},"data":{"title":"Pitchcard","description":"Since the iPhone released and the following AppStore boom, a lot of people began to tell us: \"Hey, I have an app idea...\".","websiteUrl":"https://www.pitchcard.io","image":"/contents/project/pitchcard.jpg?v1","tags":["pitch","idea","web"],"publishedAt":"2016-05-08T07:07:37.915Z","updatedAt":null,"type":"project"}}]},"__N_SSG":true}