Some people compare the envoy-proxy with Nginx. The free version of Nginx is a great web-server (caching and ability to serve static files) but poor balancer (no health-checks, lack of balancing algorithms a close to none metrics). Envoy unable to serve static and has no cache. But envoy is a…
Useful links: How to resolve unassigned shards in Elasticsearch Elasticsearch failed shard recovery Creating an Elasticsearch Cluster: Getting Started Open Distro for Elasticsearch Kickstart guide Troubleshooting When shard failed to allocate: GET _cluster/allocation/explain ... shard has exceeded the maximum number of retries ... POST _cluster/reroute?retry_failed=true Tools ElasticHQ Cerebro Elasticsearch stats…
Useful links: Revoke/Unrevoke a client certificate in OpenVPN ovpnCNcheck — an OpenVPN tls-verify script #!/usr/bin/env python ''' ovpnCNcheck -- an OpenVPN tls-verify script """"""""""""""""""""""""""""""""""""""""""" This script checks if the peer is in the allowed user list by checking the CN (common name) of the X509 certificate against a provided text…
There are 3 common monitoring methods: The USE Method by Brendan Gregg; The RED Method by Weaveworks; The Four Golden Signals by Google. The USE Method Key metrics: Utilization; Saturation; Errors. It’s optimal for infrastructure monitoring and capacity management. The RED Method Key metrics: Rate; Errors; Duration. A simple and…
In most cases, you should limit permissions only to required. Now it’s time to create a new user for Kubernetes kubectl. I’ll describe the classic way to create the certificate with OpenSSL. There is a way to use Kubernetes built-in certificate management. I’ll write about it someday. openssl genrsa -out…