I speak here {^_^}

Notes: k8s python dynamic client examples, Red Hat OpenShift Administration I (DO280)#5

May 05, 2021

Same as yesterday, I spent most of my day continuing with the Red Hat OpenShift Administration I (DO280) virtual instructor led training (VILT). It’s going wonderful. :)

The topics from today’s class were around configuring OpenShift networking for applications.

  • I learnt how OpenShift exposes the conatiner applications to external networks using ingress & routes. I learnt about different types of routes (secure & unsecure) that could be created under the OpenShift clusters:
    • Edge routes ~ where TLS termination occurs at the router, between the external client & the application running in the cluster container edge-routes
    • Pass-through routes ~ where encrypted traffic is sent straight to the destination pod, without router providing TLS termination.The certificate is mounted on the container side using secrets. Currently, this is the only mode that supports mutual authentication between application & client that access it. passthrough-routes
    • Re-encrypted routes ~ (similar to edge-routes) where router terminates TLS connection from the client, with one certificate & then re-encrypt its connection to the container application endpoint once again, with different (or similar) certificate. So, this essentially provides full path encryption.
  • I also learnt how I can verify which part of network paths is TLS encrypted, from the external client, through the router, to all the way to the container applications.

  • And lastly, two more concepts, Security context constraints (CSS) Network Policies. (Well, this is something I’m still struggling to properly understand, so will spend some more time on it, later)

Some of the updates from the Kubernetes upstream contributions,

  • Re PR (add examples to demonstrate the usage of dynamic client #1448), it was on hold from being merged due to strategic-merge-patch throwing unsupportedMediaType error. This got merged today. The reviewers confirmed that strategic-merge-patch is not supported currently on custom resources by the upstream kubernetes project. More precise explanation:

    native k8s resources like “deployment” support strategic-merge-patch. CR does not currently have that support. The support needs to be on the k8s server side, not on the python client side.

  • Last week, I’ve been going through some of the open feature requests on the k8s python client project. I wasn’t sure if I understood the requirements properly, so, yersterday I reached out to one of the project lead. I volunteered to pick up this one issue, Drop Python 2 support #1413. I asked them to provide me some pointers on how to implement this. They’ve very kindly updated the issue with all the information. So, yes, I’ve assigned it to myself. Will start working on this after the upcoming release of the python-client. :)


And the last update from today is quite special.

I submitted a talk proposal for PyCon India, 2021 (again). Here is the link to the proposal.

The special part is not submitting the proposal, but seeing how much I’ve grown up, since the last time I submitted one (which is the last year itself).

Look at my talk proposal video from last time and the one from this time, the confidence, I’ve build up in myself is the special part. I’m so happy for the current myself. The earlier me looks troubled (and I know I was) :)

So, yea, that’s all from today. Good night!