Cloud Devops Automation

1. Download the docker repository wget https://download.docker.com/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker.repo 2. Install the docker-ce on the system as yum install docker-ce -y 3. Create a directory as mkdir /root/certs 4. Go to the website sslforfree.com and generate the keys for your domain by manually verifying your domain and copy in the /root/certs directory 5. unzip the certs downloaded from sslforfree.zip unzip sslforfree.zip ls -ltr -rw-r--r--. 1 centos centos 5599 Feb 19 11:11 sslforfree.zip -rw-r--r--. 1 root   root   1703 Feb 19  2019 private.key -rw-r--r--. 1 root   root   1922 Feb 19  2019 certificate.crt -rw-r--r--. 1 root   root   1646 Feb 19  2019 ca_bundle.crt 6. Create the 2 directories as [root@ip-10-240-43-119 certs]# mkdir -p /opt/registry/data [root@ip-10-240-43-119 certs]# mkdir -p /var/lib/registry 7. Start and enable the docker service as [root@...

This error can occur if docker is not able to verify your certificate provider which might be due to the issue of bundle certificates used to verify the Certificate authority in absence of which you might be getting this error. There is a workaround for this in which case it will ignore the certificate validation. Create a file as /etc/docker/daemon.json touch /etc/docker/daemon.json Enter the following content in the daemon.json file replacing the endpoint for your repository as [root@ip-10-240-43-119 certs]# cat /etc/docker/daemon.json {     "insecure-registries" : [ "registry.unixcloudfusion.in" ] } Go ahead and restart your docker service as systemctl restart docker Than try to push again to the repository this time you shouldn't get an error message.

I got this error while running kubectl exec busybox-744d79879-q4bvl -- /bin/sh which resulted in error: unable to upgrade connection: Forbidden (user=kubernetes, verb=create, resource=nodes, subresource=proxy) Cause/Resolution:- Your kubernetes apiserver is using a client certificate with CN=kubernetes to connect to the kubelets and that user is not currently authorized to use the kubelet API. By default system:kubelet-api-admin cluster role defines the permissions required to access that API. You can grant that permission to your apiserver kubelet client user with kubectl create clusterrolebinding apiserver-kubelet-api-admin --clusterrole system:kubelet-api-admin --user kubernetes

1. Coming to the age of the microservices the older monitoring systems are not much dependable especially when you have a dynamic environment where containers keep coming up and down. 2. Prometheus is an open-source monitoring and alerting system built at soundcloud in 2012 and now managed by Cloud native computing foundation in 2016 as the second hosted project after Kubernetes. 3. Prometheus main featues include a multi-dimensional data model with time series data identified by metric name and key/value pairs which helps in understand overall performance of the sytem graphically. 4. Prometheus support PromoQL, a flexible query language to leverage this dimensionality. 5. It's not reliant on distributed storage like zookeeper rather single server nodes are autonomous. 6. Time series collection happens via pull model over http and pushing is supported via an intermediary gateway. 7. Targets for the monitoring are discovered via service discovery or static configura...

Consider the following diagram to understand how the container calls the images in the dockerhub initially and how we can replace the dockerhub with our own local registry to store our docker images which will only be available in our own network , thus making it more secure For a detailed walkthrough on how you can create your own private docker registry, go through the following video in which we have demonstrated how you create your own private docker registry in the nonproduction environment.

As the introduction of the distributed microservices architecture for creating web/mobile based applications has increased and the orchestration tools such as kubernetes, public clouds has increased and made it more convenient to facilitate these microservice based architecture so the next demand is towards the deployment of the service mesh. The term service mesh is used to describe the network of microservices that make up the applications running in an environment and how they are interacting amongst themselves. As the environment grows so the is the size of the services and there complexity to communicate both synchronously and asynchronously due to which it becomes harder and challenging to understand and manage such environments. Than the requirements such as service discovery, load balancing, failure recovery, metrices and continuous monitoring often combines the requirement for more complex operational requirements like A/B testing, canary releases, rate limiting, access c...

This error occurred when i tried implementing the s3 bucket policy. this is due to the following policy which i was implementing             "Action": [                 "s3:GetBucketLocation",                 "s3:ListBucket",                 "s3:GetObject",                 "s3:PutObject"             ],             "Resource": [                 "arn:aws:s3:::bucketname"             ] The issue here is , I was trying to implement it on the bucket only when the action has to applied in the form of regex to all the objects under the bucket so i replaced it with             "Action": [             ...

If you are getting the below error while updating the AWS ECS service Unable to create a new revision of Task Definition prod-not****:2 Docker label key owner contains invalid characters, does not match pattern ^[_\-a-zA-Z0-9.]+$ Solution:- In my case although the key value for the docker label appears to be correct there was an extra space in the key towards the end due to which i was not able to update key value and since it was not matching the regex which AWS has implemented on its end to verify the content , the ecs service was not allowing to update the configuration. So check you don't have extra spaces and your labels are matching the regex which AWS Ecs service allows.