Kustomize is a configuration management tool for Kubernetes that allows you to use common sets of manifests that can be changed for each specific environment/cluster, and can be an alternative to (or complement) Helm templates. The general concept of Kustomize is “where, what, and how”: “where” is a base manifest, for example deployment.yaml “what” –… Read More »
The last time I worked with Loki when it was still in Beta, and it looked much simpler then than it does now. In the new project, there is no logging system at all, and since we all love the Grafana stack, we also decided to use Loki for logging. Although to be honest,… Read More »
The blackbox-exporter is an exporter that can monitor various endpoints – URLs on the Internet, your LoadBalancers in AWS, or Services in a Kubernetes cluster, such as MySQL or PostgreSQL databases. Blackbox Exporter can give you HTTP response time statistics, response codes, information on SSL certificates, etc. What are we going to do in this… Read More »
We have Grafana Loki for logs and need to connect an AWS IAM Role with AWS IAM Policy, which gives access to an AWS S3 bucket where Loki’s chunks and indexes will be stored. IAM roles for Kubernetes Pods will work in the same way as IAM roles to EC2 instances: a process inside… Read More »
Pritunl is a VPN server with a bunch of advanced security and access control features. In fact, it is just a wrapper over OpenVPN, adding such Access Control Lists to it in the form of Organizations, users, and routes. The task is to deploy a Pritunl test instance in Kubernetesб so we can take a… Read More »
We continue with a series of posts about Apache Druid. In the first part, we took a look at the Apache Druid itself – its architecture and monitoring, in the second part – we ran a PostgreSQL cluster and set up its monitoring. Next tasks: switch Druid to PostgreSQL as metadata storage instead of Apache Derby… Read More »
After running Pritunl in Minikube, it is not possible to connect to the VPN: … 2022-10-03 13:50:32 TCP/UDP: Preserving recently used remote address: [AF_INET]194.168.3.100:1194 2022-10-03 13:50:32 UDP link local: (not bound) 2022-10-03 13:50:32 UDP link remote: [AF_INET]194.168.3.100:1194 … Check its Kubernetes Service: [simterm] $ kubectl -n pritunl-local get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S)… Read More »
Apache Druid is a columnar database, focused on working with large amounts of data, combining the features and benefits of Time-Series Database, Data Warehouse, and a search engine. The general task is to set up monitoring of the Druid cluster in Kubernetes, so at first, we will see what it is in general and how… Read More »
One of the most valuable features of the kubectl utility is its plugins. Of course, there are things like Lens, widely used by developers who don’t like working in the terminal, or tools like k9s, but kubectl‘s plugins worth for a dedicated post. So, in this post, we will install Krew – kubectl‘s plugins manager,… Read More »
We have Github runners in our AWS Elastic Kubernetes service cluster, that are used to build Docker images and deploy them with Helm or ArgoCD. On the first helm install run in a Github runner’s Pod, we are getting the “x509: certificate signed by unknown authority” error: [simterm] # helm –kube-apiserver=https://kubernetes.default.svc.cluster.local list Error: Kubernetes cluster unreachable:… Read More »