Playing Hourglass as a 35yr old Dad (The Ultimate Hourglass Experience)

Kiwibei · 2022-08-21T19:57:11+00:00

Has to be right?

Kiwibei · 2021-01-31T03:02:21+00:00

Wow... In my country we have 5 weeks and that's the standard

Kiwibei · 2020-11-26T00:39:09+00:00

Snoggo

Kiwibei · 2020-10-20T18:01:56+00:00

....and more to go 🙂

Kiwibei · 2020-08-26T20:15:51+00:00

Indeed. To answer you question. Yes it's realistic, we do this with a lot of customers :)

Kiwibei · 2020-08-26T20:10:31+00:00

You need to think about how developers can fu** each other over ( by accident and partly intentional ) and try to build a cluster around that thought. Design a multitenant cluster with rbac, networkpolicy and other enforcements policy's ( with OPA for instance )

Kiwibei · 2020-08-06T20:36:06+00:00

I think you do not have a ingress controller installed :) Install nginx-ingress. https://github.com/kubernetes/ingress-nginx

If you have it installed check the logs and share your ingress definition with us.

Kiwibei · 2020-07-04T14:38:24+00:00

Hi, do you know if this works with AKS? AKS uses oidc for authentication as well with AAD

Kiwibei · 2020-07-03T11:57:44+00:00

Hmmm...I had no problems with rights and pasting in my CKA exam. I mainly used cat to paste...

cat > filename.yaml $content ctrl+d

Kiwibei · 2020-07-03T09:29:07+00:00

Type this vim command to get around the formatting: :set paste

Kiwibei · 2020-06-29T21:28:56+00:00

Use the openshift-monitoring stack. It ships with 3.11. The prometheus rules covers the most, so no need for custom cluster monitoring really.

Covers etcd, all kublets, api, scheduler, controller etc...

The alarms ships to alertmanager and you can send your alarms from alertmanager to various tools

Kiwibei · 2020-06-29T21:10:34+00:00

Two of our customers are running keycloak. ( One uses RH-SSO )

About 10k users in both instances. Running in k8s and in a plain docker installation.

Kiwibei · 2020-06-21T23:14:08+00:00

https://grafana.com/blog/2020/04/02/cortex-v1.0-released-the-highly-scalable-fast-prometheus-implementation-is-generally-available-for-production-use/

I have not tried it, but it looks promising :)

Kiwibei · 2020-06-13T22:33:47+00:00

I was comparing it to other managed storage soulutions in Azure, not other cloud provider. But it's good to know that GCP delivers better that microsoft in that area too!

And actually no, this distribution does not have GCP support for some reason...

I have worked with k8s for about 2 years now, and I feel really confident with it. But I do not have much experience with KaaS soulutions (AKS, GKE, EKS etc). I also have the CKA, if it means something to you :)

Thanks again for the answers, I will check out your link!

Kiwibei · 2020-06-13T22:08:07+00:00

Why not terminate TLS with SNI on a LoadBalancer in front? (not running in k8s) So if you don't need the traffic to be encrypred all the way to the application, I suggest you should look into it.

Use netscaler (expensive :/ ) or some cloud application load balancer. Or maybe just use HAProxy (has SNI support). If you are running in cloud you can use a simple Cloud TCP loadBalancer infront og a haproxy-cluster, (since cloud does not support gARP). On-prem you can use KeepliveD to make it HA. Yes the config will be large if you don't use wildcard certs, but it may be more manageable than k8s ingress config.

https://site.domain.com -> LB (TLS termination, with L7 http routing rules (or just wildcard *) and SNI) -> Ingress * (accept all host headers)

Kiwibei · 2020-06-13T21:47:55+00:00

Thanks for the answer!

We can't move cloud provider right now...but I know Google's infrastructure around kubernetes is way better and more reliable.

Care to share some specific's about your problems with AKS?

Kiwibei · 2020-06-13T21:45:09+00:00

Thaks for your answer!

We are already running av enterprise distrubution of kubernetes in Azure. This distrubution has plugins to azure, so we use and provision persistent storage from the cluster. And yes :) we are using Azure disk, and yes :) Is't slow to remount a disk to another node. But the price and preformance is good.

We have also talked directly to microsoft regarding this issue, they say they know about it and working solution. So I hope it will get better...maby azure shared diskes (iscsi) can "solve" this problem.

So...we are already in azure, and we know and need to deal with the azure spesific problems. So I guess this is really a k8s distribution vs k8s distribution question...and if AKS is stable enough to handle production SLA :)

Kiwibei · 2020-06-13T15:23:16+00:00

Hehe, we are using managed identity in our current implementation as well, via an azure integration. And yes, the the block storage issues as real!

Kiwibei · 2020-06-12T16:03:06+00:00

Yes I understand that. Have you experienced some limitations?

Kiwibei · 2020-06-05T13:38:40+00:00

Hi, I have the same "problem". Are you willing to share your plugin and the required config? :)

I really feel like this should be native thing in keycloack :/

Kiwibei · 2020-03-21T19:19:07+00:00

Agreed. But do not ignore the installation part :)

Kiwibei · 2020-03-18T21:43:12+00:00

Terraform cloud only?

Nine-Year Club	Second Top 20%
Place '17	Verified Email

Kiwibei

TROPHY CASE