Preventing broken connections during pod shut-down
Preventing broken connections during pod shut-down

Ensuring all client requests are handled properly You now have a good sense of how to make pods shut down cleanly. Now, we’ll look at the pod’s lifecycle from the perspective of the pod’s clients (clients consuming the service the pod is providing). This is important to understand if you don’t want clients to run... » read more

The Kubernetes termination lifecycle
The Kubernetes termination lifecycle

The Kubernetes termination lifecycle Once Kubernetes has decided to terminate your pod, a series of events takes place. Let’s look at each step of the Kubernetes termination lifecycle. The container termination sequence 1 – Pod is set to the “Terminating” State and removed from the endpoints list of all Services At this point, the pod... » read more

gitlab package registry
gitlab package registry

Prerequisite: There is a gitlab deployed on an AWS ec2 instance, and you have the relevant permissions to manage this account. Enable Package Registry and use S3 bucket ################################################################################ ## Package repository ##! Docs: https://docs.gitlab.com/ee/administration/packages/ ################################################################################ # gitlab_rails['packages_enabled'] = true # gitlab_rails['packages_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/packages" # gitlab_rails['packages_object_store_enabled'] = false # gitlab_rails['packages_object_store_proxy_download'] = false # gitlab_rails['packages_object_store_remote_directory'] =... » read more

Deploy ReplicaSet With Keyfile Authentication
Deploy ReplicaSet With Keyfile Authentication

Deploy ReplicaSet With Keyfile Authentication ① Create a keyfile openssl rand -base64 756 > mongodb.key # chmod 400 <path-to-keyfile> ② Copy the keyfile to each replica set member sudo mv mongodb.key /var/lib/mongodb sudo chown mongodb:mongodb /var/lib/mongodb/mongodb.key sudo chmod 400 /var/lib/mongodb/mongodb.key ③ Start each member of the replica set with access control enabled net: port: 27017... » read more

CloudFront – Restricting Access to an ALB
CloudFront – Restricting Access to an ALB

CloudFront – Restricting Access to an ALB For web applications or other content served by an Application Load Balancer in Elastic Load Balancing, CloudFront can cache objects and serve them directly to users (viewers), reducing the load on the Application Load Balancer. However, if users can bypass CloudFront and access the Application Load Balancer directly,... » read more

cloudfront implementing nginx-like behavior
cloudfront implementing nginx-like behavior

Default root object If you define a default root object, end user requests for a subdirectory of your distribution do not return the default root object. For example, suppose index.html is your default root object and CloudFront receives an end user request for the install directory under your CloudFront distribution.: https://d111111abcdef8.cloudfront.net/install/ CloudFront does not return... » read more

image optimization
image optimization

image optimization Customer managed solution based on CloudFront, S3, and Lambda The most common use case for image optimization is automatically formatting based on the user’s browser capabilities and allowing the front-end to resize the image. Popular web development frameworks such as Next.JS provide responsive image components that automatically select image sizes based on the... » read more

sftp-restrict user access to directories
sftp-restrict user access to directories

sftp login to the specified directory Modify sshd configuration: /etc/ssh/sshd_config #Subsystem sftp /usr/lib/openssh/sftp-server Subsystem sftp internal-sftp # Change to internal-sftp # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no # PermitTTY no # ForceCommand cvs server Match User test ChrootDirectory /sftpdata/test X11Forwarding no AllowTcpForwarding no PermitTTY... » read more

push image to AWS ECR
push image to AWS ECR

We changed the docker image repository from harbor to AWS ECR. How to push the image? Retrieve an authentication token and authenticate your Docker client to your registry. Use the AWS CLI: aws ecr get-login-password --region ap-east-1 | docker login --username AWS --password-stdin <aws account>.dkr.ecr.<region>.amazonaws.com In this way, we not only have to change the... » read more