Browsed by
Tag: kubernetes

Find Kubernetes Ingress Rules

Find Kubernetes Ingress Rules

Suppose you have a kubernetes cluster, which contains a large set of ingress rules, of which many are used for the same hostname (just using different context-root’s / paths). In this case it can be hard to find out which rule is used for a certain URL. To help out in this situation I have created a Linux script to make a nice overview of paths mapped to what services by which ingress rules. You still have to read through…

Read More Read More

Micro-services Architecture with Oauth2 and JWT – Part 6 Oauth2 and Web

Micro-services Architecture with Oauth2 and JWT – Part 6 Oauth2 and Web

The last number of years I have been working in the area of migrating from legacy monolith (web) applications to a (micro) service oriented architecture (in my role of Java / DevOps / Infrastructure engineer). As this is too big of a subject to put in a single blog post, I will split this in 6 parts; (1) Overview, (2) Gateway, (3) Identity Provider, (4) Oauth2/Scopes, (5) Migrating from Legacy, (6) Oauth2 and Web. Oauth2 and Web: To-Do or not…

Read More Read More

Micro-services Architecture with Oauth2 and JWT – Part 5 From Legacy Monolith to Services

Micro-services Architecture with Oauth2 and JWT – Part 5 From Legacy Monolith to Services

The last number of years I have been working in the area of migrating from legacy monolith (web) applications to a (micro) service oriented architecture (in my role of Java / DevOps / Infrastructure engineer). As this is too big of a subject to put in a single blog post, I will split this in 6 parts; (1) Overview, (2) Gateway, (3) Identity Provider, (4) Oauth2/Scopes, (5) Migrating from Legacy, (6) Oauth2 and Web. Introduction Lets start by defining the…

Read More Read More

Micro-services Architecture with Oauth2 and JWT – Part 4 – Oauth2/Scopes

Micro-services Architecture with Oauth2 and JWT – Part 4 – Oauth2/Scopes

The last number of years I have been working in the area of migrating from legacy monolith (web) applications to a (micro) service oriented architecture (in my role of Java / DevOps / Infrastructure engineer). As this is too big of a subject to put in a single blog post, I will split this in 6 parts; (1) Overview, (2) Gateway, (3) Identity Provider, (4) Oauth2/Scopes, (5) Migrating from Legacy, (6) Oauth2 and Web. Introduction Recap: In the previous articles…

Read More Read More

Fluent Bit Elastic Search Data Type Filter

Fluent Bit Elastic Search Data Type Filter

Summary I have created a Fluent Bit LUA Filter to force proper data types to be send to our Elastic Search (log collector) Database, to prevent Elastic from rejecting the log records. GitHub Project: https://github.com/atkaper/fluent-bit-lua-filter-elastic-data-types Environment We are running a bunch of (on premise) Kubernetes clusters, all having around 20 nodes, with many deployments on it. The deployments use different technologies; Java, Kotlin, Node.js, GO, Python, C, … and quite some standard open source applications. Most of them have been…

Read More Read More

K8S Tiller/Helm History Cleanup

K8S Tiller/Helm History Cleanup

GitHub Project: https://github.com/atkaper/k8s-tiller-history-cleanup Introduction In our on premise Kubernetes cluster, we use Helm for a big part of our application / micro-services deployments. Helm uses an engine called Tiller (which is a deployment in the cluster). It executes the installs / updates / deletes, and it stores the results of deployments in the system as config maps. While migrating our applications to a new K8S cluster, we saw that we forgot to set a limit on the history which is…

Read More Read More

K8S Check Certificate Chains

K8S Check Certificate Chains

Github Project: https://github.com/atkaper/k8s-check-certificate-chains Ingress/nginx (running in Kubernetes / K8S) does not like silly certificates, therefore I created two scripts to find wrong ones. The script get-all-k8s-certificates.sh retrieves all certificates from kubernetes, and the check-certificate-chains.sh script verifies the chain’s are complete and in proper ordering. Added md5 hash check on crt and key file to verify the two belong to each other. The check-certificate-chains.sh just reports on WRONG certificates. Run with “-v” option to also show OK’s. Thijs.