Cornucopia of Ideas - Kubernetes, Cloud, GNU/Linux,Networking, Security and more ...

nginx-ingress Websocket Connection

I had an issue with minio web console that, it stuck at “Loading” message while viewing “Object Browser”. Another issue with portainer that shell console closed immediately. They all sound to me due to the same exact issue. I figured out with help of Browser developer tools, that it logs very same message in the console. WebSocket connection failed: Error during WebSocket handshake: Unexpected response code: 400 Solution Adding following annotations to ingress resource did the trick.

Issuing Certificate with cert-manager

cert-manager is a X.509 certificate controller that allows you issue certificate from variety of certificate issuers and renew certificates automatically before they expire in your containerized environment. You can find more info about installation cert-manager Configuration Once cert-manager is installed first thing to be configured is Issuer or ClusterIssuer. These two resources represent Certificate Authority able to sign certificates in response to CSR. In this post certificate will be issued from Let's Encrypt.

HashiCorp Vault Disk Inode Is Full!

Recently, I had very interesting issue with Vault that, it stopped functioning two hours after integration with Redfish Bare-Metal Host Monitoring which uses Approle to get iLO user and credential. Vault audit logs shows that Approle for redfish monitoring requested heavly in a second. It might be still normal for around 80 Physical servers polling, but something is still not quite okay. After some investigation and tests, it was found that File system Inode for Vault file backend run out of space.

CheckMK Programmatic Hostdowntime

Sometimes you may have situation that you have to set/remove check_mk hostdowntime through multiple hosts due to planned maintenance to avoid false notifications and keep “unplanned maintenance” times correct for SLA reports. The GitHub repo contains both Ansible playbooks and shell scripts to set/remove/show host downtimes programmatically in check_mk. Both Ansible playbooks and shell scripts in GH repo are tested on check_mk version 2.0.0p31 (CFE) Happy monitoring :)

Satellite Compute Resource Provider Password Update

Satellite Compute Resource Provider Password Update Sometimes you may have an environment with strict requirements that even technical accounts have to be rotated by Privilege account manager(Cyberark etc.) regularly. That means any technical account used by the service has to be in-sync with the Privilege account manager. For this post, it will be shown you how to Compute Resource provider password updated regularly on Satellite, which is required if you are provisioning your RHEL systems to Virtualization Platforms(oVirt, vmWare etc.

Multinode Kubernetes Cluster with LXC and microk8s

In this post, multinode Kubernetes cluster will be built using lxc and microk8s. It is one of the quickest method to deploy multi-node Kubernetes cluster up and running in minutes. Installing LXC You can enable lxc on your system either installing lxc or lxd package. yilgo@pop-os:~$ sudo apt-get install lxc OR yilgo@pop-os:~$ sudo apt-get install lxd Inital configuration of LXC After installation, initial setup of lxc is necessary,networking and storage e.