Kubernetes: part 5 — RBAC authorization with a Role and RoleBinding example

26 March 2020
 

 The next task is to add a new user who will have access to check pods state and watch logs – any other operations must be prohibited. AWS EKS uses AWS IAM for authentification in a Kubernetes cluster (check the Kubernetes: part 4 – AWS EKS authentification, aws-iam-authenticator and AWS IAM post for details), bot… Read More »

Linux: processes core dumps, systemd-coredump and Debian

14 March 2020
 

 Need to get a dump from fro ma PHP process on Debian 9. In this post will take a Linux kernel mechanism to create and manage processes dumps. Kernel’s dumps are created in another way, check Kdump на Arch Wiki. Linux Core Dump The kernel will create a process dump if it performed an invalid… Read More »

AWS: CloudFormation – Nested Stacks and stacks parameters Import/Export

29 February 2020
 

 Nested Stacks in AWS CloudFormation are stacks, created from another, a “parent”, stack using AWS::CloudFormation::Stack. The main idea behind the Nested Stacks is to avoid writing superfluous code and to make templates reusable. Instead, a template is created only once, stored in an S3 bucket, and during stacks creation – you just refer to it.… Read More »

Linux: gnome-keyring setup as Freedesktop SecretService

26 February 2020
 

 Currently, I’m using KeePass as passwords, RSA-keys, and as the Freedesktop SecretService, see the KeePass: an MFA TOTP codes, a browser’s passwords, SSH keys passwords storage configuration and Secret Service integration post. The first issue I faced with during such a setup is the fact that KeePass’ database is synced between my computers (it’s database… Read More »

Redis: “psync scheduled to be closed ASAP for overcoming of output buffer limits” and the client-output-buffer-limit

26 February 2020
 

 We have a Redis-cluster with Master-slave replication and Sentinel, see the Redis: replication, part 2 – Master-Slave replication, and Redis Sentinel, Redis: fork – Cannot allocate memory, Linux, virtual memory and vm.overcommit_memory, and Redis: main configuration parameters and performance tuning overview posts. The system worked great until we started using it much more actively. Redis… Read More »

Linux: PHP-FPM, Docker, STDOUT and STDERR – no an application’s error logs

24 February 2020
 

 We have a Docker image with NGINX, PHP-FPM, and Supervisor. In the same image, we have our PHP application included, which outputs its errors to the /dev/stderr as per its php.ini file: … [global] error_log=/dev/stderr … The problem is, that if run kubectl logs –  there will be no error output from the application. So,… Read More »

PHP: PHP-FPM ignores environment variables – solutions

19 February 2020
 

 We have a PHP-based application running in Kubernetes and uses settings from a /app/.env file plus environment variables. The problem is that application running in a Docker container can’t see an $TEST_VAR variable although it’s present in the Deployment: … containers: – name: application-dev-web image: bttrm-application:119 … – name: TEST_VAR valueFrom: secretKeyRef: name: bttrm-app-secret key:… Read More »

Kubernetes: running metrics-server in AWS EKS for a Kubernetes Pod AutoScaler

15 February 2020
 

 Assuming, we already have an AWS EKS cluster with worker nodes. In this post – we will connect to a newly created cluster, will create a test deployment with an HPA – Kubernetes Horizontal Pod AutoScaler and will try to get information about resources usage using kubectl top. Kubernetes cluster Create a test cluster using… Read More »