https://clarity.microsoft.com/
So, what is it?
Clarity is a user behavior analytics tool that helps you understand how users are interacting with your website through features such as session replays and heatmaps.
and it is free from microsoft.
Friday, December 18, 2020
Thursday, December 17, 2020
Google Jamboard
So what is it?
As per the intro. page:
- Visualize your ideas in a new and collaborative way
- Unleash your team’s creativity with Jamboard. Sketch your ideas whiteboard-style while benefiting from the access and connectivity of an interactive canvas. Drop images, add notes, and pull assets directly from the web while collaborating with team members from anywhere.
- Supports real-time co-authoring
Wednesday, October 7, 2020
Linux learning resource
Interactive learning scenarios provide you with a pre-configured Red Hat® Enterprise Linux® instance to experiment, learn, and see how Red Hat can help you solve real-world problems.
Monday, August 31, 2020
100daysofx - practice x for 100 days straight :)
100daysofx
https://www.100daysofx.com/
One such example: https://www.100daysofcode.com/
Friday, August 21, 2020
Kubernetes resource
Thanks to freecodecamp for coming up with this exciting Kubernetes resource.
https://www.freecodecamp.org/news/the-kubernetes-handbook/
Friday, August 14, 2020
Update google-chrome in Fedora
Updating google-chrome:
Visit https://www.google.com/chrome/
and download the rpm.
Update the rpm using:
$ sudo rpm -Uvh /path/to/google-chrome-stable_current_x86_64.rpm
Verify the google-chrome using:
$ google-chrome --version
Thursday, August 13, 2020
Tuesday, August 4, 2020
namespaced resources in k8s
In kubernetes, few resources are namespaced while few are not.
To get the same use api-resources:
# kubectl api-resources --namespaced=true
NAME SHORTNAMES APIGROUP NAMESPACED KIND
bindings true Binding
configmaps cm true ConfigMap
endpoints ep true Endpoints
events ev true Event
limitranges limits true LimitRange
persistentvolumeclaims pvc true PersistentVolumeClaim
pods po true Pod
podtemplates true PodTemplate
replicationcontrollers rc true ReplicationController
resourcequotas quota true ResourceQuota
secrets true Secret
serviceaccounts sa true ServiceAccount
services svc true Service
controllerrevisions apps true ControllerRevision
daemonsets ds apps true DaemonSet
deployments deploy apps true Deployment
replicasets rs apps true ReplicaSet
statefulsets sts apps true StatefulSet
localsubjectaccessreviews authorization.k8s.io true LocalSubjectAccessReview
horizontalpodautoscalers hpa autoscaling true HorizontalPodAutoscaler
cronjobs cj batch true CronJob
jobs batch true Job
leases coordination.k8s.io true Lease
endpointslices discovery.k8s.io true EndpointSlice
events ev events.k8s.io true Event
ingresses ing extensions true Ingress
ingresses ing networking.k8s.io true Ingress
networkpolicies netpol networking.k8s.io true NetworkPolicy
poddisruptionbudgets pdb policy true PodDisruptionBudget
rolebindings rbac.authorization.k8s.io true RoleBinding
roles rbac.authorization.k8s.io true Role
# kubectl api-resources --namespaced=false
NAME SHORTNAMES APIGROUP NAMESPACED KIND
componentstatuses cs false ComponentStatus
namespaces ns false Namespace
nodes no false Node
persistentvolumes pv false PersistentVolume
mutatingwebhookconfigurations admissionregistration.k8s.io false MutatingWebhookConfiguration
validatingwebhookconfigurations admissionregistration.k8s.io false ValidatingWebhookConfiguration
customresourcedefinitions crd,crds apiextensions.k8s.io false CustomResourceDefinition
apiservices apiregistration.k8s.io false APIService
tokenreviews authentication.k8s.io false TokenReview
selfsubjectaccessreviews authorization.k8s.io false SelfSubjectAccessReview
selfsubjectrulesreviews authorization.k8s.io false SelfSubjectRulesReview
subjectaccessreviews authorization.k8s.io false SubjectAccessReview
certificatesigningrequests csr certificates.k8s.io false CertificateSigningRequest
ingressclasses networking.k8s.io false IngressClass
runtimeclasses node.k8s.io false RuntimeClass
podsecuritypolicies psp policy false PodSecurityPolicy
clusterrolebindings rbac.authorization.k8s.io false ClusterRoleBinding
clusterroles rbac.authorization.k8s.io false ClusterRole
priorityclasses pc scheduling.k8s.io false PriorityClass
csidrivers storage.k8s.io false CSIDriver
csinodes storage.k8s.io false CSINode
storageclasses sc storage.k8s.io false StorageClass
volumeattachments storage.k8s.io false VolumeAttachment
Thursday, July 30, 2020
Firefox & extensions
Firefox and its recommended extensions are recommended again:
https://addons.mozilla.org/en-US/firefox/search/?recommended=true&type=extension
Tuesday, July 28, 2020
Placement of argument matters - in few commands
--
For a command like podman, where the argument is placed matters.
