K8s on Baremetal: IP Passthrough

I’ve received complaints about inside biz pods, apps didn’t get the right client (instead of public IPv4 IP, they only got in-cluster IPs like 10.233.x.y, or the host IP), so they couldn’t block the over requesting clients by IP. The topology: As the rate limit component works fine under development, that should be due to some reasons that make the app not get correct IPs. Let’s do quick experiments. # svc....

May 21, 2024 · 4 min · 658 words · Me

K8s on Bare metal: Teleport by helm

Helm Charts here, I use terraform + helm provider to install teleport charts. We have to start from here: https://goteleport.com/docs/reference/helm-reference/ For a K8s cluster, we need at least install no less than two components: teleport-cluster teleport-operator is included teleport-kube-agent A few steps further: setup Github Login setup applications Also, we need cert-manager to issue certificates. As we need DNS solver, this means we need to create a TXT record of that domain every time when we issue a wildcard domain to get verified by ACME, which means we need to configure according to different DNS providers....

May 20, 2024 · 4 min · 816 words · Me

Make Opencat Connect Perplexity

In my routine, I always use Perplexity to solve my problems and help find the answers or summarize the web page or “Google that for me”. What’s more, if you subscribe its Pro Plan, you will get 5 USD each month for the API usage. If you are interested, you can use my refer to register. Brilliant. API usage is quite convenient and can cover the scenes in which you do not want to break the continuity of your work and want to do quick asks and get quick answers, e....

May 6, 2024 · 2 min · 369 words · Me

K8s Trivial Questions

Here are some examples or illustrations that I use quite a lot in my work routine. How to reuse env parameter in another one(e.g. assemble many into one) That’s quite useful for database DSN configuration like work cases. apiVersion: v1 kind: Pod metadata: name: mysql-app spec: containers: - name: mysql-container image: mysql:5.7 env: - name: mysql_host value: "mysql.default.svc.cluster.local" - name: mysql_db value: "myapp" - name: mysql_port value: "3306" - name: PROTOCOL value: "mysql" - name: mysql_dsn value: "$(PROTOCOL)://$(mysql_host):$(mysql_port)/$(mysql_db)" Why my kustomization replaced my base envFrom?...

April 30, 2024 · 1 min · 135 words · Me

ArgoCD intermittent updates to manifest fail

Under our scenario we put Github Actions to use argocd cli to update our app’s manifest, which is like below - name: Update ArgoCD Image uses: clowdhaus/argo-cd-action/@main if: ${{ inputs.argocd_app_name != '' }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: version: 2.6.7 command: app set ${{ inputs.argocd_app_name }} options: | --server ${{ vars.ARGOCD_URL }} --kustomize-image ${{ fromJSON(steps.meta.outputs.json).tags[0] }} --auth-token ${{ secrets.MEEX_ARGOCD_TOKEN }} In this case, the cli will update argocd app manifest of source....

April 30, 2024 · 2 min · 363 words · Me