Cloud

Architecture Glossary Certification tips Bookmarks kubectl imperative commands Docker vs containerD ctr nerdctl crictl etcd etcdctl kube-apiserver kube-controller-manager ReplicaSets Deployments Services Gems Architecture +----------------------+ | kube-apiserver | +----------+-----------+ | +------------------------+-----------------------+ | | +------+-------+ +--------+---------+ | etcd | | kube-scheduler | +--------------+ +------------------+ +--------------------------------------------------------+ | | +------+------------------+ +----------+-------+ | kube-controller-manager | | Cloud Controller | +--------------+----------+ +-------+----------+ << CONTROL PLANE COMPONENTS >> ------------------- << WORKER NODE COMPONENTS >> +--------------------+ +-------------------+ | Kubelet | | Kubelet | | kube-proxy | | kube-proxy | | Container runtime| | Container runtime| +--------------------+ +-------------------+ Node 1 Node 2 Glossary Term Definition cri Container Runtime Interface, the contract between k8s and the container runtime crictl ctr Debugging tool for containerD oci Open Container Initiative, formalised the specification of an imagespec and a runtimespec nerdctl Docker like CLI experience for containerD Certification tips Bookmarks https://kubernetes.io/docs/reference/kubectl/conventions/ ...

CKA topics Kubernetes in a nutshell Lab environment kubeadm init sample output Buliding kubernetes clusters Networking kubeadm kubectl Contexts Resources CKA topics Cluster Architecture, Installation & Configuration: How to set up and configure a Kubernetes cluster, including how to install and configure a Kubernetes cluster using kubeadm, how to upgrade your cluster version, how to backup and restore an etcd cluster, and how to configure a pod to use secrets Workloads & Scheduling: How to deploy a Kubernetes application, create daemonsets, scale the application, configure health checks, use multi-container pods, and use config maps and secrets in a pod. You’ll also need to know how to expose your application using services Services & Networking: How to expose applications within the cluster or outside the cluster, how to manage networking policies, and how to configure ingress controllers Storage: How to create and configure persistent volumes, how to create and configure persistent volume claims, and how to expand persistent volumes Troubleshooting: How to troubleshoot common issues in a Kubernetes environment, including how to diagnose and resolve issues with pods, nodes, and network traffic Kubernetes in a nutshell Control plane management components that mother-hen nodes and pods. Key components: ...

A living post of the tools, frameworks and guidance that have made life with Azure better. So we’ve had a big couple of months at Mexia working with Microsoft and the Azure Service Bus. Just in this small timespan, the platform has been evolving rapidly; a new version of the SDK (1.6) was dropped, offical documentation has undergone complete rewrites, the service bus pricing model was overhauled (for the better)… As a developer working with Azure, it is also very volitile grounds. The (ever growing) Azure community is doing an amazing job filing the many gaps that exist in the overall development experience, as the technology matures. ...

Service Bus samples and documentation often cover how to request a token from Access Control Services via REST. Here we touch on caching said token, and consider its renewal upon expiry. The .NET Azure Service Bus API, from the Microsoft.ServiceBus and Microsoft.ServiceBus.Messaging namespaces, provide a number of useful abstractions when developing a brokered messaging solution. The API is nice, because is lets you focus on the business problem at hand, while keeping the boilerplate, protocol related interaction nicely tucked away. Example: ...

My experience authenticating clients with the Windows Azure AppFabric Access Control Service (ACS) using X.509 certificates. Here’s the scenario. A consumer (Alice) wants to publish a message to the Azure AppFabric Service Bus, however before doing so, somehow needs to prove that she is in fact Alice. Taking a certificate based approach, requires Alice to craft a SAML token which amoung other things states “i’m Alice” (relying party scope), and signing this token with Alice’s (private key) certifcate. If Alice were to deliver this token to ACS (https://yournamespace.accesscontrol.windows.net/v2/OAuth2-13), and a relying party, rule group and service identity with Alice’s public key had been configured, ACS in return would give Alice another token (a SWT token by default) signed with a specified signing key, which Alice could use from that point to prove identity. ...