It’s not often, but sometimes I need to boot the system from a USB and rebuild initramfs-linux.img. This post is more of a quick note to myself on how, what, and where to mount on my laptop to run mkinitcpio, as I have LVM partitions, separate disk partitions for /boot, and swap. iwctl and WiFi… Read More »
We are migrating our Backend API from DynamoDB to AWS RDS PostgreSQL, and several times RDS crashed. Actually, given that we took db.t3.small with two vCPUs and two gigabytes of memory to save money, it was quite expected, but I wondered why everything was crashing. A few days later, I started to debug the issue,… Read More »
We use GitHub Actions for deployments, and eventually came to the point where we wanted to run its Runners on our own Kubernetes cluster because: self-hosted GitHub Runners are cheaper – in fact, you pay only for the servers that run the jobs we need to run SQL migrations on AWS RDS in AWS VPC… Read More »
We have a new EKS cluster 1.30 on our project, where we want to completely remove the old IRSA with OIDC and start using EKS Pod Identities – see AWS: EKS Pod Identities – a replacement for IRSA? Simplifying IAM access management. And everything seems to work fine, but when I started deploying our Backend… Read More »
It seems like a common task to update a version of a Terraform module, but terraform-aws-modules/eks version 20.0 had some pretty big changes with breaking changes. The changes relate to authentication and authorization in AWS IAM and AWS EKS, which I analyzed in the post AWS: Kubernetes and Access Management API, the new authentication in… Read More »
We’re preparing to migrate our Backend API database from DynamoDB to AWS RDS with PostgreSQL, and finally decided to try out AWS RDS IAM database authentication, which appeared in 2021. IAM database authentication, as the name implies, allows us to authenticate to RDS using AWS IAM instead of the login-password from the database server itself.… Read More »
We have an API service with Gunicorn in Kubernetes that periodically returns 502, 503, 504 errors. I started debugging it, and found a weird thing: there were no messages in the logs about the received SIGTERM, so I first went to deal with Kubernetes – why doesn’t it send it? The Issue So, here’s what… Read More »
Sometimes, when deploying Helm charts, the error “UPGRADE FAILED: another operation (install/upgrade/rollback) is in progress” may appear: It can occur because the previous deployment failed due to errors in the chart, or the connection between the build machine and the Kubernetes cluster was lost. Check the release status with ls –all: $ helm -n dev-backend-api-ns… Read More »
After the latest Arch Linux upgrade, Yay reported the following error: yay: error while loading shared libraries: libalpm.so.13: cannot open shared object file: No such file or directory First, let’s check if we have the libalpm library file, and which version: $ sudo find / -type f -name “*.so*” | grep libalpm /usr/lib/libalpm.so.14.0.0 So, we… Read More »
Currently, we are able to collect our API Gateway logs from the CloudWatch Logs to Grafana Loki, see. Loki: collecting logs from CloudWatch Logs using Lambda Promtail. But in the process of migrating to Kubernetes, we have Application Load Balancers that can only write logs to S3, and we need to learn how to collect… Read More »