mitzen

This link here offers common use-cases for policy enforcement for OPA  https://open-policy-agent.github.io/gatekeeper-library/website/validation/containerlimits

 Dotnet 7 has it own default rate limiting capabilities. https://devblogs.microsoft.com/dotnet/announcing-rate-limiting-for-dotnet/

In this session we are going to create a graphql sample app that uses mutation and subscriptions. Graphql subscriptions uses websocket to continuously 'listen' for new event when a mutation (add/delete/update) even takes place. In this example, we are using implementation first approach. In my startup code, I initialize graphql with the following code, adding SubscriptionType and MutationType.      builder . Services     . AddGraphQLServer ()     //.ConfigureSchema(sb => sb.ModifyOptions(opts => opts.StrictValidation = false))     . AddSubscriptionType < Subscription >()     . AddMutationType < Mutation >()     . AddQueryType < Query >()     . AddInMemorySubscriptions (); Next, ensure you turn on websocket by using the following code. The method MapGraphQL is a middleware that provides access to the /graphql endpoint when the application starts up - essentially access to Hotchoc grapql client UI. There's an option to expose a custom endpoint for issu

Ran into this error when trying to get my graphql running  " The schema builder was unable to identify the query type of the schema. Either specify which type is the query type or set the schema builder to non-strict validation mode. " To resolve this we either had to downgrade schema checking, for example builder . Services     . AddGraphQLServer ()     . ConfigureSchema ( sb => sb . ModifyOptions ( opts => opts . StrictValidation = false ))     . AddSubscriptionType < Subscription >()     . AddMutationType < Mutation >()     . AddInMemorySubscriptions (); Or adds a dummy AddQueryType, as shown below.     builder . Services     . AddGraphQLServer ()     //.ConfigureSchema(sb => sb.ModifyOptions(opts => opts.StrictValidation = false))     . AddSubscriptionType < Subscription >()     . AddMutationType < Mutation >()     . AddQueryType < Query >()     . AddInMemorySubscriptions (); And the Query code looks something like this. pub

  One of my project administrator was unable to delete a git repository. Then started to investigate to see what's going out. Found out that we need to configure "Force push (rewrite history, delete branches and tags)" to true after reading a question from stackoverflow.  After i configure this, i can see that the Delete repository button is enabled.

Under the gateway API we will have the following setup. A gateway are shared by multiple httproute that has a different hostname. Each services are deployed to a different namespace (yellow) and if they are in a different namespace, a reference grant needs to be created and place in the different namespace, as indicated by the diagram below: In this example, we are going to setup a gateway shared by multiple httproute and multiple services that's deployed to different namespace - namely test and default.  Let's setup our istio  istioctl install --set profile=minimal Label the namespace Label the namespace with o stio-injection=enabled  as shown below: kubectl label namespace default istio-injection=enabled Create test namespace.  kubectl create ns test  kubectl label namespace test istio-injection=enabled Install the CRDs  kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref=v1.1.0" | kubectl apply -f - Deploy the gateway in the default namespace k

Install Istio Install Istio without ingress/egress by running the following command and paste the the content below into a file call profile-no-gateways.yaml istioctl install --set profile=minimal Label the namespace Label the namespace with o stio-injection=enabled  as shown below: kubectl label namespace default istio-injection=enabled Please note: when you're running istio, you will noticed that will be 2 container in a pod later Install the CRDs  kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref=v1.1.0" | kubectl apply -f - Then install httpbin.yaml that looks like this. You can just use the httpbin.yaml from samples/httpbin folder. httpbin.yaml # Copyright Istio Authors # #   Licensed under the Apache License, Version 2.0 (the "License"); #   you may not use this file except in compliance with the License. #   You may obtain a copy of the License at # #       http://www.apache.org/licenses/LICENSE-2.0 # #   Unless required by applicab

Is it possible to create a new user node pool on a different subnet?  No, it is not possible. The option not available in the Azure portal. When using az cli, you will bump into the following error.  I tried running the following command:  az aks nodepool add --resource-group myawayrg --cluster-name nyawaydevcluster --name myNodePool --node-count 1 --vnet-subnet-id /subscriptions/mysubscription/resourceGroups/MC_cluster-resource-group/providers/Microsoft.Network/virtualNetworks/aks-vnet-94709794/subnets/aks-subet-2 And the error i get is this  Given the amount of work required to re-setup a new subnet, would be good if we can do this in the future of AKS.  https://learn.microsoft.com/en-us/answers/questions/1295498/resize-aks-managed-subnet

AKS cluster node upgrade a control by the maxsurge parameter.  If case your subnet have limited ip to spare then the cluster might end up with ''subnetIsFull' error. This is a hard problem to resolve because  1. Probably can't reduce or scale down your cluster size to gain additional IP address.  2. Creating a new subnet and placing your node pool might not be possible as your cluster is on a managed cluster.  3. To extend the size of your AKS subnet cluster would requires alot of work. These are the steps requires to extend your subnet. 1- Stop the AKS cluster 2- Delete all the VMSS (nodepools) from the MC resource group. (to release all the attached NICs from the subnet) 3- Delete the old subnet 4- Create a new subnet with the same name as the old subnet and a different IP range. 5- Start the cluster This will be a WTH moment.  https://learn.microsoft.com/en-us/answers/questions/1295498/resize-aks-managed-subnet

On many occasion, we would like to figure out how to install different type of tools into your image. Here is a link that helps to figure that out quickly - maybe just copy and paste too. https://github.com/actions/runner-images/blob/main/images/ubuntu/scripts/build/install-apache.sh

Don't really worked with java, but sometimes i do get compilation issue saying java version is higher than the current jdk. This can be handy to tell me what version ties to which jdk version.   

 This link provides some cool updates happening in the Azure landscape https://azurecharts.com/updates?service=23&search=1

We can view kubelets logs in AKS by ssh-ing into the nodes by using ' kubectl debug node/aks-nodepool1-37663765-vmss000000 -it --image=mcr.microsoft.com/cbl-mariner/busybox:2.0 And then to view the logs simply, run the followings command chroot /host journalctl -u kubelet -o cat  

  We can install istio ambient profile and ingress together in online. Cool. istioctl install --set profile=ambient --set "components.ingressGateways[0].enabled=true" --set "components.ingressGateways[0].name=istio-ingressgateway" --skip-confirmation

This is mainly due to istio requires iptables. When try running it, the installation works fine and you will be able to see the pods update and running. ' When you start to label the namespace with ambient mode for example  kubectl label namespace default istio.io/dataplane-mode=ambient If you look into the logs using   kubectl logs -l k8s-app=istio-cni-node -n istio-system -f Then you will get an error message saying -  istio failed to restore iptables rules: exit status 2

 kubectl run -i -t busybox --image=ubuntu -- /bin/sh

 

  I noticed that i keep on getting this error when CNI network didn't actually work and kubelet won't be able to create the pods. Sometimes i also get this when running an pod in Istio ambient mode "Failed to create pod sandbox: rpc error: code = Unknown desc = [failed to set up sandbox container "0cb9e0263e041fd278bac3e4c978d67da30d3eb970f6f9915c6a2df969d9292e" network for pod "reviews-v1-7dc5fc4b46-8sj4f": networkPlugin cni failed to set up pod "reviews-v1-7dc5fc4b46-8sj4f_default" network: plugin type="loopback" failed"

These commands are definitely handy when it comes to checking out kiali / prometheus in istio.  To install kiali and prometheus kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.23/samples/addons/prometheus.yaml kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.23/samples/addons/kiali.yaml To access the dashboard istioctl dashboard prometheus istioctl dashboard kiali