Uncle Iroh always said, “spirit-world is only the place where you can channel your energy and thy is the place where you will find answer to all of your questions.”


Picture by Yancy Min

Git repositories are cool and fancy when the size of your repository is small and less number of files, but what do you do when your repository grows very large I mean very very large say 5G or 10G, or your repository increases to have many many folders and many many files inside them.

Of course, you can convert it into an artifact and push it or binary repositories like JFrog or Nexus. But you really want to manage it via git since it’s kind of free and really cheaper than those other two solutions.

Github and Bitbucket only allow…


Picture by Sai Kiran Anagani

Linux kernel has a feature or application called OOM Killer. It kills the process whenever it is out of memory. OOM decides which process to kill based on a score that it calculates which is called oom_score.

You can find oom_score for each process in /proc/PID/oom_score

That rings the bell but not sure on what basis it gives a score to each process, how does it know which process have less/more?


When you are using Istio, the source ip address gets replaces when it passes through the Loadbalancer and istio ingress, the source ip address gets changed.

Problem

Source IP not being preserved, instead changed to either LB or Node IP address in L4 loadbalancer. This causes issuse like cannot whitelist IP addres for ip filtering, cannot implement rate limiting, logging and visualizing will not work and access control using RBAC cannot be done.

What is Proxy Protocol

It is a convenient way to send connection information like client IP address across multiple servers like NAT or proxies. It requires little change to infrastructure to limit…


Introduction

As we know that using kubeconfig for day to day use is a bad practice, instead each user should be given access based on their account and his/her request should be protected using self signed SSL. This way admin can enforce RBAC on the account and also revoke account if needed.

Here is how you can create user account on k8s and authenticate them using certificates.

This process is supposed to be done by the administrator to provide access to other users to the cluster.

Pre-requisites:

  • Administrator access to the production do cluster, meaning must have admin kubeconfig with you initially.

“You might think that creating random number is easy but its not as easy you think. Entropy as we know is the state of randomness, The more entropy we get, the more randomness there is.

TL;DR

True Randomness is hard. Cannot be achieved. Use /dev/urandom for your UNIX apps in day-to-day use.

First of all, what is Randomness, Randomness in what ?

According to Wikipedia “randomness is the apparent lack of pattern or predictability in events”. When we say anything is random means that it has no order, or predictability. Individual random events are unpredictable. Anything is said random only where the outcome cannot be predicted in advance. Example: If you…


You might know that docker and kubernetes are becoming very popular and having such skill will be very beneficial for you and your company. I have compiled a learning resource for docker and kubernetes. This will be enough to give you understanding and framework of docker and kubernetes which you can use a a primer for your deep dive sessions on docker and kubernetes

A compiled learning resource for DevOps Engineer and Site Reliability Engineering enthusiasts.

Getting Started

Module 1 - Selecting Storage drivers in docker

Module 2 - Running a docker container primer

Module 3 - Logging in docker


Today, I will show you how you can run your own multi-region k8s cluster. First of all, you need to have 3 working VM ready so that we can work on them. For this demo, I have created 3 VMs on vultr cloud provider which can be seen in the following image.

Now, once you have VM working, there are a couple of things that need to be done.

System configuration and Installing kubelet, kubeadm and kubectl (On all nodes)

First, edit the host file of each VM public IPs and hostname in /etc/hosts file.

Master node

127.0.0.1 master-node
IP_OF_WORKER worker-node1
IP_OF_WORKER_2 worker-node2

Worker node 1

127.0.0.1 worker-node1
IP_OF_MASTER master-node
IP_OF_WORKER_2…

Are you using all the real-estate that the screen has to offer?

Do you want your screen to look like this mess?

To this fully utilized clutter-free


Solve the re-occurring could not get lock issue.

Image: Linux Lock. Source: https://www.techsupportpk.com/2017/10/lock-linux-user-accounts.html

When you are new to Linux, you might bump into the following errors, and can be frustrating, if you don’t know what actually happened and how to resolve them.

So, take a deep breath and relax, we will try to fix the problem.

Before you try to solve the problem, let me tell you a little bit about how does lock works in Linux systems.

Lock files on Linux are created to avoid race conditions when multiple processes are running.

There are two types of lock:

  1. Exclusive lock
  2. Shared lock

Exclusive lock

When a process holds an exclusive lock on…

Prabesh Thapa

DevOps / SRE Engineer. Blog: 99devops.com System admin turned SRE. I love Linux.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store