sidecar | Run Umbraco as a console , Function or service | Azure library
kandi X-RAY | sidecar Summary
kandi X-RAY | sidecar Summary
[WIP] Run Umbraco as a console, Function or service
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of sidecar
sidecar Key Features
sidecar Examples and Code Snippets
Community Discussions
Trending Discussions on sidecar
QUESTION
I am trying to run a spark-submit to the Kubernetes cluster with spark 3.2.1 image and it is working. Now my question is, can I execute an init container along with the spark-submit? What am trying to achieve is that the init container check another service is up or not, is it up then spark-submit will run or it fail.
I can see that a conf parameter "spark.kubernetes.initContainer.image" for spark version 2.3 but not for 3.2.1 (https://spark.apache.org/docs/2.3.0/running-on-kubernetes.html)
is there any mechanism that I can use to check other services are up or not before I submit a spark job?
I can see init container usage for the spark in the below links but it is not providing an accurate answer
https://docs.bitnami.com/kubernetes/infrastructure/spark/configuration/configure-sidecar-init-containers/ https://doc.lucidworks.com/spark-guide/11153/running-spark-on-kubernetes
any help will be much appreciated, thanks.
...ANSWER
Answered 2022-Feb-18 at 07:46You don't mention if the other service is in the same container or not but the principles are the same. It's covered in the docs here and gives this example which defines a simple Pod that has two init containers. The first waits for myservice, and the second waits for mydb. Once both init containers complete, the Pod runs the app container from its spec section.
QUESTION
I am running our front and backend on K8s, this question is regarding our front-end setup using NGINX.
I am trying to find a way to gather metrics of my main front-end container (nginx + front-end) using a sidecar container that adjusts the stub_status running on /stub_status on port 8080 values to key value pairs for my application. Just so that I can scrape them using Prometheus on the sidecars /metrics on port 9113.
I want to block traffic for stub_staus outside of the pod, as only the sidecar needs to be able to reach it and I am trying to block /metrics from outside the platform (hence an example random 172 range address as an example). If I instead of a proxy pass (see below) use return 444 or 404 I get a nice big fat error. However, our front-end can handle 404 in a nice (graceful) way making it so you do not even exit the front-end but simply get a user friendly 404 message whilst staying in the front-end application, and end up on location/404. This also makes it appear like there is nothing on the /stub_status or /metrics. Which is nice to have.
I tried to do a rewrite ^/metrics$ to a /404 (for example) but that simply got me an NGINX 404 instead. Maybe it has something to do with the fact that /metrics runs on 9113 and there is nothing listening tot /404 on 9113. I am not sure about this.
I know the proxy pass example below is not possible within an IF statement, as I get the following error "proxy_pass" cannot have URI part in location given by regular expression, or inside named location, or inside "if" statement, or inside "limit_except" block in". However, below is to illustrate what I am trying to do. I am just not sure how to get it to behave like this.
Thanks in advance!
HTTP Block
...ANSWER
Answered 2022-Mar-18 at 17:21After more testing I found out the following works really well:
HTTP BLOCK
QUESTION
I am new to Istio and I am trying to communicate 2 spring boot applications with Istio: component with requirement.
- I have installed Istio 1.13.2 on a GKE cluster with the demo profile:
ANSWER
Answered 2022-Mar-16 at 19:08i am not sure why istio ingress controller coming inbetween for you.
You should checkout this nice simple example : https://istio.io/latest/docs/examples/bookinfo/#deploying-the-application
In istio example, you can see review service sending the request to rating service.
So for connection or service to service communication, you can use the just service name.
So if you check the review service source you will get an idea of how services calling other services.
Java example :
Python example :
https://github.com/istio/istio/blob/master/samples/bookinfo/src/productpage/productpage.py#L61
So for you end flow will be something like
QUESTION
Does anyone know the pros and cons for installing the CloudSQL-Proxy (that allows us to connect securely to CloudSQL) on a Kubernetes cluster as a service as opposed to making it a sidecar against the application container?
I know that it is mostly used as a sidecar. I have used it as both (in non-production environments), but I never understood why sidecar is more preferable to service. Can someone enlighten me please?
...ANSWER
Answered 2022-Mar-15 at 13:19The Cloud SQL Auth proxy is the recommended way to connect to Cloud SQL, even when using private IP. This is because the Cloud SQL Auth proxy provides strong encryption and authentication using IAM, which can help keep your database secure.
When you connect using the Cloud SQL Auth proxy, the Cloud SQL Auth proxy is added to your pod using the sidecar container pattern. The Cloud SQL Auth proxy container is in the same pod as your application, which enables the application to connect to the Cloud SQL Auth proxy using localhost, increasing security and performance.
As sidecar is a container that runs on the same Pod as the application container, because it shares the same volume and network as the main container, it can “help” or enhance how the application operates. In Kubernetes, a pod is a group of one or more containers with shared storage and network. A sidecar is a utility container in a pod that’s loosely coupled to the main application container.
Sidecar Pros: Scales indefinitely as you increase the number of pods. Can be injected automatically. Already used by serviceMeshes.
Sidecar Cons: A bit difficult to adopt, as developers can't just deploy their app, but deploy a whole stack in a deployment. It consumes much more resources and it is harder to secure because every Pod must deploy the log aggregator to push the logs to the database or queue.
