In a typical containerized application we have a lifecycle that goes a little like this:

1. Developers push code to an application repository.
2. A pipeline builds the latest code and pushes the resulting image to a registry
3. The pipeline updates the images: transformer in a Kustomization Overlay for the dev environment with the new image by using a command like kustomize edit set image foobar=registry.example.com/foobar@sha256:deadbeef
4. A tool like ArgoCD picks up the new image and starts a new deployment.

This works well for the dev environment, but when that image needs to be promoted to a new environment like tst we either need to copy the updated image transformer manually, or try to read the updated version from the dev Kustomization.

And images are not the only thing. A typical Kustomize Overlay will include a versioned Base with something like this:

1apiVersion: kustomize.config.k8s.io/v1beta1
2kind: Kustomization
3resources:
4- git.example.com/foobar.git/deploy/base?ref=v0.2.1

In this example we see that the Base that is being used comes from the Git tag or branch called v0.2.1. If a newer version of the application needs a newer Base a developer can update that reference in the dev Overlay, but promotions will need to be handled as well.

Simply copying the kustomization.yaml file between Overlays will most likely not work, since different Overlays typically use different Replica transformers, different ConfigMap en Secret Generators etc.

Read on to learn how you can automate this.

In a previous post we looked at how to add extensions to the new Keycloak operator. In that article we used a ConfigMap to store those extensions. In the real world a PersistentVolumeClaim (PVC) would be a more realistic choice, especially for larger or more extensions.

In this post we will look at how to change out the ConfigMap for a PVC, and how to set up a Job that can fill that PVC with the content we want.

In recent times the Keycloak Operator for OpenShift has moved from the old EAP based implementation to a new implementation based on Quarkus. At the same time the Custom Resource Definition for a Keycloak object has moved from apiVersion v1alpha1 to v2alpha1.

While on average this is a good move, and it brings many improvements, some functionality appears to have not made the transition yet, most notably the ability to easily add custom extensions and providers.

Since one of our customers encountered this and asked for our help we went and sought a solution to this, without having to resort to building custom images, as those would add an extra maintenance burden on an already busy team.

Sudoku’s are fun! For this reason, we included one if one of our traditional easter puzzles, and even made nostalgic 8bit video games of them in the past. If you enjoy solving them the old-fashioned way on a hard copy, it’s recommended to have a pencil handy, as you might need to address how to deal with multiple options.

A couple of years ago, I didn’t have a pencil nearby and used a pen instead. Wrong choice! I ended up in a situation where I had to guess and my pen made that guess final. The good thing about guessing in sudoku’s is that you can progress quite quickly, the bad thing is that you only see the consequence of your guess at the very last moment. So, that’s what happened to me. I had to guess and at the time my error was obvious, it was too late to go back. This frustrated the hell out of me, and I felt I needed to compensate.

Door het automatisch bijwerken van je base images op je containerplatform is het mogelijk om de nieuwste versies op je OpenShift platform te hebben. Het kan natuurlijk ook voorkomen dat per direct een nieuwe base image gebouwd moet worden. Dit moet je dan met de hand kunnen doen. Wat nu?

Chatbots everywhere, handy assistants in applications, AI is booming and particularly generative models. More than a year after the disruptive release of ChatGPT lots has happened. Language models are everywhere and tooling to run these are becoming easier as well. Let’s take one of these local serving models, Ollama and create a Visual Studio Code extension that will use this model server for answering questions about our code base using one of the community AI models.

Today’s organizations increasingly depend on digital systems and services. Any disruption or downtime can have a significant impact on revenue, user experience and brand reputation. To mitigate such risks, Site Reliability Engineering (SRE) has emerged as a vital discipline that focuses on building and maintaining highly reliable and scalable systems. Effective monitoring stands as a fundamental pillar of SRE.

Door het automatisch bijwerken van je base images op je containerplatform is het mogelijk om de nieuwste versies op je OpenShift platform te hebben, zonder dat je hiervoor nog handmatig iets hoeft te doen!

Één van de dingen waar je tegenaan loopt als je een OpenShift cluster wilt uitrollen op je eiegen infrastructuur, en dus niet in de publieke cloud, is het opzetten van een goede externe loadbalancer voor de verschillende diensten op het cluster. Het is mogelijk om een self-hosted load-balancer met keepalived en haproxy te draaien op je cluster zelf, maar dit wordt door Red Hat alleen maar officieel ondersteund op UPI VMWare installaties.

In dit artikel leggen we uit wat je moet configureren aan de hand van een voorbeeld haproxy.cfg.

After meeting up with Gremlin at Kubecon I told myself; we should definitely take a closer look at the concept of Chaos Engineering. A field of which the name does not accurately reflect the meaning. After all, Chaos is subjective. According to the Cambridge Dictionary, the word Chaos means ‘a state of total confusion with no order.’ With Gremlin, you can run Chaos Engineering experiments against hosts, containers and more! To me, Gremlin  is an excellent tool to find your antidote to Chaos. Gremlin brings order and takes away confusion, nullifying Chaos. Picture yourself as a SRE in the following two situations: