Posts

Showing posts from September, 2023

AKS - couldn't get current server API group list dail tcp lookup 443 timeout

 Well this sounds like you have an issue connecting (obviously) - Goto Azure portal -> Find your AKS cluster and click on the connect button. Then you need to provide  az aks get-credentials --resource-group my-resource-group --name myaks-cluster Well sometimes we do forgets to re-authenticate to a new cluster. You can use the following to test connectivity to your cluster - assuming you have access to the kubernetes API   az aks command invoke \   --resource-group my-resource-group \   --name myaks-cluster \   --command "kubectl get pods -n kube-system"

notes about k8s pdb

Image
  Let's say we have the following pdb and deployment httpbin.yaml # Copyright Istio Authors # #   Licensed under the Apache License, Version 2.0 (the "License"); #   you may not use this file except in compliance with the License. #   You may obtain a copy of the License at # #       http://www.apache.org/licenses/LICENSE-2.0 # #   Unless required by applicable law or agreed to in writing, software #   distributed under the License is distributed on an "AS IS" BASIS, #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #   See the License for the specific language governing permissions and #   limitations under the License. ################################################################################################## # httpbin service ################################################################################################## apiVersion : v1 kind : ServiceAccount metadata :   name : httpbi...

kubernetes 1.26 - spec.unhealthyPodEvictionPolicy support for PDB

  Some enhancement to PDB, we can add unhealthyPodEvictionPolicy to pdb that supports 2 options 1. IfHealtyBudget - eviction is possible if min desiredHealthy is met.  2. AlwaysAllow - we can always evict the pods  Sample yaml o test for k1.26 apiVersion : policy/v1 kind : PodDisruptionBudget metadata :   name : nginx-pdb spec :   selector :     matchLabels :       app : nginx   maxUnavailable : 1   unhealthyPodEvictionPolicy : AlwaysAllow

az --debug

Right noticed i ca run az cli command with --debug to print out some debugging info. Nice! :)

bicep create deployment with template id - awkwardness

  For some reason when I tried to deploy using az deployment group command, the template id has to be parameterized $id.    az deployment group create \   -- resource - group dbrg \   -- template - spec $ id \   -- parameters storageName =" mytestapp1212 " location =" australiaeast " I tried using different approach for example, double quote   az deployment group create -- resource - group dbrg -- template - spec "/ subscriptions / FAKESUBSCRIPTION / resourceGroups / mydeployment - dev - rg / providers / Microsoft . Resources / templateSpecs / storageSpec / versions / 1 . 0 " -- parameters storageName =" mydatastore1122 " location =" australiaeast "  No quotes    az deployment group create -- resource - group dbrg -- template - spec / subscriptions / FAKESUBSCRIPTION / resourceGroups / mydeployment - dev - rg / providers / Microsoft . Resources / templateSpecs / storageSpec / versions / 1 . 0 -- parameters stor...

node-fetch - is built into nodejs

  Instead of importing node-fetch, spending hours trying to make it work with typescript, all you need to do is  /// nf.js fetch ( 'https://www.google.com' )     . then (( response ) => response . text ())     . then (( body ) => {         console . log ( body );     }); Then execute it using command " node -- experimental - fetch nf.js

azure managed identity with federated identities

 What does it means with a limit of 20 federated identities per managed identities?  This means one managed identities is limited by a combined sum of the feature below:  1. github integrations  2. kubernetes namespace and service account  3. Others  So you can have 10 github integration, 5 federation to kubernetes namespace and other 5 other integration but not more. Or you can have federation to 20 AKS namespace. Normally I would go for 1 managed identities for a namespace so i don't have to deal with the limitation of 20 namespaces for a managed identities.  Does it means I can have a max limit of 20 managed identities per kubernetes cluster or Azure AD?  Not at all.  Does it means my managed identities RBAC access say storage contributor can be granted for 20 Azure resources? Not at all . 

upgrading typescript but getting EEXIST: file already exists

  As stated in stackoverflow, this can be fix via  npm install -g typescript@latest --force

nodejs - environment variable used

 This link provide a documentation of what environment variables and configure allow in nodejs. https://nodejs.org/api/cli.html#cli_environment_variables

nodejs - setting debug mode for a module via environment variable

 If you need to debug, say https request, then you can set this in your environment variable  NODE_DEBUG =https Then run any nodejs code that makes a request to this module. You can see debugging info gets spitted out. 