Refer to the documentation for more information.
QUESTION
We are using Linkerd 2.11.1 on Azure AKS Kubernetes. Amongst others there is a Deployment using using an Alpine Linux image containing Apache/mod_php/PHP8 serving an API. HTTPS is resolved by Traefik v2 with cert-manager, so that in coming traffic to the APIs is on port 80. The Linkerd proxy container is injected as a Sidecar.
Recently I saw that the API containers return 504 errors during a short period of time when doing a Rolling deployment. In the Sidecars log, I found the following :
...ANSWER
Answered 2022-Mar-04 at 01:07 annotations = {
"config.linkerd.io/inbound-port" = "80"
}
QUESTION
ANSWER
Answered 2022-Mar-02 at 22:16$src_file = $_SERVER["DOCUMENT_ROOT"] . "\\include\\excel.csv";
$row = 1;
$count = 0;
if (($src_file_handle = fopen($src_file, "r")) !== FALSE) {
$current_category = '';
$current_topic = '';
while (($data = fgetcsv($src_file_handle, 0, ",")) !== FALSE) {
if ($count == 0)
$count++;
else {
$skip_category = ($current_category != $data[3]) ? false : true;
$skip_topic = ($current_topic != $data[1]) ? false : true;
echo (!$skip_category) ? "" : "";
echo (!$skip_category) ? "" . $data[3] . "" : "";
echo (!$skip_topic) ? " " . $data[1] . "" : "";
echo " " . $data[2] . "
";
echo (!$skip_category) ? "" : "";
$current_category = $data[3];
$current_topic = $data[1];
}
}
fclose($src_file_handle);
}
QUESTION
We have cluster with Istio and also Jenkins job to get "stable" pods, which uses this kubectl
query:
ANSWER
Answered 2022-Feb-16 at 21:09What about something like this?
QUESTION
I consider if there is a way to use Istio to translate opaque token to JWT.
Use case: There are two services (service 1 which is consumer and service 2 which is producer) Service1 works with opaque token, Service2 can be authenticate & authorize with JWT token. To avoid adding Opaque token authentication in service2 I consider if we can use sidecar pattern (exactly in Istio) to get request (re1) from service1, extract authorization header, pass request (authReq1) to authorization server for exchange opaque token to JWT and then pass request (req1 but with JWT instead of original Opaque Token) to service2.
Edited answer: I see two option (option1, option2) but I am interested in option 3.
...ANSWER
Answered 2022-Feb-15 at 14:48I consider if there is a way to use Istio to translate opaque token to JWT.
Unfortunately, Istio won't be able to translate the tokens. In your case, it seems to me that the easiest way is to get services in such a way that they work on one type of token.
Translation is possible, but not by Istio. Look at this question. You can also read more about Istio Authentication:
Istio provides two types of authentication:
Peer authentication: used for service-to-service authentication to verify the client making the connection. Istio offers mutual TLS as a full stack solution for transport authentication, which can be enabled without requiring service code changes. This solution:
Provides each service with a strong identity representing its role to enable interoperability across clusters and clouds. - Secures service-to-service communication. - Provides a key management system to automate key and certificate generation, distribution, and rotation.
Request authentication: Used for end-user authentication to verify the credential attached to the request. Istio enables request-level authentication with JSON Web Token (JWT) validation and a streamlined developer experience using a custom authentication provider or any OpenID Connect providers, for example:
In all cases, Istio stores the authentication policies in the
Istio config store
via a custom Kubernetes API. Istiod keeps them up-to-date for each proxy, along with the keys where appropriate. Additionally, Istio supports authentication in permissive mode to help you understand how a policy change can affect your security posture before it is enforced.
QUESTION
I am following this guide.
Ingress requests are getting logged. Egress traffic control is working as expected, except I am unable to log egress HTTP requests. What is missing?
...ANSWER
Answered 2022-Feb-07 at 17:14AFAIK istio collects only ingress HTTP logs by default.
In the istio documentation there is an old article (from 2018) describing how to enable egress traffic HTTP logs.
Please keep in mind that some of the information may be outdated, however I believe this is the part that you are missing.
QUESTION
I have been working on creating a application which can perform verification test on the deployed istio components in the kube-cluster. The constraint in my case is that I have run this application as a pod inside the kubernetes and I cannot provide cluster-admin role to the pod of the application so that it can do all the operations. I have to create a restricted ClusterRole
just to provide enough access so that application list and get all the required deployed istio resources (Reason for creating a cluster role is because when istio is deployed it created both namespace level and cluster level resources). Currently my application won't run at all if I use my restricted ClusterRole
and outputs and error
ANSWER
Answered 2022-Feb-01 at 07:46As OP mentioned in the comment problem is resolved after my suggestion:
Please run the command
kubectl auth can-i list pods --namespace istio-system --as system:serviceaccount:istio-system:istio-deployment-verification-sa
and attach result to the question. Look also here
OP has confirmed that problem is resolved:
thanx for the above command using above I was finally able to nail down the issue and found the issue to be with first resourceName and second we need to mention core api in the api group before any other. Thank you issue is resolved now.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install sidecar
Sidecar is available from NuGet, or as a manual download directly from GitHub. To install from NuGet, run the following command in your instance of Visual Studio.
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page