Articles by Deepak Prasad
Unit Testing Operator Reconcile Logic with Ginkgo and Gomega
Structure reconciler unit tests with Ginkgo and Gomega: table-driven vs Describe/Context/It, testing pure desired-state builders vs full Reconcile with the fake client, asserting ctrl.Result and errors, when to stop and …
CI/CD for Kubernetes Operator Projects with GitHub Actions
Create a production-ready GitHub Actions CI/CD workflow for Go Kubernetes Operators: gofmt, go vet, unit tests, envtest, Makefile targets, image builds, GHCR publishing, OLM bundle validation, kind jobs, caching, …
OLM Bundles Explained: Package, Ship, and List on OperatorHub
Learn OLM bundles for Kubernetes Operators: bundle layout, CSV fields, replaces and skips, operator-sdk bundle generate validate scorecard, catalog images with opm, testing on kind with OLM, and how CSV claims map to …
OpenTelemetry Tracing for controller-runtime Operators
Add OpenTelemetry tracing to Go operators on controller-runtime: why trace reconcile, wiring TracerProvider and OTLP, propagating context into client-go and outbound HTTP, span naming and log correlation via trace id, …
Kubernetes Operator Metrics with Prometheus and controller-runtime
Expose Kubernetes Operator metrics from controller-runtime, scrape them with prometheus-operator ServiceMonitor, secure the endpoint, add custom Prometheus metrics, build useful Grafana panels, alert on reconcile errors, …
Pause and Resume Patterns for Kubernetes Operators
Design pause and resume for Kubernetes Operators: spec.paused vs annotations, what still runs when paused, skipping child updates vs deletes, finalizers and upgrades, Helm operator limits, user-facing docs, and GitOps …
From Commit to Cluster: End-to-End Operator Release Pipeline
Release a Kubernetes Operator from Git tag to cluster: build the manager image, pin digests, render Helm or Kustomize manifests, validate CRDs and OLM bundles, smoke-test with a sample CustomResource, promote through …
Configuration for Operators: Flags, Environment Variables, and Live Reload
Configure Kubernetes Operators for real clusters: cmd flags vs env vars, WATCH_NAMESPACE and common conventions, ConfigMap and Secret mounts, live reload with watches, Downward API, secret rotation, and 12-factor style …
CEL Validation in CRDs: Practical Rules for Operator APIs
Practical CEL rules in CRDs for operator APIs: x-kubernetes-validations basics, immutability with oldSelf and oldObject, when to combine OpenAPI and CEL, replicas bounds and mutual exclusions, user-facing error messages, …
Kubernetes Operator Hardening Beyond RBAC: Pod Security and Supply Chain
After RBAC, harden Kubernetes operators with non-root pods, read-only root filesystem, dropped capabilities and seccomp, projected ServiceAccount tokens, image digest pinning and signing, NetworkPolicy egress allowlists …
Migrate a Helm Chart to a Helm-Based Kubernetes Operator
Brownfield guide for teams with a production Helm chart: when plain Helm is enough vs a Helm-based operator, mapping values.yaml into a CRD spec, watches.yaml and overrideValues precedence, chart semver vs operator image …
Performance Tuning for controller-runtime: Concurrency, Client QPS, and Cache
Tune Go operators on controller-runtime for large clusters: MaxConcurrentReconciles and goroutine-safe reconcile, REST client QPS and burst, cached vs APIReader uncached reads, predicates to cut apiserver load, field …
Testing Kubernetes Operators with envtest, Fake Client, and kind
Part 3 of 3: test a Go Operator SDK operator with unit tests, fake client, envtest (CRD + status + webhooks), kind smoke tests, Kustomize packaging, safe CRD upgrades, and a troubleshooting lab.
