Docker's Remote API can be secured via TLS and client certificate verification.
First of all you need a few certificates and keys:
- CA certificate
- Server certificate
- Server key
- Client certificate
- Client key
The official guide for setting up Kubernetes using kubeadm
works well for clusters of one architecture. But, the main problem that crops up is the kube-proxy
image defaults to the architecture of the master node (where kubeadm
was run in the first place).
This causes issues when arm
nodes join the cluster, as they will try to execute the amd64
version of kube-proxy
, and will fail.
It turns out that the pod running kube-proxy
is configured using a DaemonSet. With a small edit to the configuration, it's possible to create multiple DaemonSets—one for each architecture.
Follow the instructions at https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/ for setting up the master node. I've been using Weave Net as the network plugin; it see
This blog benefits a lot from the helpful guidance from mdda and wangruohui.
The strategy presented below applies to the default desktop environment GNOME3 of Fedora 27, but may not work for others such as KDE Plasma. For instance, KDE tends to crash after installation of NVIDIA drivers. Actually, this is also confirmed by my own recent experience with Fedora KDE Plasma.
resource "aws_secretsmanager_secret" "IRCSecrets" { | |
name = "irc/client/credentials" | |
description = "My IRC client credentials" | |
} | |
resource "aws_secretsmanager_secret_version" "IRCCredentials" { | |
secret_id = "${aws_secretsmanager_secret.IRCSecrets.id}" | |
secret_string = "{\"username\":\"AzureDiamond\",\"password\":\"hunter2\"}" | |
} |
VirtualBox command-line interface (VBoxManage) provides an easy way to convert raw disk image to the VDI/VMDK format and otherwise.
Let's assume that we have raw image of the sdb device:
$ sudo dd if=/dev/sdb of=./sdb.raw
To use it with VirtualBox we need to convert it to the VDI format:
$ VBoxManage convertdd sdb.raw sdb.vdi --format VDI
FROM continuumio/miniconda3 | |
ENV APACHE_SPARK_VERSION 2.3.1 | |
ENV HADOOP_VERSION 2.7 | |
RUN apt-get -y update && \ | |
apt-get install --no-install-recommends -y openjdk-8-jre-headless ca-certificates-java && \ | |
apt-get clean && \ | |
rm -rf /var/lib/apt/lists/* |
#!/bin/bash | |
# First sudo command | |
sudo whoami | |
# Update and upgrade | |
sudo apt update | |
sudo apt upgrade -y | |
# Utility |
The goal of this document to cover all aspects of Kubernetes management, including how resources are expressed, constrained and accounted for. This started a way to ensure that alternate container runtime implementation like Kata containers will behave from a resource accounting and consumption point of view in the same manner as runc
.
Location of the latest version of this document: https://gist.github.com/mcastelino/b8ce9a70b00ee56036dadd70ded53e9f
If you do not understand cgroups please refer to a quick primer at the bottom of this document. This will help you understand how the resource enforcement actually works.