It is always DNS. A kubectl story

October 15, 2020

I frequently interact with several Kubernetes clusters which sit behind a corporate VPN. The fact that one has to be connected to the VPN in order to access these clusters had never granted a second thought.

Long time ago I installed kubectl in my laptop using Homebrew (see instructions here). Since then, I kept using kubectl to connect to those clusters without problems, as long as I was also connected to the VPN.

One day, I started noticing the following error message:

$ kubectl get pod
Unable to connect to the server: dial tcp: lookup my-cluster.contoso.io on 192.168.0.1:53: no such host

Troubleshooting and fixing the issue

This was very puzzling. I had been using kubectl with no problem until very recently. Even more confusing was the result of my immediate troubleshooting:

I was definitely connected to the VPN
I could resolve my-cluster.contoso.io when using other tools like curl, ping, or dig +trace

What was going on? I checked with my colleagues in case they were experiencing the same issue. Of course, they weren't! The next immediate action was to compare the versions of kubectl we were using.

When we compared versions, I was several versions behind theirs. With nothing better to try out, I decided to upgrade kubectl as in

brew upgrade kubernetes-cli

And this is where I grabbed the thread to find out what was going on! When Homebrew upgraded kubectl, it finished by complaining that /usr/bin/local/kubectl had been symlinked to a different location than the previous Homebrew installation. Even more interesting was the fact that the current binary pointed to my Docker for Mac installation!

I tried the suggested fix to repoint the binary:

brew link --overwrite  kubernetes-cli

And just like that, kubectl started working again 🚀

The root cause

I wasn't happy though. Since I didnt know why this happened, I was concerned it could happen again. Googling on the basis Docker for mac is doing something funny to my kubectl. Shortly after I found that indeed Docker for mac will repoint your kubectl when installed or upgraded.

Note the issue was closed due to inactivity: https://github.com/docker/for-mac/issues/2368

That explained why the binary installed by Homebrew was repointed by Docker. However, why was the Docker version unable to reach out to clusters behind the VPN? What's so different between the 2 versions?

As it turns out, kubectl inherits an issue fro Go, whereby DNS resolution would only pick whatever is found in /etc/resolv.conf rather than using the MacOS stack for DNS resolution. The way to prevent the issue is by compiling your Go application with the CGO_ENABLED=1 environment variable.

See the open issue: https://github.com/kubernetes/kubernetes/issues/23130#issuecomment-572292652

As you can read in that issue's thread, the Homebrew distribution of kubectl does indeed compile it with CGO_ENABLED=1 while the official google release doesn't.

That solves the mystery. Upgrading docker caused the kubectl binary to be repointed to a version of kubectl redistributed by Docker. While the Homebrew version is compiled to correctly resolve DNS in MacOS, Docker is redistributing the official google release which isnt compiled this way!

TL;DR

If you are a Mac user:

Always install kubectl in Mac using Homebrew
If you notice DNS resolution errors connecting to clusters behind a VPN, its likely Docker for Mac repointed the kubectl binary to its own version. Restore to the Homebrew version with:
```
brew link --overwrite  kubernetes-cli
```

For everyone else, remember it's always DNS!

🔍

🔗 Kubernetes NGINX Ingress WAF with ModSecurity. From zero to hero!

https://medium.com/@danieljimgarcia/nginx-ingress-waf-with-modsecurity-from-zero-to-hero-fa284cb6f54a

August 16, 2022

Everything you need to get started on enabling and configuring Web Application Firewall (WAF) in your NGINX Ingress controller.

🔗 Beware of depends_on for Terraform modules. It might bite you!

https://itnext.io/beware-of-depends-on-for-modules-it-might-bite-you-da4741caac70

July 21, 2022

When defining dependencies between Terraform modules, using depends_on can cause unwanted surprises. Find out why and how to prevent them!