Controller-Runtime Architecture: Manager, Cache, Informer, Workqueue Explained
controller-runtime is the Go library that powers every Kubebuilder and Operator-SDK project. This guide walks the full architecture - Manager, Cache, Informer, SharedInformerFactory, Workqueue, and the Builder DSL (For / …
Kubernetes Custom Resource Definitions (CRDs) Explained: A Complete Guide
A Custom Resource Definition (CRD) is a Kubernetes resource that registers a new object type with the API server, so kubectl, RBAC, watches, and Operators can treat your custom kind the same as a built-in Deployment or …
Operator RBAC Minimum Permissions: ClusterRole, kubebuilder Markers, Audit
A complete guide to designing, generating, and auditing RBAC for Kubernetes operators: how kubebuilder markers generate roles from `+kubebuilder:rbac` comments, the least-privilege principle as it applies to operators, …
Helm-Based Operator Tutorial Part 2 - Lifecycle, Drift, Hooks, Scope, and the Hard Ceiling
Part 2 of the Helm-based operator tutorial picks up the moment Part 1 ends - you have a deployed operator with a running CR. This guide walks the rest of the pre-built helm plugin (helm.sdk.operatorframework.io/v1) in …
Kubernetes CRD Version Upgrades with Conversion Webhooks
This step-by-step guide shows how to perform a Kubernetes CRD upgrade from v1alpha1 to v1 with a conversion webhook, using a self-created DemoApp operator. It walks through served and storage version contracts in a …
Golang function vs method: declaration syntax, receivers, when to use which
Golang function vs method and go method vs function: golang function declaration syntax without a receiver, method golang syntax with value or pointer receiver, function vs method call style, golang methods vs functions …
How to Avoid Reconcile Loop “Explosions” in Kubernetes Operators
Stop Kubernetes Operator reconcile storms: predicates and generation filters, status-only updates, accidental .spec writes, Owns() fan-out on noisy children, jittered RequeueAfter, workqueue tuning, and why event-style …
Requeue, RequeueAfter, and Error Handling in controller-runtime
Learn how controller-runtime interprets ctrl.Result, Requeue, RequeueAfter, and returned errors inside Reconcile(). Covers exponential backoff on the workqueue, terminal errors, NotFound and Conflict handling, …
Bash unshift: prepend to arrays, shift, and pop (with examples)
Bash unshift: prepend to an array or positional parameters, bash shift array / bash array shift, shift vs unshift, and bash pop argument / remove last element. No built-in unshift—use assignment or set --.
Bash while loop timeout: run until a time (sleep, date, GNU timeout)
Bash while loop timeout and while loop until a deadline: sleep in Linux/Bash, wall-clock end time with date or EPOCHSECONDS, counter + break, and GNU timeout around background jobs.
Linux convert tabs to spaces; spaces to tabs in shell scripts (Bash)
Linux convert tabs to spaces with expand; convert runs of spaces to tabs with unexpand; tab in bash with $'\t' and printf; unix shell scripts conversion for tab- vs space-delimited text and aligned columns.
Shell script parallel execution: Bash background jobs and exit status
Shell script parallel execution in Bash: background jobs, wait, and per-PID exit codes. Bash parallelize for loop, parallel shell patterns, and how to run a script on Linux before scaling out.
Linux login history: view SSH logins, auth logs, and check attempts
Linux login history: view and check login history, login logs, and Linux SSH login history via last, wtmp, auth.log or /var/log/secure, and journalctl. Optional script to summarize successful and failed SSH attempts.
Grep word after match; awk print after match (Linux)
Grep word after match, grep everything after match, grep characters after match, grep next line after match, and awk print after match on Linux (GNU grep -P with \K, -A, match/substr). Brief patterns for the word before …
Bash measure time of command and script (execution time, elapsed time)
Bash: measure time of a command, script execution time, and elapsed time (wall clock vs CPU). Use the time builtin, TIMEFORMAT, SECONDS, or EPOCHREALTIME; print duration on exit with trap.
Bash get script name, path, and directory (get script dir reliably)
Bash get script name, get current script name, get script path, and get script directory (script dir). Use $0, basename, BASH_SOURCE[0], dirname, cd+pwd, and readlink -f on Linux; handle sourced scripts safely.
Linux: find duplicate files by hash, list them, and remove duplicates safely
Use find with sha256sum (or md5sum) to list identical files on Linux, group by hash, then delete duplicate copies interactively or after a dry-run—plus how “duplicate by name” differs from same content.