xeiaso.net / site
The code and data behind xeiaso.net
5
fork

Configure Feed

Select the types of activity you want to include in your feed.

kube-ps1 post

Signed-off-by: Xe Iaso <me@xeiaso.net>

Xe Iaso 699989a2 acd9d675

+87 -9
+85
lume/src/notes/2025/kube-ps1.mdx
··· 1 + --- 2 + title: "Life pro tip: put your active kubernetes context in your prompt" 3 + desc: "kube_ps1 is love, kube_ps1 is life" 4 + date: 2025-04-05 5 + hero: 6 + ai: "Photo by Xe Iaso, Canon EOS R6 Mark ii, 16mm wide angle lens" 7 + file: touch-grass 8 + prompt: "A color-graded photo of a forest in Gatineau Park, the wildlife looks green and lush" 9 + --- 10 + 11 + Today I did an oopsie. I tried to upgrade a service in my homelab cluster (`alrest`) but accidentally upgraded it in the production cluster (`aeacus`). I was upgrading `ingress-nginx` to patch [the security vulnerabilities released a while ago](https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974/). I should have done it sooner, but [things have been rather wild lately](https://arstechnica.com/ai/2025/03/devs-say-ai-crawlers-dominate-traffic-forcing-blocks-on-entire-countries/) and now [kernel.org runs some software I made](https://social.kernel.org/notice/Asir7LiPevX6XcEVJQ). 12 + 13 + <Conv name="Cadey" mood="coffee"> 14 + <Picture 15 + path="notes/2025/kube-ps1/domino-meme" 16 + desc="A domino effect starting at 'Amazon takes out my git server' ending in 'software running on kernel.org'." 17 + /> 18 + </Conv> 19 + 20 + Either way, I found out that [Oh my ZSH](https://ohmyz.sh/) (the ZSH prompt toolkit I use) has a plugin for [kube_ps1](https://github.com/ohmyzsh/ohmyzsh/blob/master/plugins/kube-ps1/README.md). This lets you put your active Kubernetes context in your prompt so that you're less likely to apply the wrong manifest to the wrong cluster. 21 + 22 + To install it, I changed the `plugins` list in my `~/.zshrc`: 23 + 24 + ```diff 25 + -plugins=(git) 26 + +plugins=(git kube-ps1) 27 + ``` 28 + 29 + And then added configuration at the end for kube_ps1: 30 + 31 + ```sh 32 + export KUBE_PS1_NS_ENABLE=false 33 + export KUBE_PS1_SUFFIX=") " 34 + 35 + PROMPT='$(kube_ps1)'$PROMPT 36 + ``` 37 + 38 + This makes my prompt look like this: 39 + 40 + ```text 41 + (⎈|alrest) ➜ site git:(main) ✗ 42 + ``` 43 + 44 + Showing that I'm using the Kubernetes cluster Alrest. 45 + 46 + <ConvP> 47 + <Conv name="Aoi" mood="wut"> 48 + Wouldn't it be better to modify your configuration such that you always have 49 + to pass a `--context` flag or something? 50 + </Conv> 51 + <Conv name="Cadey" mood="coffee"> 52 + Yes, but some of the tools I use don't have that support universally. Until 53 + I can ensure they all do, I'm willing to settle for tamper-evident instead 54 + of tamper-resistant. 55 + </Conv> 56 + </ConvP> 57 + 58 + ## Why upgrading ingress-nginx broke my HTTP ingress setup 59 + 60 + Apparently when I set up the Kubernetes cluster for my website, the [Anubis docs](https://anubis.techaro.lol) and other things like my Headscale server, I did a very creative life decision. I started out with the "baremetal" self-hosted ingress-nginx install flow and then manually edited the `Service` to be a `LoadBalancer` service instead of a `NodePort` service. 61 + 62 + I had forgotten about this. So when the upgrade hit the wrong cluster, Kubernetes happily made that `Service` into a `NodePort` service, destroying the cloud's load balancer that had been doing all of my HTTP ingress. 63 + 64 + Thankfully, Kubernetes dutifully recorded logs of that entire process, which I have reproduced here for your amusement. 65 + 66 + | Event type | Reason | Age | From | Message | 67 + | :--------- | :------------------- | :-- | :----------------- | :----------------------- | 68 + | Normal | Type changed | 13m | service-controller | LoadBalancer -> NodePort | 69 + | Normal | DeletingLoadBalancer | 13m | service-controller | Deleting load balancer | 70 + | Normal | DeletedLoadBalancer | 13m | service-controller | Deleted load balancer | 71 + 72 + <ConvP> 73 + <Conv name="Cadey" mood="facepalm"> 74 + OOPS! 75 + </Conv> 76 + <Conv name="Numa" mood="smug"> 77 + Pro tip if you're ever having trouble waking up, take down production. 78 + That'll wake you up in [a 79 + jiffy](https://en.wikipedia.org/wiki/Jiffy_(time))! 80 + </Conv> 81 + </ConvP> 82 + 83 + Thankfully, getting this all back up was easy. All I needed to do was change the `Service` type back to LoadBalancer, wait a second for the cloud to converge, and then change the default DNS target from the old IP address to the new one. [external-dns](https://kubernetes-sigs.github.io/external-dns/latest/) updated everything once I changed the IP it was told to use, and now everything should be back to normal. 84 + 85 + Well, at least I know how to do that now!
+2 -9
lume/src/styles.css
··· 2 2 @tailwind components; 3 3 @tailwind utilities; 4 4 @import url("https://cdn.xeiaso.net/file/christine-static/static/font/inter/inter.css"); 5 - @import url("https://fonts.googleapis.com/css2?family=Podkova:wght@400..800&display=swap"); 5 + @import url(https://cdn.xeiaso.net/static/css/iosevka/family.css); 6 + @import url(https://cdn.xeiaso.net/static/css/podkova/family.css); 6 7 7 8 @layer base { 8 - @font-face { 9 - font-family: "Podkova"; 10 - font-style: normal; 11 - font-weight: 400 800; 12 - font-display: swap; 13 - src: url("/static/font/Podkova.woff2") format("woff2"); 14 - } 15 - 16 9 a { 17 10 @apply text-link-light-normal hover:text-link-light-hover hover:bg-link-light-hoverBg visited:text-link-light-visited visited:hover:text-link-light-visitedHover visited:hover:bg-link-light-visitedHoverBg underline; 18 11 }