Well I decided to upgrade my k8s cluster this morning to see what kind of damage I could inflict on the site, well a lot I took it down, I think a huge part of it is, I am only running 2 nodes and they are 2×4(2CPU, 4GB of RAM) and there just wasn’t enough resource once the rolling upgrade began. Also once the upgrade was complete my front end deployment was still broken I am running a service mesh and it seems the proxies timed-out waiting for resources, so the deployment was half up half down; luckily this was a simple fix, kubectl rollout restart deploy my_deploy again I think the core issue here is just not enough resource in the cluster.
Well the migration to Kubernetes is complete the blog is now running on a managed k8s cluster on DigitalOcean. I will have some write ups on how I got here and where I go from here, but for now I’m just monitoring the blog to see how it performs, and make certain there are no security holes. I did very quickly find the source of my WP admin slowness thanks to a nice little WP plugin QueryMonitor again much, much more to come.
I am working on migrating my blog to a managed Kubernetes platform, more than likely it will be DigitalOcean, more to come…
So I had some challenges getting this up and running but I found a few blog post that helped me out:
the first issue I had was a lot of Linux distros use systemd-resolved I am using photon OS and of course it does also so the first thing to do is
sudo systemctl stop systemd-resolved sudo systemct disable systemd-resolved
the reason for this is it consumes udp 53 which you’re container needs to run on the next issue I had was usually I can docker exec bash into a container, well this container is slim and I mean slim there is not bash no anything I kept getting an OCI error when I attempted to run any exec commands so I had to use the below docker command
docker run -d -p 53:53/udp --rm --name coredns -v /static_content/coredns_config/:/root/ coredns/coredns -conf /root/Corefile
again big help from the above blog postings. Then the final issue I had was I’m pretty sure after you disable systemd-networkd you need to reboot photon OS our whatever flavor of linux because after changing the DNS server to itself again it’s running the coredns container I couldn’t get resolution, again a simple reboot fixed my issue Note I have 3 files in this repo to be modified for your specific use case the files are Corefile, db.lab.io, and db.192.168.99 But now I am finally free of having to always stand up a Windows VM for DNS
I have created a umds stack file and have begun running umds on a single node docker swarm, also this version is using nginx as a web server instead of the simple http server python provides—the stack file can be found here
Please stay tuned I will have a full write up on this soon…
So I have created a docker container for umds 6.7 please check it out on docker hub, I also have a complete write up as to how to use the container.
I just wanted to write a post on the differences between VMware’s Linux based UMDS 6.7 vs 6.5, one big change is that postgres is no longer required in 6.7. So here is a quick walkthrough in installing UMDS 6.7.x
I will be using CentOS 7 minimal, mount your VCSA 6.7 DVD inside your cent VM and copy the VMware-UMDS-6.7.0-10164201.tar.gz from the umds directory to anywhere you desire /tmp is a good place. I’ve created a script and called it umds.sh and you can get it here this was tested again on CentOS 7 minimal please pay attention to lines 45&46 as this might not have to be done if you are on Ubuntu or another flavor of Linux.
And that should be it umds up and running, while the script uses the SimpleHTTPServer that comes with python you can use whatever web server you like Nginx, Apache, anything. I am also looking into turning this into a docker container…
So I wanted to enable Syslog on my PSC’s, VCSA’s, and on my Esxi servers and while enabling Syslog on the PSC’s and VCSA’s are pretty straight forward I did run into a bit of an issue enabling it on Esxi. The big gotcha is make certain the service is running, and that the firewall rule is enabled to allow UDP 514 or TCP 514 “Outbound” just like the pics below.