kekru

Enable Docker Remote API with TLS client verification

Docker's Remote API can be secured via TLS and client certificate verification.
First of all you need a few certificates and keys:

• CA certificate
• Server certificate
• Server key
• Client certificate
• Client key

Create certificate files

michaellihs

Create Gitlab Personal Access Token using curl

Prerequisites

• You need a Gitlab server up and running
• You need user credentials for a (admin) user on the Gitlab server
• You need curl and Perl on your server

squidpickles

Multiplatform (amd64 and arm) Kubernetes cluster setup

The official guide for setting up Kubernetes using kubeadm works well for clusters of one architecture. But, the main problem that crops up is the kube-proxy image defaults to the architecture of the master node (where kubeadm was run in the first place).

This causes issues when arm nodes join the cluster, as they will try to execute the amd64 version of kube-proxy, and will fail.

It turns out that the pod running kube-proxy is configured using a DaemonSet. With a small edit to the configuration, it's possible to create multiple DaemonSets—one for each architecture.

Steps

Follow the instructions at https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/ for setting up the master node. I've been using Weave Net as the network plugin; it see

htcai

Acknowledgement

This blog benefits a lot from the helpful guidance from mdda and wangruohui.

Notice

Desktop environment sensitivity

The strategy presented below applies to the default desktop environment GNOME3 of Fedora 27, but may not work for others such as KDE Plasma. For instance, KDE tends to crash after installation of NVIDIA drivers. Actually, this is also confirmed by my own recent experience with Fedora KDE Plasma.

anttu

resource "aws_secretsmanager_secret" "IRCSecrets" {
  name = "irc/client/credentials"
  description = "My IRC client credentials"
}

resource "aws_secretsmanager_secret_version" "IRCCredentials" {
  secret_id     = "${aws_secretsmanager_secret.IRCSecrets.id}"
  secret_string = "{\"username\":\"AzureDiamond\",\"password\":\"hunter2\"}"
}

denji

VirtualBox command-line interface (VBoxManage) provides an easy way to convert raw disk image to the VDI/VMDK format and otherwise.

Let's assume that we have raw image of the sdb device:

$ sudo dd if=/dev/sdb of=./sdb.raw

To use it with VirtualBox we need to convert it to the VDI format:

$ VBoxManage convertdd sdb.raw sdb.vdi --format VDI

hslatman

Fluent-bit rocks

A short survey of log collection options and why you picked the wrong one. 😜

Who am I? Where am I from?

I'm Steve Coffman and I work at Ithaka. We do JStor (academic journals) and other stuff. How big is it?

Number	what it means
101,332,633	unique visitors in 2017

colanconnon

FROM continuumio/miniconda3


ENV APACHE_SPARK_VERSION 2.3.1
ENV HADOOP_VERSION 2.7

RUN apt-get -y update && \
    apt-get install --no-install-recommends -y openjdk-8-jre-headless ca-certificates-java && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

fonylew

#!/bin/bash

# First sudo command
sudo whoami

# Update and upgrade
sudo apt update
sudo apt upgrade -y

# Utility

mcastelino

Overview

The goal of this document to cover all aspects of Kubernetes management, including how resources are expressed, constrained and accounted for. This started a way to ensure that alternate container runtime implementation like Kata containers will behave from a resource accounting and consumption point of view in the same manner as runc.

Location of the latest version of this document: https://gist.github.com/mcastelino/b8ce9a70b00ee56036dadd70ded53e9f

If you do not understand cgroups please refer to a quick primer at the bottom of this document. This will help you understand how the resource enforcement actually works.

Kubernetes Resource Management