mohanpedala

Table of Contents

• set -e, -u, -x, -o pipefail
• set -e
• set -x
• set -u
• set -o pipefail
• Setting IFS
• Original Reference

set -e, -u, -x, -o pipefail

mohanpedala

• Generate a private key and a CSR(Certificate Signing Request )
• Generate a CSR from an Existing Private Key
• Generate a CSR from an Existing Certificate and Private Key
• Generating SSL Certificates
  • Generate a Self-Signed Certificate
  • Generate a Self-Signed Certificate from an Existing Private Key
  • Generate a Self-Signed Certificate from an Existing Private Key and CSR
  • View Certificates
  • View CSR Entries

• View Certificate Entries

mohanpedala

• Create a “config” file that will be used by SSH-agent to do the forwarding of SSH connection.

$ cd .ssh
$ touch config
$ chmod 600 config
$ sudo vi config

SSH-agent forwarding

Host 

mohanpedala

NGINX Performance Tuning

Content Compressions and Decompression

• Documentation
  • NGINX http_gzip module
  • NGINX http_gunzip module
• Enable gzip. by default, we’re not going to compress the responses that we’re getting from proxied servers or any piece of content that isn’t HTML.
• But if one of our proxied servers happens to send us a pre-compressed response then we probably want to decompress it for clients that can’t handle gzip. In this situation, we’ll use the gunzip module

  $ vim /etc/nginx/nginx.conf

mohanpedala

Getting Started

• Notes
  • Application troubleshooting
  • Cluster Troubleshooting
  • Docker Space issue
  • Controller-Manager
  • Cloud Controller-Manager
  • TAINT
  • Difference between Replication Controller, Replica Sets and Deployements

• ETCD

mohanpedala

Generating SSL Certificates using Let's Encrypt

• Setup a real domain with an SSL certificate from Let’s Encrypt.
• Prereq: Own a Domain
• Documentaion
  • Let's Encrypt
  • Cerbot (https://certbot.eff.org/)
• Seting a domain for binarybutter.com. DNS records are as follows

  NAME    TYPE    DATA
  @       A       MY_PUBLIC_IP_ADDRESS
  

mohanpedala

Helm cheatsheet

• Helm cheatsheet
  • Get started
  • Struture
  • General Usage
  • Template
  • Hooks

mohanpedala

Network Troubleshooting

Inspecting Conntrack Connection Tracking

• Prior to version 1.11, Kubernetes used iptables NAT and the conntrack kernel module to track connections. To list all the connections currently being tracked, use the conntrack command:
• To list conntrack-tracked connections to a particular destination address, use the -d flag:

  conntrack -L -d 10.32.0.1
  

Node connection table full (issues making reliable connections to services)

• It's possible your connection tracking table is full and new connections are being dropped. If that's the case you may see messages like the following in your system logs:

mohanpedala

mohanpedala

Container Design Patterns

1. The single-container design pattern

Employing the single-container pattern means just putting your application into a container. It's how you usually start your container journey. But it's important to keep in mind that this pattern is all about simplicity, meaning that the container must have only one responsibility. That means it's an anti-pattern to have a web server and a log processor in the same container.

Containers are commonly used for web apps, where you expose an HTTP endpoint. But they can be used for many different things.

In Docker, you have the ability to change the behavior of a container at runtime, thanks to the CMD and ENTRYPOINT instructions. So I'm not limited to using containers for HTTP services. I can also use them for any bash script that accepts some parameters at runtime.

By letting containers change behavior at runtime, you can create a base container that can be reused in different contexts. So you'd use the single-container pattern to expose