sidecar | Project moved to https | Generator Utils library

We have a sidecar running an API at localhost:myportnumber (lets say 8888 for this example), and we are trying to reference it from the main container in the same pod.

Does the main container need to be aware of the port the sidecar is running on? (like by creating an environment variable equal to 8888?)

Or is there a convenient way we can reference the sidecar using something similar to cluster ip (like namespace.servicename.sidecarname), or by creating a HostAlias?

I'm currently working as an intern and have to host a microservice application. I chose to use AWS ECS in combination with Fargate tasks to host a Consul Connect Service Mesh that provides service discovery, intentions, Mtls and so on for the application. My set-up is as follows:

• 1 Fargate task (in a service) with a Consul server container.
• x Fargate tasks (in a service) with a Consul agent, Consul Connect sidecar and a microservice container.

I am using CloudFormation to deploy that infrastructure automatically.

The problem:

I need to join the Consul agent running in one Fargate-task to the Consul cluster started in another Fargate task (task of the server) using CloudFormation. The problem I have with doing that is that I did not find any way to get the IP address to join the agent to the cluster.

Does anyone know how I can get the IP address of a Fargate task in CloudFormation or the best practice way of doing this?

If I am not mistaken you can only join a Consul agent to a Consul cluster using IP, DNS name or Cloud metadata. The first and second one I could not retrieve using CloudFormation and for the third one I found that it might not be possible (I could be wrong, but thats what I read so far).

Also I tried both the Consul agent -ui [...] -join and -retry-join flag, but neither one worked. I also tried creating an internal loadbalancer for the task with the Consul server from which I used the DNS name to try to join the Cluster, but that did not work either (I have never set-up a loadbalancer properly on AWS yet so I might have done that wrong). I tried that with the loadbalancer forwarding traffic to port 8500 (which was the wrong port I think) and afterwards with port 8301 (which I think was the right port). But I kept getting the message that there was no Consul Cluster on that address.

Can anyone tell me how I can proceed?

Thank you in advance!

I'm having major problems getting Dapr up and running with my microservices. Every time I try to invoke another service, it returns a 500 error with the message

Very new to dapr and docker.

I followed along the dapr getting started. The simple hello world state management example worked fine. Yes Bruce, we all know you are Batman.

So next I built the weather forecast multi-container example for .NET Core. This worked beautifully. (I named my front-end razor pages "wxui" and the back-end webapi "wxapi").

Finally, I wanted to try my hand at adding state management to the weather forecaster example. I modified the front-end Razor Pages app to store and retrieve a bit of state and added a redis container to my docker-compose file.

Things are not going well.

The wxui-dapr container is exiting with this message:

time="2021-05-20T22:47:50.3179068Z" level=fatal msg="process component statestore error: redis store: error connecting to redis at localhost:6379: dial tcp 127.0.0.1:6379: connect: connection refused" app_id=wxui instance=69254f9724b0 scope=dapr.runtime type=log ver=1.1.2

I'm going to guess that the dapr sidecar container is not mapping local port 6379 to the redis container. But I have no idea how to test or fix that.

Here's my docker-compose.yml file, if that's useful:

How to enable sidecar injection using IstioOperator? This is my config and it is not enough for that.

I'm using helm3. My kubernetes deployment get crashed on 43 line of code below.

Error in console: error converting YAML to JSON: mapping values are not allowed in this context

yaml lint says this: (): found unexpected ':' while scanning a plain scalar at line 43 column 19

Whats wrong with that line?

wrong one:

I'm trying to configure a daemonset to run on the global pid namespace resulting the ability to see other processes in the host, including the containers' processes.

I couldn't find an option to achieve this. In general, what I'm looking for is close to the sidecar container shareProcessNamespace attribute only on the host level.

I am trying to run a CI system which works for DB migration scripts. So this could prevent us from running sql scripts which do not work at the migration time because of syntax errors. For our local setup we use docker-compose and run multiple containers at a time. This is unfortunately not an option for us in Jenkins pipeline

I created this Jenkinsfile with the following strategy.

1. A postgres container is run with more or less default parameters
2. Another postgres container is linked to the first container, only to use pg_isready commandline to wait until the DB is ready to take connections
3. Use flyway container to run DB migrations against the DB setup in step 1. Eventually planned to run E2E tests also with web applications

My implementation is based on the documentation here (running docker sidecar). However, this is not working and the first container (step 1) seems to be stopping. I added some additional debugging (try catch) to see the logs of this container

Content of my Jenkinsfile

im trying to setup a forward-proxy within eks, using an envoy sidecar-containers, which is supposed to conduct TLS origination; I.e. the envoy gets a http-request from the main-container, performs ssl-encryption and validates the ca using the file ca-certificates.crt. The envoy-configuration is based on the official documentation (https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/dynamic_forward_proxy_filter#config-http-filters-dynamic-forward-proxy).

The envoy mounts the ca-file ca-certificates.crt from aws secrets manager to /etc/cert-volume/ca-certificates.crt, which seems to work, since the file exists within the container.

The ca-certificates.crt file seems to be valid as well, since the following cmd, run from my local machine, gives a HTTP 302 Found (remote wget doesnt support --ca-certificate parameter):