expose more ports for existing service

(base) ➜ ~ kubectl get service local-files-12a341c023 -o yaml



then patch accoring to the spec:

kubectl patch services local-files-12a341c023 --type='json' -p='[{"op": "add", "path": "/spec/ports/-", "value": {"name":"tornado","port":8889,"targetPort": 8889,"protocol":"TCP"}}]'

access the parent docker daemon from the container

recently i have a need to build/start/stop some sibling containers (vs docker within docker), the way to do it is to expose a pipelien from the host to the container:

for single container:

docker run -v /var/run/docker.sock:/var/run/docker.sock

for docker compose

services:
container-to-control-other-sibling-containers:
image: xyz
build:
context: .folder/to/the/controller/container/image
ports:
- 5000:5000
volumes:
- ./:/app
- /var/run/docker.sock:/var/run/docker.sock

View at Medium.com

actually the dameon could listen from other host (configuration):
https://docs.docker.com/v17.09/engine/admin/#configure-the-docker-daemon

update dockerfile within docker compose

have encountered some issue with the stale dockerfile. turns out, docker compose actually cache previous builds (this is not stated in the doc).

so to keep it updated, need to run build without cache then bring it up.


docker-compose build --no-cache && docker-compose up

K8s client authentication

Have been working on some serverless framework recently, which i have put onto EKS.

most of the stuff worked, except the cli, which leveraged on k8s client-go library to authen is not able to do so with EKS. (working well with Azure AKS and GCP).

turns out the issue was with k8s client-go library, which doesn’t deal with aws-iam-authenticator. as a work around, the patch is to apply the service account as a bearer token.


//command to get the token
kubectl describe secret account -n namespace | grep -E '^token' | cut -f2 -d':' | tr -d " "

then in the client-go, patch the token into the bearer header:


//retrieve the token either from secret file or env var
//token, err := ioutil.ReadFile("~/secrets/kubernetes.io/serviceaccount/" + v1.ServiceAccountTokenKey)
//token := os.Getenv("BEARER_TOKEN")

//add the header if its not yet there
r.headers.Set("Authorization", "Bearer xxx")

//before the real http call
resp, err := client.Do(req)

refer to:
https://kubernetes.io/docs/reference/access-authn-authz/authentication/
https://docs.aws.amazon.com/eks/latest/userguide/dashboard-tutorial.html
https://kubernetes.io/docs/tasks/administer-cluster/access-cluster-api/
https://github.com/kubernetes/client-go/blob/master/rest/request.go
https://github.com/1wpro2/nuclio/pull/1