🔗 Avoid the Terraform kubernetes_manifest resource

https://medium.com/@danieljimgarcia/dont-use-the-terraform-kubernetes-manifest-resource-6c7ff4fe629a

November 5, 2021

The kubernetes Terraform provider is useful when bootstrapping clusters. However the kubernetes_manifest resource has important limitations. The article describes these limitations and provides working alternatives.

🔗 10 Points to consider when migrating CommonJS to ES modules in Node

https://medium.com/@danieljimgarcia/10-points-to-consider-when-migrating-commonjs-to-es-modules-in-node-abe8ed31ac10

August 21, 2021

Migrating CommonJS to ES modules requires more than a syntax change. Explore what to expect and the effort required.

dexa

August 7, 2021

A CLI tool that allows developers and teams to capture their preferred tech stacks as a project template and a set of code generators.

Each of these stacks is captured as a git repository. Create them in a publicly available service such as Github to encourage usage and sharing across the wider community. But you are also free to use dexa with private repositories.

Read more in the KaizenDorks website.

🔗 Using Blazor WebAssembly, SignalR and C# 9 to create Full-stack Real time Applications

https://www.dotnetcurry.com/aspnet-core/realtime-app-using-blazor-webassembly-signalr-csharp9

April 27, 2021

This article puts Blazor WebAssembly under test by building a small real time survey application leveraging SignalR for its real time functionality across both frontend and backend. While doing so, we will use the latest ASP.NET libraries in .NET 5 and C# 9.0, including some of the new language features like record types.

Fix the sonarqube helm chart hook that updates admin password

April 26, 2021

Sonarqube helm chart

The official Sonarqube helm chart started as a community maintained effort as part of the Oteemo helm charts. It was later adopted as the official helm chart of Sonarqube and forked to a SonarSource repo.

This helm chart is the official way of installing Sonarqube in Kubernetes, even though it still has some limitations as per the official Sonarqube docs.

Contribution

The chart allows you to change the default admin password when installing Sonarqube. This is implemented as a post-install helm hook that sends a POST request to the Sonarqube admin API using a container with curl installed.

The problem was that the current/new admin password were sent as part of the query string, but were not URL-encoded. This meant trying to change the admin password to a new password with special characters would fail.

I opened a bug and submitted a PR to fix the issue and URL-encode them it: https://github.com/Oteemo/charts/pull/278

🔗 Kubernetes for ASP.NET Core Developers. A hands on introduction

https://www.dotnetcurry.com/aspnet-core/kubernetes-for-developers

February 5, 2021

Kubernetes became over the past few years one of the most common and important tools that teams and organisations can leverage in the DevSecOps space. In this article, we will go through the core Kubernetes concepts. It follows a hands on approach specifically aimed at developers so it becomes easier to start leveraging Kubernetes.

Update chef docker cookbook so multiple mirrors can be configured for the docker service

December 2, 2020

Chef docker cookbook

The official docker chef cookbook allows engineers to manage docker services and docker resources using Chef.

For example, you can install specific docker versions, configure the docker service or manage resources such as containers, networks and volumes.

Contribution

The registry_mirror option of the docker_service resource allows you to configure the docker daemon with a registry mirror. It essentially adds the --registry-mirror option to the docker daemon arguments.

While it is possible to configure multiple mirrors by providing the --registry-mirror argument multiple times, this chef resource only allowed a single mirror to be configured.

I submitted a PR that updated the option so users can provide either a string or an array for the registry_mirror option.

Allowed kured drain/reboot notifications to be customised

November 26, 2020

Kured

Kured is an open source tool that allows Kubernetes administrators to control when their Nodes can reboot.

This way, automatic upgrades like unattended-upgrades can be configured in the cluster nodes so the OS dependencies are automatically patched.

When a reboot is necessary, unattended-upgrades will create a file /var/run/reboot-required instead of automatically rebooting the node. Kured runs as a daemon in your Kubernetes cluster and monitors the existing of that file. Once it detects a node needs to be rebooted, kured ensures a single node reboots at a time, and it cordongs & drains the node before rebooting.

In addition, kured lets you define the day of the week and time of the day that your nodes can reboot, as well as delay a reboot based on prometheus alerts and/or pod selectors.

Contribution

Kured can be configured to send a slack notification when draining and rebooting a Node. However the notification message was hardcoded as in Rebooting node %s.

This was limiting for myself, since I was going to use kured in many clusters across different clouds and regions. It would be great if I could send a message like Rebooting node %s, from cluster %s, region %s

I submitted a PR that introduced 2 new options with drain/reboot message formats. I also stayed for the conversation on refactoring the notifications using shouterrr so destinations other than slack are supported.

🔗 Troubleshooting DNS in Kubernetes cheatsheet

https://kaizendorks.github.io/2020/11/13/kubernetes-dns-issues-cheatsheet

November 13, 2020

Brief cheatsheet on how to debug DNS issues inside Kubernetes.

🔗 Progressive Web Applications – From Zero to Hero

https://www.dotnetcurry.com/aspnet-core/progressive-web-apps-blazor-vuejs-angular

September 24, 2020

Progressive Web Applications (PWA) have become an interesting choice for web developers. Most of the popular frameworks for writing web applications now offer support for PWAs, making life as a developer easier. Is PWA for you? Find out in this detailed tutorial.

Ensured trivy scans are correctly imported and deduplicated in DefectDojo

September 1, 2020

DefectDojo

DefectDojo is an open source vulnerability aggregation tool.

It greatly simplifies the task of teams running multiple types of vulnerability scans like SCA (dependencies scan), SAST (static code analysis) or DAST (dynamic applicaiton scans) by providing a central aggregation and correlation point.

Contribution

As part of the DevSecOps efforts I was leading, we were considering DefectDojo in combination with tools like Trivy (for SCA), Sonarqube (for SAST) and ZAProxy (for DAST).

I wanted to integrate these tools into our CI/CD pipeline and aggrgate all their results in DefectDojo to get a global consolidated view per project and across the board.

One of DefectDojo's features is its ability to automatically detect a duplicate across scans. For example an unmitigated issue will keep showing in your CI/CD scans until is solved. The deduplication feature allows DefectDojo to keep a single vulnerability open and close the rest as duplicates, greatly reducing the noise in your project.

However when Trivy scans were imported, some fields were missing which caused the deduplication to not work as expected. I submitted a PR which fixed how Trivy scans where imported.

🔗 Using Blazor, Tensorflow and ML.NET to Identify Images

https://www.dotnetcurry.com/aspnet-core/1537/blazor-ml-dotnet

May 17, 2020

This article brings together Blazor, ML.NET and TensorFlow to build a SPA where users can identify the main object in a picture.

🔗 Deploying to GitHub Pages using GitHub Actions

https://kaizendorks.github.io/2020/04/16/vuepress-github-actions

April 16, 2020

Article describing how you can easily get a vuepress site deployed to GitHub Pages using GitHub Actions.

🔗 A new website for Kaizen Dorks

https://kaizendorks.github.io/2020/04/11/new-website

April 11, 2020

Retrospective on creating a new website for the KaizenDorks and the switch from Jekyll to vuepress.

🔗 Kubernetes for Developers

https://kaizendorks.github.io/tutorials/kubernetes

April 3, 2020

Getting started with Kubernetes is not easy, there is quite a learning curve before most people feel comfortable interacting and/or managing their cluster.

The tutorial is aimed at developers with no previous experience of Kubernetes, however it assumes some basic knowledge of docker/containers, networking and web applications.

🔗 Developing SPAs with ASP.NET Core v3.0

https://www.dotnetcurry.com/aspnet-core/1525/angular-react-vuejs-svelte-spa-aspnet-core-3

February 1, 2020

This article demonstrates how to integrate four different SPA frameworks within ASP.NET Core v3: Angular, React, Vue and Svelte.

