-
Profiling Tomcat Remotely with Java Mission Control
I was interested to see why a tomcat app runs very slow. In the tooling stage, I picked Java Mission Control(jmc) because it’s a built-in of Oracle Java 8. To enable jmc and its flight recorder, I added the following Java switches to tomcat’s setenv.h file: Having restarted tomcat, double check if the port is…
-
Kubernetes Log Aggregation with Filebeat and Logstash
Following last blog, Filebeat is very easy to setup however it doesn’t do log pattern matching, guess I’ll need Logstash after all. First is to install Logstash of course. To tell Filebeat to feed to Logstash instead of Elasticsearch is straightforward, here’s some configuration snippets: Filebeat K8s configMap: — apiVersion: v1 kind: ConfigMap metadata: name:…
-
Kubernetes Cluster Log Aggregation with Filebeat
Finally the Kubernetes cluster I was working on went live, and I didn’t provide a log aggregation solution yet. I had a look at dynaTrace, which is a paid SaaS. However it requires to install some agent in every container. It’s fun when there’s only several to play with but I wouldn’t rebuild dozens of…
-
Kubernetes External Service with HTTPS
This is a quick example to assign an SSL certificate to a Kubernetes external service(which is an ELB in AWS). Tested with kops 1.8 and kubernetes 1.8. — apiVersion: v1 kind: Service metadata: name: my-https-service namespace: my-project labels: app: my-website-ssl annotations: service.beta.kubernetes.io/aws-load-balancer-ssl-cert: “arn:aws:acm:ap-southeast-2:xxx:certificate/xxx…” service.beta.kubernetes.io/aws-load-balancer-backend-protocol: “http” service.beta.kubernetes.io/aws-load-balancer-ssl-ports: “https” service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: ‘3600’ spec: type: LoadBalancer selector: app: my-website…
-
Get access to a container in Kubernetes cluster
With Kubernetes(K8s), there’s no need to do ssh user@host anymore since everything is running as containers. There are still occasions when I need shell access to a container to do some troubleshooting. With Docker I can do It’s quite similar in K8s However in K8s containers have random IDs so I need to know the…
-
Kops: Add Policies for Migrated Apps
When migrating some old applications to a Kubernetes(k8s) cluster provisioned by kops, a lot of things might break and one of them is the missing policy for the node. By default, nodes of a k8s cluster have the following permissions: ec2:Describe* ecr:GetAuthorizationToken ecr:BatchCheckLayerAvailability ecr:GetDownloadUrlForLayer ecr:GetRepositoryPolicy ecr:DescribeRepositories ecr:ListImages ecr:BatchGetImage route53:ListHostedZones route53:GetChange // The following permissions are…
-
Notes: BuildKite and Kubernetes Rolling Update
This is kind of a textbook case that container is much more efficient than VM. The CI pipeline in comparison uses AWS CloudFormation to build new VMs and drain old VMs to do a rolling update, which takes around 10 minutes for everything even if it’s just 1 line of code changed. I did a…
-
Why I like BuildKite
BuildKite is a relative new CI toolkit I would like to replace Jenkins with. Here are some pros and cons I thought I could share: Pros: Designed with containers(docker) in mind. Hybrid architecture, console as a hosted service where agents can run anywhere with internet connectivity Build pipeline as code, also very easy to write…