You might have various kinds of resources in the AWS account, such as EC2, S3, RDS, DocumentDB, etc and you always don’t want to expose public accesses for them, so how would you or developers access to them securely?
The Bastion server is a common solution which is like a recipient or front desk of your private resources in AWS. It makes sure the visitor is authorized or authenticated to access the office or the people inside the building.
A bastion host is a server whose purpose is to provide access to a private network from an external network, such as the Internet. …
Kubernetes Patterns, like Design Patterns, abstracts Kubernetes primitives into some repeatable solutions to solving problems. Here is the previous post for an introduction of Kubernetes Patterns in details.
Predictable Demands pattern is about how the application requirements should be declared.
The requirement for a container running in Kubernetes are mostly including runtime dependencies (like file storage) and resource profiles (CPU, Memory, etc).
File storage is one of the typical runtime dependencies of applications for saving states. …
I browsed lots of online resources and instructions to setup Kuberhealthy with Prometheus and Grafana together on a local Kubernetes environment like Minikube, but unfortunately, none of them works for me.
Most of the instructions and articles listed installation steps for each of them but seldom showed the steps for:
There are some extra steps needed for most cases after you installed them and this post would show you how to make them work together. …
This article introduces a network issue I met when I was using Minikube as a developing environment for running and testing Kuberhealthy locally and how I did troubleshooting about it.
The phenomenon is the Pod running a KHCheck (a customized resource in Kuberhealthy, like a probe, running tests and reporting results back to Kuberhealthy service) was unable to send the result back to the Kuberhealthy service in the same namespace of a Kubernetes cluster on Minikube. The details are illustrated in the section of Issue below.
Before starting, I just clarify my environment first:
OS: macOS Catalina version 10.15.7
Minikube: v1.16.0 on Darwin 10.15.7
Kubernetes: v1.20. …
This article is talking about the book of Kubernetes Patterns, Reuseable Elements for Designing Cloud-Native Applications by Bilgin Ibryam & Roland Huß.
As a developer with cloud-native applications, I can’t wait for sharing my ideas about this book. Like the book of Design Patterns: Elements of Reusable Object-Oriented Software by the Gang of Four, this book introduces some common use cases, best practices and principles for Kubernetes. No matter what kind of Kubernetes you are working on, managed (by cloud platforms, eg: AWS, GCP, etc.) or on-premise, it could be definitely helpful.
I would try to summarize the points I learned or found interesting or important and also add my corresponding experiences. It really covers lots of scenarios in the work you might meet so I highly recommend this book if you are working or will work with Kubernetes. …
Dockerfile is the basic concept for building Docker images. It is better to understand it if you want to dig into Docker image building scenarios a bit more deeply.
Dockerfile is a text file that contains a list of commands (instructions), which describes how a Docker image is built based on them. The command
docker build tells Docker to build the image by following the content (instructions) inside the Dockerfile.
Dockerfile starts with a
FROM command which indicates the base image. The subsequent commands in the Docker file are executed on the base image which must be a valid image.
Here is the…
When I tried something with Docker volume, I wanted to check the volume contents from the host file system. Here is the command I used to create the container with a data volume specified:
docker container run -it --name mycntnr -v /mydata ubuntu:latest /bin/bash
Then, I also created 3 empty file in the volume /mydata:
touch a b c
However, I followed the instruction to check the volume from the Docker host system (my Mac OS) with the following command:
sudo screen ~/Library/Containers/com.docker.docker/Data/vms/0/tty
It returned me a message of “Operation not permitted” and then quitted from the screen. …
I installed an Ubuntu OS on VirtualBox in my MacOS which is a minimal server version. So I decide to connect to it via SSH with my terminal instead of the VM console.
Here is what I did:
sudo apt-get install openssh-server
sudo systemctl enable ssh
sudo systemctl start ssh
It should be able to connect itself via SSH connection if everything is correct.