mitzen

  Assuming you have already install dotnet 8. To install  dotnet workload update dotnet workload install aspire To create a project from scratch  dotnet new aspire-starter --use-redis-cache --output AspireSample

  To install opencruise, you need to ensure certificate manager is installed.  kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.3/cert-manager.yaml Next, we install openKruise # Firstly add openkruise charts repository if you haven't do this. $ helm repo add openkruise https://openkruise.github.io/charts/ # [Optional] $ helm repo update # Install the latest version. $ helm install kruise openkruise/kruise --version 1.5.2 When you do a kubectl get pod -A, you should be able to see there's pod running certificate manager and openKruise.  Setup redis server $ kubectl apply -f https://raw.githubusercontent.com/kruiseio/kruise/master/docs/tutorial/v1/cloneset-redis.yaml Setup guestbook application  Run the following tutorial  You should be able to see guessbook v1 when your hit http://localhost:3000 Let's update the image for your application and you will noticed that we the pod id does not change (pod are not recreated)...

Was having quite abit of issuing deploying AWS Lambda created in dotnet 8 - yeah i was just trying to see if that's going to be something supported.  The creation template work just fine. dotnet new lambda.EmptyFunction --name myDotnetFunction The deployment is really mess up    dotnet lambda deploy-function myDotnetFunction It keeps on saying that i am unable to deploy. But my aws cli works - I was able list my s3 buckets.  Error retrieving configuration for function  The security token included in the request is invalid. Then i switch back to use dotnet6 template. Then it starting to work again

  To create an AWS lambda with a dotnet core app aws lambda create-function --function-name my-function --zip-file fileb://webapi.zip --handler index.handler --runtime dotnet6 --role arn:aws:iam::your-subscription:role/mylambda

 I thought building app on a AWS lambda is going to be tough. https://docs.aws.amazon.com/lambda/latest/dg/csharp-package-cli.html

To get dotnet 8 sdk installer where you can just run from an executable, try this  https://dotnet.microsoft.com/en-us/download/visual-studio-sdks This helps to update the cli so you can run dotnet version etc. You still need to update VS2022 to be able to support dotnet 8. 

 As discussed here:- https://github.com/dotnet/csharplang/blob/main/meetings/2022/LDM-2022-04-13.md Instead you get this - :) https://learn.microsoft.com/en-us/visualstudio/ide/reference/add-null-checks-for-parameters?view=vs-2022

  I think the best way to handle annotations is to have the values files similiar to k8s API spec for example working with annotations data. Of course labels and annotations have different purposes. What i am saying is the chart has to be close to k8s API spec to avoid confusion and duplication of charts - as someone might think service annotation does not exist but when it did, then it breaks your k8s deployment - not helm chart rendering but right till the very end - sometimes deployment does happen but the yaml looks corrupted and obviously your deployment will not work. For example, if we needed annotation for a service, best to keep it like this on the template. And then the value files is given below:- {{- if .Values.serviceAccount.create - }} apiVersion : v1 kind : ServiceAccount metadata :   name : {{ include "simple.serviceAccountName" . }}   labels :     {{- include "simple.labels" . | nindent 4 }}   {{- if .Values.serviceAccount.annotations }}...

What is CIBA? It is client initiated backchannel authentication and it allows your keycloak client to initiate the login to a 3rd party. Uses cases for this could be a mobile app that wanted to sign in to an application. In the traditional code flow model, user is required to login and enter their password. With CIBA, we use your client to login automatically Start up your keycloak docker instance by replacing the <your-host-up> below. If you're using windows, you can do ipconfig and you should get something like  192.168.1.70. Then replace it so keycloak can discover your node app. docker run -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:22.0.5 start-dev  --spi-ciba-auth-channel-ciba-http-auth-channel-http-authentication-channel-uri=http://<your-host-ip>:3000/request --log-level=DEBUG Then clone the following program to https://github.com/mitzen/keycloak-ciba-sample.  Run  npm install npm run st...

  In the documentation, it says we can use coredns to do dns forwarding with this . { proxy . 8.8.8.8:53 { protocol https_google } prometheus errors log } This no longer work, as it is being replace with forward as shown below . { forward . 8.8.8.8 9.9.9.9 log }

  Download coredns from  https://github.com/coredns/coredns/releases/ Extract it and then run it with a CoreFile example.org { file example.org prometheus # enable metrics errors # show errors log # enable query logs } .\coredns -conf Corefile This would run it on port 53.  Then use nslookup command to test it:  nslookup example.org localhost

  https://www.ml.cmu.edu/research/phd-dissertation-pdfs/

Enable core dns logging with this yaml apiVersion : v1 kind : ConfigMap metadata :   name : coredns-custom   namespace : kube-system data :   log.override : | # you may select any name here, but it must end with the .override file extension         log kubectl apply -f corednsms.yaml kubectl -n kube-system rollout restart deployment coredns kubectl logs --namespace kube-system -l k8s-app=kube-dns

 Always remember to set and configure this into your environment variables.   I left this out one time in my k8s deployment and it spent 4 hours troubleshooting this.  :(

  1. The istioctl version that you're using dictates which version you will be deploying to. For example, if you're using istioctl 1.16 then you will be deploying istio-operator 1.16 Then run  istioctl operator init It will create istio-operator and istio-system namespace. Then use the following yaml to create the related gateways apiVersion : install.istio.io/v1alpha1 kind : IstioOperator metadata :   namespace : istio-system   name : example-istiocontrolplane spec :   profile : demo   Then try to add additional serviceAnnotations to the load balancer apiVersion : install.istio.io/v1alpha1 kind : IstioOperator metadata :   namespace : istio-system   name : example-istiocontrolplane spec :   profile : demo   components :     ingressGateways :     - name : istio-ingressgateway       enabled : true       k8s :         serviceAnnotations :         ...

 By using the following command, you will have access to istio controlz dashboard. istioctl dashboard controlz istiod-5865f5bdc5-lgt5r -n istio-system

 Given the following deployment yaml. There service selector has to match ALL. If you have 2 label to match, it must match all before it can successfully link up the service to the pod Please have a look at the service selector:  apiVersion : v1 kind : ServiceAccount metadata :   name : httpbin --- apiVersion : v1 kind : Service metadata :   name : httpbin   labels :     app : httpbin     service : httpbin     version : v1 spec :   ports :   - name : http     port : 8000     targetPort : 80   selector :     required : pr2 ## selector here     app : httpbin1 ## selector here --- apiVersion : apps/v1 kind : Deployment metadata :   name : httpbin spec :   replicas : 1   selector :     matchLabels :       app : httpbin1       version : v1       required : pr   template :     metadata :    ...

  You can use the following command  kubectl auth can-i list sa --group=my-group-id-name  --as=ef6982c9-ed49-4259-962b-488cffbca659 -A or just to test a single user  kubectl auth can-i list sa --as=ef6982c9-ed49-4259-962b-488cffbca659 -A

  If you have this issues, go to your c:\users\your-users\.azure and remove the cache folder.  Then try to re-run az get credentials again