While there are official templates for React and Angular out of the box, the article explain how these work and how they can be adapted for other frameworks such as Vue and Svelte.

blazor-ml

January 23, 2020

Example application that shows how to integrate a Blazor server-side application with ML.NET

Users can upload images using the Blazor application, which are classified into one of 1000 labels using the ML.NET model.
The ML.NET model simply loads a pre-trained TensorFlow Google's inception model.

I wrote an article in the DotNetCurry magazine explaining the integration between Blazor and ML.NET.

VueVixens workshop in Sligo

November 8, 2019

I was delighted to help Irene Y with a full day VueVixens workshop. The event took place in Sligo, in the offices of Overstock Ireland who were really friendly and a great host!

My role was mostly to give an extra hand to Irene and Caroline when it came to answering doubts and questions, so everyone was taken care of!

These are some of the tweets from the event:

Tomorrow, our lead Vue expert and workshop lead Caroline Fenlon, myself and @Dani_djg hit the road to teach in Sligo. Looks like a near full house and we are very excited! #vuejs #vuevixens #womenintech https://t.co/BiFz5cBz3v
— Irene Y (@rene_iy) November 7, 2019

Excellent event hosting @VueVixensIRL workshop, a fab group of 20 participants being introduced to #vuejs, BIG THANKS to Irene, Daniel & Caroline from #VueVixens, & to Diane OBrien from @ITSligo & Elaine Murphy from @LiveTiles who both spoke!#Overstock #WomenInTech #SiliconSligo pic.twitter.com/RibvyqbTm4
— Overstock Ireland (@OstkIreland) November 11, 2019

Vue templates for ASP.NET Core

November 4, 2019

A set of templates showcasing 3 different ways in which a project using Vue-CLI and ASP.NET Core can be structured.

The code was discussed during an article published in DotNetCurry.

🔗 gRPC with ASP.NET Core 3.0

https://www.dotnetcurry.com/aspnet-core/1514/grpc-asp-net-core-3

October 30, 2019

Article introducing gRPC for ASP.NET Core developers, now that it is supported in the latest ASP.NET Core 3.0 release.

The article covers:

a brief introduction to gRPC
how gRPC services can be created with ASP.NET Core
how gRPC services can be created with a Node.js
how to invoke either of these services from .NET Core
an overview of the built-in security features based on TLS/SSL

🔗 Authentication in ASP.NET Core, SignalR and VueJS applications

https://www.dotnetcurry.com/aspnet-core/1511/authentication-aspnetcore-signalr-vuejs

September 29, 2019

This article covers authentication in the context of ASP.NET Core and SignalR apps.

It describes how ASP.NET Core allows you to implement authentication using different schemes. Starting with cookie based authentication, it discusses different authentication schemes followed by JWT Bearer tokens.

Two years developing with Vue. Distilled

September 20, 2019

I was delighted to give a talk in the JSDayIE 2019 conference. Check out the YouTube recording!

You also have the slides available in slideshare.

gRPC services implemented in ASP.NET Core and Node.js

September 11, 2019

An example of creating services using gRPC and both ASP.NET Core and SignalR.

The code was discussed during an article published in DotNetCurry.

🔗 ASP.NET Core Vue CLI Templates

https://www.dotnetcurry.com/aspnet-core/1500/aspnet-core-vuejs-template

June 26, 2019

This article discusses 3 different approaches to integrate ASP.NET Core with an Vue SPA generated by the Vue-CLI.

These templates range from separated frontend and backend projects, to a couple of variants on the ASP.NET Core SPA template that fully integrates them as one solution.

vue-cli-plugin-jest-puppeteer

June 5, 2019

A plugin for the awesome Vue CLI that simplifies the setup needed to use Jest and Puppeteer to write and run E2E tests.