getting elapse time using console.time/endtime

Image
  By running console.time("your-time-label") and then console.endTime("your-time-label"), you automatically get elapse time of your process. import request from 'request' ; import process from 'node:process' ; function exec ( i : number ) : Promise < void >  {   return new Promise (( resolve , reject ) => {       request . get ( 'http://www.google.com' , ( err : any , resp : any ) => {       if ( err ) {         reject ( 'error' );         return console . error ( err );       }       console . log ( "Total bytes received: " , resp . body . length , process . pid , i );         resolve ( resp . body . length );       });   }) } console . time ( "test" ); const promises = []; for ( let i = 0 ; i < 5 ; ++ i ) {     promises . push ( exec ( i )); } Promise . all ( promises ) . then (( res...

typescript - Cannot find module 'worker_threads'

 Just run npm install  @types/node

nextjs - dynamic route with [...mydynamicroute].tsx

Nextjs dynamic route are different from APP and PAGES.  For example the following are setup for app router  App Route definition  /app/product/[slug]/page.tsx       Request for:  /product/a -> OK  /product/b -> OK  /product/a/b -> Not Ok - To support this your need to define route with something like this  /app/product/[...slug]/pages.tsx The test contents for file are shown here export default function Page ({ params } : { params : { slug : string } }) {     return < div > My Post: { params . slug } </ div >   } Page router  Notice page router uses "useRouter" and catch all segment uses [..page].ts (file - not folder).  So we place this under /page/shop/[slug].tsx - Not /pages/api/shop -> that's something else and the intention is for API.  Our dynamic route definition is like this  /page/shop/[slug].tsx   Request for  pages/shop/a --> Ok pages/sh...

Nextjs :- API resolved without sending a response

The endpoint that you're hitting are probably not returning anything to the browser. This normally happens when you trying to create dynamic routes for example.  You can try to use the following to force it to return "ok". export default async function ( req , res ) {   try {     const response = "ok" ;     res . statusCode = 200 ;     res . setHeader ( 'Content-Type' , 'application/json' );     res . setHeader ( 'Cache-Control' , 'max-age=180000' );     res . end ( JSON . stringify ( response ));   }   catch ( error ) {     res . json ( error );     res . status ( 405 ). end ();   } }

nextjs - auth0 sample configuration

Clone the auth0 sample using the following command npx create-next-app --example auth0 auth0-app  Next, cd auth0-app. Ensure you created a file call .env.local  Then you need to configure the followings  AUTH0_ISSUER_BASE_URL = "https://yourappdomain.auth0.com" AUTH0_CLIENT_ID = your-regular-app-client-id AUTH0_CLIENT_SECRET = your-regular-app-client-secret AUTH0_BASE_URL = "http://localhost:3000" AUTH0_SECRET = ede7edc615ee5a58c0791794f704981c In Auth0, please ensure you created Regular Web App.  I also tried using SPA - it works. Open up this page : https://manage.auth0.com/ and then select your application. Ensure " Allowed callback url " is configured to http://localhost:3000/api/auth/callback Also ensure "Allowed logout url" is configured to http://localhost:3000 Save your changes and your app should be good to go.

keycloak operator installing crds

Not entirely sure why but this docs, only install half of the crds required as shown here https://www.keycloak.org/operator/installation. The full crd can be found here , so you can work and deploy these instead.

getting current established network connection

  The following command can help:- ss -tuln | grep -c 'ESTAB

Mongodb changing user password

Image
 Login to mongodb Atlas, then on your left select "Database Access". Then select the user that you would like to edit or change the password. 

typescript 5.1 no longer issue error if your function returned type is not void or any

Typescript v 4.9.5 would throws an error if you have your code written like this  function f4 () : undefined {     // no returns } In version 5.1 (not 5.0) writing code above is fine. That's easy to understand. The code below would work for typescript 5.1 but not anything lower.      // this works for 5.1 but not for anything lower     function takesFunction ( f : () => undefined ) : undefined     {     }     takesFunction (() => {         // no returns     });         takesFunction (() : undefined => {         // no returns     });         takesFunction (() => {         return ;     });     takesFunction (() => {         return undefined ;     });     takesFunction (() : undefined => {      ...

