I thought I’d strike again with a small hands-on tutorial on using Janos, a tool we created to simplify the migration to EKS 1.16 as required by Amazon. This will be the final step towards ending EKS 1.15 support by May 3, 2021. Nothing too fancy. Just straight to the point :)
Kubernetes sometimes deprecates apiVersions. Most notably, many deprecations occurred in the 1.16 release.
Therefore, you will need to update your Kubernetes manifests to the correct API references before that deadline! At SumUp, we automated this process as we have a large number of clusters.
We catch up with Pablo Loschi, our Argentinian Senior DevOps Engineer based in Berlin.
Here at SumUp, we’re always looking for great talents to be part of the company and help us develop the best solutions for small businesses all over the world.
Pablo Loschi is one of those talents. And if you’re a Backend Developer looking to become a DevOps Engineer, he has some interesting insights for you.
“I grew up in Argentina, and I’ve been living in Berlin for just over a year now. As a child, I remember reading all the Windows 95 help section before…
This guide is an update to a previous story of mine.
Why another guide? Because it addresses the same issue in a simpler way.
Generally speaking, simplifying is the art of distilling information. It’s all about organizing ideas and concepts to extract only the meaningful parts.
This guide will get you to a working example of setting up an API gateway from scratch which will use JWT with ACL to authorize a user to reach an endpoint. For other parts, you can refer to the excellent Kong documentation.
“Simplicity is the ultimate sophistication.” Leonardo da Vinci (1452–1519)
At Applift we are building API services and need to allow or restrict certain calls based on roles, we choose to use this using jwt tokens support server-to-server or client-to-server communication, using JWTs as our API tokens. Here is a short example on on how to do this in a sample application.
Our test application, called cafe, lets you order either tea via the tea service or coffee via the coffee service.
You indicate your drink preference with the URI of your HTTP request: URIs ending with /tea get you tea and URIs ending with /coffee get you coffee. …
Konga is a fully featured open source, multi-user GUI, that makes the hard task of managing multiple Kong installations a breeze.
It can be integrated with some of the most popular databases out of the box and provides the visual tools you need to better understand and maintain your architecture.
Konga - More than just another GUI to Kong Admin APIpantsel.github.io
You can see a LIVE DEMO (username: demo password: demodemodemo)
This guide assumes that you have deployed Kong using something similar to our previous post:
From the previous point to have to files that are going to be used for this: one yaml file with the information for Kong to…
At Applift we are handling a high volume of traffic with hundreds of millions of events daily (clicks, impressions, actions, in-app events, etc.).
This means we need to be able to scale our servers fast to handle traffic spikes and also to control who has access to our servers and with which permissions.
We have chosen to build our infrastructure on top of K8s to allow elasticity and scalability.
We use Kong as our API gateway to control and throttle access to the cluster.
So what is Kong?
Kong is an orchestration microservice API gateway. Kong provides a flexible abstraction…
With Lucas Collino we installed Mattermost at our workplace, the free edition has some MUST features that slack doesn’t:
Custom Branding , if you want to match your company’s style ;) (https://goo.gl/yQNh2E)
We are based on https://github.com/mattermost/mattermost-kubernetes
This guide assumes that you have nginx , helm and cert manager running, there is a guide for that here.
Based on this previous story , we started managing several certificates for different applications and it was becoming harder to maintain (also we were hitting the rate limits for Let’s-ecnrypt), so with Lucas Collino we found a way to use wildcard certificates (as recommended).
This allows creating a single *.mycompany.com certificate which fits all the applications we support.
The certificate is stored in a secret in the kube-system namespace, we replicated that secret across all namespaces, so developers can access it in their own namespaces.
This guide assummes that you have followed the previous one, and you have Helm and…
At my job (in Fravega) we have been struggling for some days dealing with certificates. It turns out that we didn’t find an updated guide for this, so we decided to write our own.
This guide assumes that you have K8s cluster working with external dns and nginx-ingress-controller installed, the following steps are: