kubectl apply -f https://raw.githubusercontent.com/pavolloffay/kubecon-eu-2023-opentelemetry-kubernetes-tutorial/main/app/k8s.yaml
kubectl port-forward svc/frontend-service -n tutorial-application 4000:4000
kubectl patch deployment frontend-deployment -n tutorial-application -p '{"spec": {"template":{"metadata":{"annotations":{"instrumentation.opentelemetry.io/inject-sdk":"true"}}}} }'
kubectl patch deployment backend1-deployment -n tutorial-application -p '{"spec": {"template":{"metadata":{"annotations":{"instrumentation.opentelemetry.io/inject-python":"true"}}}} }'
- download
istiooc
binary https://github.com/openshift-istio/origin/releases - run
./istiooc_linux cluster up --istio=true
Build and tag the image brefore running oc cluster up
so it can be consumed from local registry.
- build modified ansible image
cd openshift-ansible && docker build -f images/installer/Dockerfile.istio -t openshiftistio/origin-ansible .
- remove/rename the old image
docker rmi <sha>
- tag new image appropriately
docker tag 17fece18c5ca openshiftistio/origin-ansible:<>
the version is usually the same asistiooc
Disclaimer: This piece is written anonymously. The names of a few particular companies are mentioned, but as common examples only.
This is a short write-up on things that I wish I'd known and considered before joining a private company (aka startup, aka unicorn in some cases). I'm not trying to make the case that you should never join a private company, but the power imbalance between founder and employee is extreme, and that potential candidates would
package tlscfg | |
import ( | |
"crypto/tls" | |
"fmt" | |
"github.com/stretchr/testify/require" | |
"go.uber.org/zap" | |
"io/ioutil" | |
"net/http" | |
"testing" |
This issue contains my knowledge of SearchGuard configuration in image https://github.com/openshift/origin-aggregated-logging/tree/master/elasticsearch/sgconfig. Which is then used in https://github.com/openshift/elasticsearch-operator.
SearchGuard is configured in these files:
sg_action_groups.yml
- ES privileges https://www.elastic.co/guide/en/shield/2.2/privileges-list.html mapped into SG groups . Note that there are cluster and index privileges. These grous are then used insg_roles.yml
sg_roles.yml
- maps users with action groups - e.g.jaeger
canREAD
sg_roles_mapping.yml
- maps users/roles to authentication types
Curator will be authenticated via certificates:
java.lang.Exception: Event onLoad failed for instrument class com.oracle.truffle.tools.agentscript.impl.AgentScriptInstrument and listener/factory com.oracle.truffle.tools.agentscript.impl.AgentObject$1@7fac1c65f790. | |
at com.oracle.truffle.api.instrumentation.ProbeNode.exceptionEventForClientInstrument(ProbeNode.java:649) | |
at com.oracle.truffle.api.instrumentation.InstrumentationHandler.notifySourceBindingLoaded(InstrumentationHandler.java:877) | |
at com.oracle.truffle.api.instrumentation.InstrumentationHandler.notifySourceBindingsLoaded(InstrumentationHandler.java:865) | |
at com.oracle.truffle.api.instrumentation.InstrumentationHandler.onLoad(InstrumentationHandler.java:209) | |
at com.oracle.truffle.api.instrumentation.InstrumentAccessor$InstrumentImpl.onLoad(InstrumentAccessor.java:174) | |
at com.oracle.truffle.api.impl.TVMCI.onLoad(TVMCI.java:154) | |
at org.graalvm.compiler.truffle.runtime.GraalTVMCI.onLoad(GraalTVMCI.java:92) | |
at org.graalvm.compiler.truffle.runtime.GraalTruffleRuntime.createClonedCallTarget(GraalT |
cat <<EOF | kubectl apply -f - | |
apiVersion: jaegertracing.io/v1 | |
kind: Jaeger | |
metadata: | |
name: simple-prod | |
spec: | |
strategy: production | |
storage: | |
type: elasticsearch | |
options: |
This readme describes how to configure Jaeger storages and various Jaeger services.
This section describes how to configure Jaeger with Cassandra storage
https://github.com/pcmanus/ccm
# create one node cassandra
ccm create test -v 3.11.0 -n 1 -s
minikube start --vm=kvm | |
minikube stop | |
minikube delete | |
minikube service jaeger-all-in-one | |
# Google Cloud | |
gcloud auth application-default login | |
gcloud auth activate-service-account --key-file client-secret.json | |
gcloud auth revoke | |
gcloud projects list |
""" | |
Note: There are several variations to do the same thing (see # or). The idea | |
is to choose the best (one or so) of the variations and implement that. I.E. | |
these are different designs possibilities for the API. | |
""" | |
""" | |
Filtering | |
""" |