Read more in the KaizenDorks website.

kaizendorks/vue-cli-plugin-jest-puppeteer - GitHub

so-signalr

May 11, 2019

A mini Stack Overflow replica built using Vue, ASP.NET Core and SignalR.

I wrote a series of articles in the DotNetCurry magazine explaining the stack, the integration between Vue and SignalR and the authentication mechanism:

The history of ASP.NET

April 26, 2019

Series of 3 articles covering the history of ASP.NET since its first release back in 2002

vue-autowire

April 3, 2019

A library for Vue that lets you automatically register components, views, routes, and other Vue elements.

Read more in the KaizenDorks website.

vue-cli-plugin-vuedock

February 28, 2019

A plugin for the awesome Vue CLI that generates the Docker and docker-compose files necessary for both development and production.

Read more in the KaizenDorks website.

kaizendorks/vue-cli-plugin-vuedock - GitHub

🔗 Using ASP.NET Core SignalR with Vue.js (to create a mini Stack Overflow rip-off)

https://www.dotnetcurry.com/aspnet-core/1480/aspnet-core-vuejs-signalr-app

February 16, 2019

Using an ASP.NET Core backend, and a Vue.js frontend, we will look into the main concepts and building blocks of SignalR by implementing a minimalistic version of Stack Overflow.

sinon-mongo

January 29, 2019

An extension for the sinon.js mocking library. It makes easier to write unit tests for code that uses the MongoDB Node.js driver, allowing you to create stubs and spys for the client, db and collection objects.

Install with npm i -D sinon-mogo. Read more in KaizenDorks.

Refactored mockgo to its v2 version using promises

December 5, 2018

Mockgo

mockgo is a Node.js library which simplifies the task to create integration tests using a real MongoDB server.

When integrating mockgo with your tests, it will take care of downloading the right mongo binaries, initialize a real in-memory mongo database and clean it at the end of the test.

Contribution

I was using mockgo in various Node.js projects for writing integration tests that used a real mongo database but still run fast and in memory.

However some of its dependencies were outdated, which was limiting the MongoDB versions that could be used in our tests.

I submitted a PR that ended up refactoring mockgo not just to update its dependencies, but also to use promises and ended up released as the v2 of the library.

🔗 Blazor - .NET in the browser

https://www.dotnetcurry.com/dotnet/1460/blazor-getting-started

September 27, 2018

Blazor leverages a number of technologies such as WebAssembly in order to provide a SPA framework that can run .NET code in the browser. In this article, we will explore what is Blazor, how does it work and the new possibilities it brings for Developers.

🔗 Unit testing with Vue.js (using vue-test-utils, mocha-webpack and the Vue-CLI)

https://www.dotnetcurry.com/vuejs/1441/vuejs-unit-testing

May 30, 2018

Learn to write tests using the awesome vue-test-utils together with mocha-webpack. Also see how the vue-cli facilitates writing unit tests from the very beginning.

🔗 Managing Vue state in Vue.js applications with Vuex

https://www.dotnetcurry.com/vuejs/1454/using-vuex-manage-vuejs-state

May 30, 2018

Vuex provides an alternate state management approach to your Vue.js applications that makes it very interesting on large apps. This article takes a in-depth look to the core Vuex concepts.

🔗 Dependency Injection in ASP.NET Core - Demystified

https://www.dotnetcurry.com/aspnet-core/1426/dependency-injection-di-aspnet-core

March 14, 2018

This article aims to demistify dependency injection in ASP.NET Core, now a first class member of the framework.

It begins with a brief introduction to Dependency Injection in ASP.NET Core. It continues with a comparison to ASP.NET MVC 5, followed by a deeper look at the dependency injection support in ASP.NET Core and using 3rd party containers like Autofac and StructureMap.

BlogPlayground

January 27, 2018

An ASP.NET Core website that implements a simple blogger-like website.

