Category Archives: Kubernetes

Kubernetes is an open-source container orchestration system for automating application deployment, scaling, and management.

Kubernetes: Helm – “x509: certificate signed by unknown authority”, and ServiceAccount for Pod

29 September 2021
 

 We have Github runners in our AWS Elastic Kubernetes service cluster, that are used to build Docker images and deploy them with Helm or ArgoCD. On the first helm install run in a Github runner’s Pod, we are getting the “x509: certificate signed by unknown authority” error: Or, if not set an API URL, then we… Read More »

AWS: Web Application Firewall overview, configuration, and its monitoring

19 July 2021
 

  AWS WAF (Web Application Firewall) is an AWS service for monitoring incoming traffic to secure a web application for suspicious activity like SQL injections. Can be attached to an AWS Application LoadBalancer, AWS CloudFront distribution, Amazon API Gateway, and AWS AppSync GraphQL API. In case of finding any request that sits WAF’s rules, it… Read More »

Kubernetes: Deployment Strategies types, and Argo Rollouts

12 July 2021
 

 One of the goals of the ArgoCD implementation in our project is to use new Deployment Strategies for our applications. In this post, we will observe deployment types in Kubernetes, how Deployment is working in Kubernetes and a quick example of the Argo Rollouts. Deployment Strategies and Kubernetes Let’s take a short overview of the… Read More »

ArgoCD: declarative Projects, Applications, and ArgoCD deploy from Jenkins

19 May 2021
 

 An application, cluster, or repository can be created In ArgoCD from its WebUI, CLI, or by writing a Kubernetes manifest that then can be passed to kubectl to create resources. For example, Applications are Kubernetes CustomResources and described in Kubernetes CRD applications.argoproj.io: And are accessible in ArgoCD’s namespaces as common Kubernetes resources: Such an approach… Read More »

ArgoCD: Okta integration, and user groups

17 May 2021
 

 In the previous post ArgoCD: users, access, and RBAC we’ve checked how to manage users and their permissions in ArgoCD, now let’s add an SSO authentification. The idea is that we don’t add user accounts locally in the ArgoCD’s ConfigMap, but instead will use our Okta users databases and Okta will perform their authentication. And… Read More »

Kubernetes: spec.ports[0].nodePort: Forbidden: may not be used when `type` is ‘ClusterIP’

5 May 2021
 

 During applications deploy from a Helm chart described in the Istio: shared Ingress/AWS ALB, Helm chart with conditions, Istio, and ExternalDNS we are getting the “spec.ports[0].nodePort: Forbidden: may not be used when `type` is ‘ClusterIP’” error. Let’s reproduce it and find solutions with kubectl and Helm to solve it. The “spec.ports[0].nodePort: Forbidden: may not be… Read More »

Istio: shared Ingress/AWS ALB, Helm chart with conditions, Istio, and ExternalDNS

27 April 2021
 

 Let’s proceed with our journey with Istio. Previous parts: Istio: an overview and running Service Mesh in Kubernetes Istio: external AWS Application LoadBalancer and Istio Ingress Gateway Besides Istio, in this post, we will also configure ExternalDNS, see the Kubernetes: update AWS Route53 DNS from an Ingress for details. Everything described below is a kind… Read More »

Istio: a cause and solution of the “SQLSTATE Connection refused”

23 April 2021
 

 During starting a pod we got errors “SQLSTATE[HY000] [2002] Connection refused’” in two different applications – a РНР/Yii and NodeJS. In the РHР/Yii it’s coming when we are running a pre-install hook during deployment with Helm and on the MySQL Migration Job execution: Yii Migration Tool (based on Yii v2.0.38)Exception ‘yii\db\Exception’ with message ‘SQLSTATE[HY000] [2002]… Read More »