bicep referencing existing resources

  For resource group it is scope to a subscription. As for the storage account, it scopes is to an existing resource group. targetScope = 'subscription' resource newRG 'Microsoft.Resources/resourceGroups@2021-01-01' existing = {   name : 'bicep-test-rg' } resource stg 'Microsoft.Storage/storageAccounts@2022-09-01' existing = {   name : 'mydevdatastore'   scope : resourceGroup ( newRG . name ) } output blobEndpoint string = stg . properties . primaryEndpoints . blob

my simple bicep setup that uses module

  main.bicep  targetScope = 'subscription' resource newRG 'Microsoft.Resources/resourceGroups@2021-01-01' = {   name : 'bicep-test-rg'   location : 'australiaeast' } module datastore 'sa.bicep' = {     name : 'storedeployment'     scope : newRG     params : {       location : newRG . location       name : 'mydevdatastore'       storageAccountType : 'Standard_LRS'    } } sa.bicep (storage account bicep)  @ allowed ( [   'Premium_LRS'   'Premium_ZRS'   'Standard_GRS'   'Standard_GZRS'   'Standard_LRS'   'Standard_RAGRS'   'Standard_RAGZRS'   'Standard_ZRS' ] ) @ description ( 'Storage account type.' ) param storageAccountType string = 'Standard_LRS' @ description ( 'Location for all resources.' ) param location string = resourceGroup ( ) . location param name string = 'mydevstore' resource storageAccount 'Micr...

bicep requires targetScope for resource group

Bicep requires targetScope when deploying resource group.  The valid value for this targetscope are normally.   - resourceGroup (default)  - subscription  - managementGroup  - tenant

AKS support sysctls via az nodepool add via --kubelet-config

Unfortunately, you won't be able to use az nodepool update to set this configuration. This is only available when you create a nodepool and you get a chance to specify kubelet-config which allows you to enable "unsafe" options such as net.ipv4.tcp_keepalive_time. For example, let's say you have the following configuration kubelet.config { "cpuManagerPolicy" : "static" , "cpuCfsQuota" : true , "cpuCfsQuotaPeriod" : "200ms" , "imageGcHighThreshold" : 90 , "imageGcLowThreshold" : 70 , "topologyManagerPolicy" : "best-effort" , "allowedUnsafeSysctls" : [ "kernel.msg*" , "net.*" ], "failSwapOn" : false } To roll this out, simply execute the following: az aks nodepool add --name testpool --cluster-name mydev-aks-cluster --resource-group mydevaks-unsafe --kubelet-config ./testkubelet.config Then execute nodepool show to display your s...

backstage ui conditional are not supported yet

Backstage conditional template are not supported and won't be available until their next js version is roll-out. To give you an idea of what it means by conditional, check out this github issue https://github.com/backstage/backstage/issues/15789 Waste sometime today trying it to work until i bump into this.

getting the azure devops permission right

You can use the following link below to get exactly what role to configure  https://learn.microsoft.com/en-us/azure/devops/pipelines/policies/permissions?view=azure-devops

aks coredns quick debugging to see if the dns is working as expected

Use this yaml apiVersion : v1 kind : Pod metadata :   name : dnsutils   namespace : default spec :   containers :   - name : dnsutils     image : registry.k8s.io/e2e-test-images/jessie-dnsutils:1.3     command :       - sleep       - "infinity"     imagePullPolicy : IfNotPresent   restartPolicy : Always  Next you can start to  Check default dns server kubectl exec -i -t dnsutils -- nslookup kubernetes.default Check /etc/resolv.conf file  kubectl exec -ti dnsutils -- cat /etc/resolv.conf It should look like this:- search default.svc.cluster.local svc.cluster.local cluster.local google.internal c.gce_project_id.internal nameserver 10.0.0.10 options ndots:5 Other steps to confirm  Is the coredns pods running?  kubectl get pods --namespace = kube-system -l k8s-app = kube-dns Is the service up?  kubectl get svc --namespace = kube-system Is the endpoint exposed?  kubectl g...

nslookup command

Image
we can use nslookup the following ways nslookup google.com nslookup google.com 8.8.8.8 where 8.8.8.8 is the dns server by google. You can replace this with other dns. 

aks SNAT exhaustion top article

  This is the best i think  https://www.danielstechblog.io/detecting-snat-port-exhaustion-on-azure-kubernetes-service/

