In many corporate system infrastructures, it’s very important for the information to be encrypted end-to-end, to be protected from potential vulnerabilities. We’ve learned from our experience that creating a fully secure setup is essential. The main part of the diagram that we will focus on today will be the traffic going from the Nginx proxy to Istio’s HTTPS port. Keep in mind that, even if it’s not compulsory to have a full HTTPS connection between Nginx and Istio, there are applications that won’t work if you don’t use SSL offloading in front (Keycloak, for example).
The key to success in any application development lifecycle is to have as little discrepancies as possible between environments. Luckily, Kubernetes and Docker give you the necessary tools to achieve environment uniformization. Nonetheless, it was always challenging to create development environments that would work on any operating system, be it Linux, Windows, or MacOS. This short article will guide you through all the necessary steps to create your own development environment with Vagrant and MicroK8S on your laptop or PC.
When it comes to giving people from your organization access to your Kubernetes cluster, things can get a little tricky. Kubernetes does not have an authentication mechanism by default. By doing this, you get stuck with an admin certificate you must share with the developers. In consequence, this gives them access to all the resources in the cluster, which can create holes in your security policy.
At CloudHero, we face challenging situations each day when helping our customers in their digitalization and automation journey. One such challenge was automating the process of cloning the production database and anonymizing the data for development use. Specifically, maintenance is usually done only on the production database, and the staging one has stale data, so there are a lot of differences between the staging and the production environment. Here, we are going to generalize the problem, so we help you adapt these methods to your own use case.
One common use case when sending logs to Elasticsearch is to send different lines of the log file to different indexes based on matching patterns. In this article, we will go through the process of setting this up using both Fluentd and Logstash in order to give you more flexibility and ideas on how to approach the topic.
Looking to increase developer productivity and observability at Otter, we noticed that when using one Elasticsearch index for each application, search becomes faster, the queries become easier, and the logs can be parsed using custom regex patterns, and we have full control over the cleanup policy when using Elasticsearch Curator.
In this blogpost, we will go through the story of how we implemented Kubernetes autoscaling using Prometheus, and the struggles we have faced on the way there. The application running on Kubernetes was the Magento eCommerce platform, as you may find later that we are using statistics from Nginx and PHP-FPM.
Elasticsearch is the engine of choice for many companies looking for a distributed, RESTful search and analytics solution. At CloudHero, we deploy Elasticsearch on Kubernetes and use it quite a lot for storing and analyzing data. Using our hands-on experience, we compiled a cheat sheet containing the top five most helpful commands that you can use to manage your Elasticsearch cluster.
Many times we have deployed Prometheus and then had to shrink the retention time for our metrics. Or to increase the scraping time. Certainly, the main reason for our adjustments was mostly the cost constraints. Let’s see what other tools we can use to provide an efficient local infrastructure. First stop: creating your Lightweight Prometheus Server. Hop on!
Today, we are going to talk about the EFK stack: Elasticsearch, Fluent, and Kibana. You will learn about the stack and how to configure it to centralize logging for applications deployed on Kubernetes. We will focus on Fluentbit, as it is the lightweight version of Fluentd and more suitable for Kubernetes. Additionally, we will talk about how we reached the final solution and the hurdles we had to overcome. Last but not least, we’ll show you how we handled application logs without actually installing 3rd party clients.