I wrote a series of articles in the DotNetCurry magazine explaining the presentation layer and how to implement unit, integration and E2E testing:

Automated testing for ASP.NET Core projects

January 25, 2018

Series of 3 articles covering unit, integration and E2E tests for ASP.NET Core

Sample integration between react-native and a gRPC service

January 25, 2018

A sample react-native app that communicates using gRPC with a sample server, also contained in this repo. Both the client app and the server share the protocol buffer definition, which is used to generate both server and client side code.

The client side react-native application can talk to the gRPC server through a native module that bridges react-native and the objective-c/Java client generated by gRPC tooling.

🔗 ASP.NET Core 2.0 – What’s New

https://www.dotnetcurry.com/aspnet/1402/aspnet-core-2-new-features

November 27, 2017

ASP.NET Core 2.0 was released in August 2017. This article looks at the most important new features of ASP.NET Core 2.0 and improvements over its previous versions.

Added HTTP proxy functionality to node-apn

November 16, 2017

Node-apn

node-apn is a library to simplify the task of sending apple push notifications from Node.js applications.

Contribution

In the corporate environment I was working on, request to the Internet had to go through an HTTP proxy or else they would be blocked.

We were building an iOS application with a Node.js backend from where we wanted to send push notifications. For that we wanted to use the node-apn library but we could only do so if it supported connecting to apple's servers through a proxy.

Since that wasn't a feature currently available, I submitted a PR for it: https://github.com/node-apn/node-apn/pull/602

🔗 Modern Web Development using ASP.NET Core template, Vue.js and Webpack

https://www.dotnetcurry.com/aspnet/1383/modern-web-dev-aspnet-core-webpack-vuejs

August 6, 2017

This article explores the official Microsoft template for ASP.NET Core that uses Vue as its client-side framework and gets you started on using modern tooling and libraries like Webpack, Babel or hot-reload.

🔗 Debugging ASP.NET Core SPA in Visual Studio Code

https://www.dotnetcurry.com/aspnet/1373/debugging-aspnet-core-using-visual-studio-code

June 20, 2017

Get a nice debugging experience of your Single Page applications (SPA) in Visual Studio Code for both client and backend code.

🔗 ASP.NET Core MVC Model Binding: Custom Binders

https://www.dotnetcurry.com/aspnet-mvc/1368/aspnet-core-mvc-custom-model-binding

May 25, 2017

How Model Binding in ASP.NET Core MVC works, how does it compare against the previous versions of the framework and how you can customize it with your custom binders.

🔗 .NET Code Quality 3rd Party Tools – Using NDepend with .Net Core

https://www.dotnetcurry.com/general-topics/1361/third-party-tool-ndepend

April 16, 2017

This article explores the functionality provided by a 3rd party Code Quality tool, NDepend.

In order to do so, NDepend is added to one of my ASP.NET Core projects, DockNetFiddle.

🔗 Code Quality in the .NET Ecosystem

https://www.dotnetcurry.com/patterns-practices/1358/code-quality-tools

April 7, 2017

This article explores the subject of Code Quality within the .Net ecosystem. It includes a brief look at tools included in Visual Studio and other third-party commercial tools.

🔗 Using ElasticSearch, Kibana, ASP.NET Core and Docker to Discover and Visualize data

https://www.dotnetcurry.com/aspnet/1354/elastic-search-kibana-in-docker-dotnet-core-app

March 27, 2017

Use the Elastic Search API in an ASP.NET Core and Docker project and combining it with applications like Kibana for data analysis, reporting and visualization..

DockNetFiddle

February 15, 2017

DockNetFiddle is a simple site where users can enter minimum but complete .Net Core applications (providing the contents for the files program.cs and project.json ) which will be then executed inside a docker container. The results of the program execution will be send back and displayed to the users. In the end is a very simple version of the real [].NetFiddle site](https://dotnetfiddle.net/).

The code was discussed during an article published in DotNetCurry.