Ever wished you could monitor your AWS load balancer logs in real-time? AWS ELB access logs are packed with security gold, but they're usually just sitting in S3 as static files. Let's fix that with a falco-plugin-aws-elb! What is Falco 🦅?What are Falco Plugins?The ProblemSolutionExample RuleQuick StartWhy Rust 🦀?Available FieldsConclusion What is Falco 🦅? Falco… Continue reading Built a Falco Plugin for AWS ELB Access Logs
On June 16, 2025, I gave a Lightning Talk at KubeCon + CloudNativeCon Japan 2025. The title of my talk was: “From Kernel To Kubernetes: Mapping eBPF-Detected Processes To Pods!” In this session, I explored how Tetragon connects the Linux kernel to Kubernetes by enriching eBPF-detected process data with Kubernetes metadata. You can check out… Continue reading From Kernel to Kubernetes: KubeCon + CloudNativeCon Japan 2025
I joined KubeCon + CloudNativeCon that was held at Chicago in 2023 Nov 6-9. It was so fun! I will share what excited me at the event! Contributed the OpenTelemetry ProjectArgo Community is so energeticeBPF + Cilium is a futureArchitect my Future Contributed the OpenTelemetry Project I attended Contribfest of OpenTelemetry. Contributors kindly taught us… Continue reading KubeCon+CloudNativeCon@Chicago 2023 Nov
TL;DR In this article, I will explain how to get kube-proxy's metrics via a curl command from a pod via the following command. curl -s \ http://192.168.64.7:10249/metrics Monitoring a Kubernetes cluster with Prometheus Monitoring a Kubernetes cluster with Prometheus is useful for building dashboards and alerts. However, not many DevOps engineers may understand how Prometheus… Continue reading Get kube-proxy’s metrics manually
TL;DR In this article, I will explain how to get kube-controller-manager's metrics via a curl command from a pod via the following command. curl -s -k -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" https://192.168.64.7:10259/metrics Monitoring a Kubernetes cluster with Prometheus Monitoring a Kubernetes cluster with Prometheus is useful for building dashboards and alerts. However, not many DevOps… Continue reading Get kube-controller-manager’s metrics manually
TL;DR In this article, I will explain how to get kube-scheduler's metrics via a curl command from a pod via the following command. curl -s -k \ -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \ https://192.168.64.7:10259/metrics Monitoring a Kubernetes cluster with PrometheusPreparationKubernetes clusterkube-schedulerbind-address and portIP addressGet kube-scheduler's metricsCreate a ClusterRole and a ServiceAccountCreate a Pod from which… Continue reading Get kube-scheduler’s metrics manually
TL;DR kubelet is a service that runs on each worker node in a Kubernetes cluster and is resposible for managing the Pods and containers on a machine. In this article, I will explain how to get kubelet's metrics via a curl command from a pod via the following command. curl -k \ -H "Authorization: Bearer… Continue reading Get kubelet’s metrics manually
TL;DR In this article, I will explain how to get kube-apiserver's metrics via a curl command from a pod via the following command. curl \ --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt \ -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \ https://kubernetes.default.svc/metrics Monitoring a Kubernetes cluster with PrometheusPreparationKubernetes clusterkube-apiserver Pod and ServiceGet kube-apiserver's metricsCreate a ClusterRole and a ServiceAccountCreate a Pod from… Continue reading Get kube-apiserver’s metrics manually
Encrypt and Decrypt with Sealed Secret Problems of Secrets in GitOps Kubernetes stores secrets as base64-encoded strings in manifests, so we shouldn't store secrets' manifests in a Git repository. That means we cannot practice GitOps for secrets. Sealed Secrets can solve this problem using encryption! In this article, I will explain how to install Sealed… Continue reading Install Sealed Secrets via Helm
I will explain how to access k8s-api-server via curl. Through this hands-on exercise, you will gain an understanding of authenticating with k8s-api-server using client certificates and keys. Additionally, by communicating with k8s-api-server via curl, you will become more familiar with its usage. ⎈ PreparationGenerate private key and certificate from kubeconfigGenerate client private keyGenerate client certificateCheck… Continue reading Access k8s-api-server via curl
Yuki Nakamura's Blog 