-
Kubernetes External Service with HTTPS
This is a quick example to assign an SSL certificate to a Kubernetes external service(which is an ELB in AWS). Tested with kops 1.8 and kubernetes 1.8. — apiVersion: v1 kind: Service metadata: name: my-https-service namespace: my-project labels: app: my-website-ssl annotations: service.beta.kubernetes.io/aws-load-balancer-ssl-cert: “arn:aws:acm:ap-southeast-2:xxx:certificate/xxx…” service.beta.kubernetes.io/aws-load-balancer-backend-protocol: “http” service.beta.kubernetes.io/aws-load-balancer-ssl-ports: “https” service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: ‘3600’ spec: type: LoadBalancer selector: app: my-website…
-
Get access to a container in Kubernetes cluster
With Kubernetes(K8s), there’s no need to do ssh user@host anymore since everything is running as containers. There are still occasions when I need shell access to a container to do some troubleshooting. With Docker I can do It’s quite similar in K8s However in K8s containers have random IDs so I need to know the…
-
Kops: Add Policies for Migrated Apps
When migrating some old applications to a Kubernetes(k8s) cluster provisioned by kops, a lot of things might break and one of them is the missing policy for the node. By default, nodes of a k8s cluster have the following permissions: ec2:Describe* ecr:GetAuthorizationToken ecr:BatchCheckLayerAvailability ecr:GetDownloadUrlForLayer ecr:GetRepositoryPolicy ecr:DescribeRepositories ecr:ListImages ecr:BatchGetImage route53:ListHostedZones route53:GetChange // The following permissions are…
-
Notes: BuildKite and Kubernetes Rolling Update
This is kind of a textbook case that container is much more efficient than VM. The CI pipeline in comparison uses AWS CloudFormation to build new VMs and drain old VMs to do a rolling update, which takes around 10 minutes for everything even if it’s just 1 line of code changed. I did a…
-
Why I like BuildKite
BuildKite is a relative new CI toolkit I would like to replace Jenkins with. Here are some pros and cons I thought I could share: Pros: Designed with containers(docker) in mind. Hybrid architecture, console as a hosted service where agents can run anywhere with internet connectivity Build pipeline as code, also very easy to write…
-
Play a bit Kubernetes with Minikube
I’ve just played a bit Kubernetes on my Arch Linux laptop, with Minikube. It’s easier than I thought. Since I’ve already installed VirtualBox from the start, I can use minikube right after I installed it with curl -Lo minikube https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 && chmod +x minikube && sudo mv minikube /usr/local/bin/ The command I used to start…
-
Linux and Wake on LAN
The Internet servers are usually on 24×7, probably that’s why I never had the need to use the Wake on LAN feature on a computer. I’ve just built a home server running Ubuntu Linux, using consumer grade PC parts. To avoid a big surge on my next electricity bill, I plan to only turn on…
-
Install Fluentd with Ansible
Fluentd has become the popular open source log aggregration framework for a while. I’ll try to give it a spin with Ansible. There are quite some existing Ansible playbooks to install Fluentd out there, but I would like to do it from scratch just to understand how it works. From the installation guide page, I…