for example:
podman run -it 5a934bfaaf12 /bin/bash
This works.
--
If you run the command like
podman run 5a934bfaaf12 -it /bin/bash -> This fails where "-it" is after the image hash.
It fails saying:
Error: container_linux.go:345: starting container process caused "exec: \"-it\": executable file not found in $PATH"
: OCI runtime error
--
Saturday, July 25, 2020
Friday, July 24, 2020
Password prompted with update in sudoers file
Password still prompted inspite of update in sudoers file ?
Check for any comment written there is space between # and the first word.
If there is no space between # and the first word it is no longer a comment.
By opening with gvim, I have identified the issue.
Need to extra cautious even if you put a simple comment :)
I have a rule updated in "includedir /etc/sudoers.d" directory and it was improperly commented.
With proper commenting(adding space) it is fixed.
Thursday, July 23, 2020
Kubernetes concepts
Topics covered:
Kubernetes components
Kubernetes building blocks
Namespace
Batch job
Configmap secrets
Ingress controller
Application health checks
Advanced kubernetes scheduling
Statefulsets
Advanced volume management
Role based access control
Quota management
Helm
Custom resource definition
Logging and Debugging
Monitoring with Prometheus
Istio
CICD
Microservice tracing
Kubeadm
Kubeadm reset - To reset the node state
To know the last output:
kubeadm token create --print-join-command
Kubernetes components
API server
ETCD
Scheduler
Controller manager
Node
==
API server
All administrative tasks performed via API server.
User/Operator sends REST commands to API server, which validates and processes
The requests.
--
ETCD
Key-value store - cluster state stored.
Either with master or externally configured.
--
Scheduler
Schedules work to different worker nodes.
Schedule a work on a node where label disk == ssd is set
Works in terms of pods and services.
--
Controller manager:
Runs all the controllers.
- Node controller
- Replication controller
- Endpoints controller
- Service account and Token controllers
--
Cloud Controller manager
Manage the underlying cloud provider.
Loadbalancer / EBS volumes in AWS.
--
Node
3 main componenets
- Kubelet
- Kube-proxy
- Container runtime
Kubelet
Takes set of podspecs that are provided through various mechanism and
Ensure containers in podspecs are running and healthy.
--
Kube-proxy
Helps in providing k8s service abstraction.
- Network rules, and forwarding incoming connection
--
Container runtime
- Main software responsible for running containers.
--
Pods and service used by kubernetes services.
4149 / TCP Kubelet
10250/TCP kubelet
10255/TCP kubelet
9099/TCP calico-felix
6443/TCP kube-apiserver
--
Static pods - system pods
- Pods not under the control of API server
/etc/kubernetes/manifest/ <static pods>
- Make use of static ip - hostnetwork -
1 vcpu - 1000 millicores
/etc/kubernetes/admin.config
--
// to delete
Kubeadm reset
// master
Kubeadm init
// from the worker node
Kubeadm join
kubectl --config = /path
export KUBECONFIG=/tmp/config
// default
~/.kube/config
--
Frontend + backend -> different type of scaling -> so different pods better.
Multiple containers in a pod -> login + transaction - complimentary in nature. runs together.
IP is per pod (not container).
CNI plugins
api<group> / version/ resource
// to view configuration
kubectl config view
// create / modify existing
kubectl apply
--
Kubernetes Building blocks
- Pods
- Replicasets
- Deployments
- Labels, selectors, Annotation
- Annotations like label but 'without selector'
- Services
- - not tied to deployment
- Daemonsets
- On each node
- No replica count - only one on a node
- Used in monitoring logging
Namespaces
Way to divide the cluster resources between multiple users.