Resolving AKS SNAT issue by increasing allocation of ports to nodes

 I think two suggestion might work  1. Increasing the number of ports allocated to nodes from 1024 to something higher. Technically, I think this can be an improvement feature - if we haven't max out the nodes - then we can get some more ports allocated to nodes.  2. Decreasing the idle timeout of connection from 30 to maybe 20 minutes.  Anyways, I end up using the given formula to increase my port number slightly. So  ((64000 / 1056) x number of IP) = number of nodes that can live in your AKS cluster - 1 This 1 is for surge nodes. That's the default surge value.  For example,  ((64000 / 1056) x 2 => 120 nodes - 1 (surge) => 119 nodes that you can have in your cluster. References https://learn.microsoft.com/en-us/azure/aks/load-balancer-standard#configure-the-allocated-outbound-ports

backstage fail to load template entity type

 I have been trying to get backstage template to load with no avail. I even use PgAdmin to add records manually into final_entities table but it requires more than just adding a single record. Then I remove the static template loading and use automatic template registrations - then it worked. 

solana - SendTransactionError: failed to send transaction: Transaction simulation failed: Error processing Instruction 0: custom program error: 0x4

 What does this means - 0x4 - This simply means  Just by going into this link will uncover it for you https://github.com/solana-labs/solana-program-library/blob/ea354ab358021aa08f774e2d4028b33ec56d4180/token/program/src/error.rs#L25 And the message is correct, I was able to fix it by providing a valid account of the owner - commented  with // user.  await transferTokens (         connection ,         user ,         tokenAccount . address ,         receiverTokenAccount . address ,         user , // user         50 * 10 ** mintInfo . decimals     )

solana - Getting TokenAccountNotFoundError when calling getOrCreateAssociatedTokenAccount

  Having configuring the following settings helped me to resolve this.      const connection = new web3 . Connection ( web3 . clusterApiUrl ( "devnet" ), "confirmed" ); or you can use  const connection = new web3 . Connection ( web3 . clusterApiUrl ( "devnet" ), {         commitment : "confirmed" ,     });

Getting account balance from sollana web3 library

  We are easily get our wallet by using the following code - all your need to do is provide your solana wallet:  import * as web3 from '@solana/web3.js' ; const connection = new web3 . Connection ( web3 . clusterApiUrl ( "devnet" ))     let user = new web3 . PublicKey (       "my-account-number" ,     );     console . log ( user . toBase58 ());     let balance = await connection . getBalance ( user );     console . log ( balance );

aks removing node - do not use kubectl delete node

If you're planning to remove a node, better approach is to use the portal UI or az command.  Using kubectl delete node will remove the node and you need to stop and start your nodepool and in Production environment that's going to be a pain. 

debugging rust application with vscode

  Please ensure you have selected your root folder (the one that contains cargo.toml) and then open this using vscode open folder.  Install CodeLLDB debugger extensions. Set a break point and ensure you have something like this in the launch.json file.  {     // Use IntelliSense to learn about possible attributes.     // Hover to view descriptions of existing attributes.     // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387     "version" : "0.2.0" ,     "configurations" : [         {             "type" : "lldb" ,             "request" : "launch" ,             "name" : "Debug executable 'tut'" ,             "cargo" : {                 "args" : [                     "bui...

solana - getting started

 https://docs.solana.com/getstarted/hello-world Best to start using this link to work with your hello world app https://beta.solpg.io/ Run to get some credit for deploying application in your devnet.  solana airdrop 2  Solana app use solana_program :: {     account_info :: AccountInfo ,     entrypoint,     entrypoint :: ProgramResult ,     pubkey :: Pubkey ,     msg, }; // declare and export the program's entrypoint entrypoint! (process_instruction); // program entrypoint's implementation pub fn process_instruction (     program_id : & Pubkey ,     accounts : & [ AccountInfo ],     instruction_data : & [ u8 ] ) -> ProgramResult {     // log a message to the blockchain     msg! ( "Hello, world!" );     // gracefully exit the program     Ok (()) } Client app // Client console . log ( "My address:" , pg . wallet . publicKey . toString...

Azure Identity resolve sequence

 Using AzureIdentity it is important to understand how it resolve authentication sequence From Microsoft website Environment  - The  DefaultAzureCredential  will read account information specified via  environment variables  and use it to authenticate. Workload Identity  - If the application is deployed to an Azure host with Workload Identity enabled, the  DefaultAzureCredential  will authenticate with that account. Managed Identity  - If the application is deployed to an Azure host with Managed Identity enabled, the  DefaultAzureCredential  will authenticate with that account. Visual Studio  - If the developer has authenticated via Visual Studio, the  DefaultAzureCredential  will authenticate with that account. Visual Studio Code  - Currently excluded by default as SDK authentication via Visual Studio Code is broken due to issue  #27263 . The  VisualStudioCodeCredential  will be re-enabled in...