Name of resources are unique within the namespace. (means different namespace you can use same name).
Batch jobs
One or more pods successfully run and then terminate.
Deleting the job -> cleanup the pods created by it.
Configmaps and secrets:
Configmaps are designed to work more conveniently with data
That does not container sensitive information.
Key-value pairs.
Can be used as
- Environment variables
- Command line args for a container.
- Config files in a volume
Configmaps as volumes.
Secrets:
Store and manage sensitive information like credentials and encryption keys.
Image pull secret
Ingress controllers:
Services and pods have IPs only routable by the cluster network.
An Ingress is a collection of rules that allow inbound connections to reach the cluster services.
- Can be configured to give services externally :
- Reachable URLs
- Load balance traffic
- Terminate SSL
- Name based virtual hosting.
kind: Ingress
example.com/b
example.com/g
b.example.com/
g.example.com/
Example: https://github.com/kubernetes-sigs/aws-alb-ingress-controller
Application health checks
Liveness probe
Readiness probe
Scheduling
Schedule work (pods) onto computing resources (nodes)
// It is not about running the pod , it is kublet’s job.
Assigning pod to a node.
Pod auto scaling:
Horizontal pod autoscaling
Custom metrics
Graceful shutdown
Prestop and termination grace period
Drain node
Pod affinity and anti-affinity
Pod disruption budget
Blue green and canary deployment
Taint toleration
Network policy
Statefulset
For stateful workloads like databases.
Manages deployment and scaling of the pods in ordered manner by maintaining a unique, sticky
Identity for each of their pods.
Statefulsets manage pods that are based on an identical container spec.
Pods in a statefulset are not interchangeable.
Each pod has a persistent identifier that it maintains across scheduling.
Kind: Statefulset
- Pod name does not change
- Order in which pods comes up
Storage management
PV
PVC
dynamic provisioning
Storage classes
Subpath
Allows you to mount multiple volumes inside the same directory.
Also, mounting a single volume multiple times with different sub-paths.
Role Based Access control (RBAC)
User -> Authentication -> Authorization -> Admission control (valid request ?) -> k8s objects
Users - not first class citizens in k8s.
- Normal users
- Service account
Service accounts with default names get created as we create a namespace.
User defined service accounts can be created as well, which we can attach to the pod running in the same namespace.
Dashboard special access API server -> needs service account
--
Context -> Cluster + User
kubectl config get-contexts
kubectl config use-context <context name>
--
Operations possible with kubectl:
- Create
- Get
- Delete
- List
- Update
- Edit
- Patch
- Watch
RBAC roles
- Role - only for namespace
- ClusterRole - cluster wide
- RoleBinding - namespace
- ClusterRoleBinding - cluster wide
Rolebinding -> grants permission defined in a role to a user or a set of users.
Quota Resource limits
Resources request
Resource Limit
OOM killer
Resource Quota namespace
Storage limit
Default memory limits and requests
Quotas for API objects
Helm
- yum in k8s world.
Manage kubernetes applications.
Define, install and upgrade complex k8s applications.
Helm charts are easy to create, version, share and publish.
--
--
CRD
CustomResourceDefinitions (CRD) -> plugging in your own managed object and application
as if it were a native k8s component.
kubectl can be used to manage.
Custom controllers.
- Can work with any resources, but effective with custom resources.
logging and Debugging
kubectl logs and exec
kubectl logs <podname > -c <container name>
kubectl get events
kubectl describe pod <podname>
/var/log/containers/kube-controller-manager….log
journalctl -fu kubelet
kubectl --v=6 get pods verbose
v=7, v=8
Monitoring with Prometheus
==
Istio
- Service mesh which provides platform to connect, manage and secure microservices
Network of deployed services with load balancing, service to service authentication, monitoring and more.
Deploying a special sidecar proxy along with the service that tracks all network communication
between microservices.
Sidecars are configured and managed by Istio’s control plane functionality.
==
Traffic shifting:
70% and 30% to two different services.
Istio virtual service
Istio rule
Retry logic
Number of retry attempts for an HTTP request
Maximum number of retries with the default or overridden timeout period.
https://istio.io/docs/tasks/traffic-management/ingress/#determining-the-ingress-ip-and-ports
CICD
CircleCI
CircleCI workflow
ArgoCD
ArgoCD manifest
==
Subscribe to:
Posts (Atom)