№ 11806 В разделе
Sysadmin
от August 19th, 2022,
В подшивках: Docker, MySQL
FLUSH TABLES WITH READ LOCK;
SET GLOBAL read_only = ON;
SHOW MASTER STATUS;
, записать координаты лога в slave/init.sqlrsync -av /srv/mysql/mysql-data/ root@10.127.31.13:/srv/mysql/mysql-data/ --delete
start slave;
show slave status;
slave-skip-errors = 1062
Репозиторий с конфигами и sql файлами https://git.blindage.org/21h/docker-mysql-replication
№ 11332 В разделе
Sysadmin
от August 27th, 2021,
В подшивках: Docker, Kubernetes
Microk8s includes docker registry feature but absolutely not secure, just for local developers use.
So remove old service “registry” (NodePort) and create new one:
apiVersion: v1 kind: Service metadata: name: registry-external namespace: container-registry labels: app: registry spec: ports: - port: 5000 name: registry protocol: TCP targetPort: registry selector: app: registry type: ClusterIP
New service points to the same place but not opens port 32000.
Now create secret, do not change filename, its important:
htpasswd -bc auth kubernetes PruedAtshyohuciabIdcav kubectl create secret generic basic-auth --from-file=auth --dry-run -o yaml
Good! Add new secret to your kube.
apiVersion: v1 data: auth: a3ViZXJuZXRlczokYXByMSRHQXNKamVGbiRzWFNDSVNxOGwuYVlwTkhTajlpQ2EuCg== kind: Secret metadata: creationTimestamp: null name: basic-auth
And now create ingress resource with basic auth pointed to new secret
apiVersion: extensions/v1beta1 kind: Ingress metadata: annotations: cert-manager.io/cluster-issuer: letsencrypt-http01 kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600" nginx.ingress.kubernetes.io/auth-type: basic nginx.ingress.kubernetes.io/auth-secret: basic-auth nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required' name: registry namespace: container-registry spec: rules: - host: registry.k8s.huy.net http: paths: - backend: serviceName: registry-external servicePort: registry path: / tls: - hosts: - registry.k8s.huy.net secretName: tls-registry-k8s-huy-net
You did it!
№ 11256 В разделе
Sysadmin
от March 28th, 2021,
В подшивках: Docker, Helm, Kubernetes, Linux
Назвал ее monkey502. Внутри закодировано 4 картинки, которые меняются в зависимости от количества обновлений страницы. Также страница обновляется самостоятельно 1 раз в минуту чтобы пользователь продолжил работать с урла на котором все остановилось. Образ базируется на минимальном образе nginx unit всего с 1 статической страницей.
Установить helm chart и настроить nginx ingress controller можно по инструкции здесь https://hub.docker.com/r/iam21h/monkey502. По ссылке приведена глобальная конфигурация, для отдельных ингресов используйте аннотации.
№ 11183 В разделах: Programming
Sysadmin
от January 2nd, 2021,
В подшивках: Docker, Go, Kubernetes, Security, Vault
What if you stored your database credentials in Vault and want to make ENV variables with them for your application at container startup? You can do it for Kubernetes deployments or plain Docker containers with my small program vault-envs.
Add to your Dockerfile additional steps:
Add to your Dockerfile steps:
... ... # add Ubuntu\Debian repo and install vault-envs with fresh certificates RUN curl http://deb.blindage.org/gpg-key.asc | apt-key add - && \ echo "deb http://deb.blindage.org bionic main" | tee /etc/apt/sources.list.d/21h.list && \ apt update RUN apt install -y ca-certificates vault-envs # copy entrypoint script COPY entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh ENTRYPOINT ["/entrypoint.sh"]
Your entrypoint script will look like:
#!/bin/bash ... ... export eval `vault-envs -token "$VAULT_TOKEN" \ -vault-url https://vault.blindage.org \ -vault-path /prod/crm/connection_postgres -envs-prefix "PG_"` export eval `vault-envs -token "$VAULT_TOKEN" \ -vault-url https://vault.blindage.org \ -vault-path /prod/crm/connection_mysql -envs-prefix "MYSQL_"` export eval `vault-envs -token "$VAULT_TOKEN" \ -vault-url https://vault.blindage.org \ -vault-path /prod/crm/connection_api` ... ... exec "$@"
If some vars names is identical they will be overwritten at next vault-envs call, so I used prefix.
Now build image and run
docker run --rm -e VAULT_TOKEN=s.QQmLlqnHnRAEO9eUeoggeK1n crm printenv
and see results at container console:
... VAULT_RETRIEVER=vault-envs PG_DB_PASS=postgres PG_DB_PORT=5432 PG_DB_USER=postgres PG_DB_HOST=db-postgres PG_DB_NAME=crm MYSQL_DB_HOST=mysql.wordpress MYSQL_DB_PASS= MYSQL_DB_PORT=3306 MYSQL_DB_USER=root MYSQL_DB_NAME=wordpress API_HOST=http://crm/api API_TOKEN=giWroufpepfexHyentOnWebBydHojGhokEpAnyibnipNirryesaccasayls4 ...
Wooh! You did it.
№ 11114 В разделе
Sysadmin
от October 6th, 2020,
В подшивках: Docker, Linux
Typically its not useful because you can directly mount directory to containers, but… who knows? May be you just want it.
For example, you have directory on your hard drive and want to move files inside docker volume:
root@boroda:/tmp/future-volume# find . . ./somedir ./somedir/config.yaml ./file1 ./test.txt ./myfile2
Just run move (or copy) command in busybox container:
docker run --rm -it \ -v my-docker-volume:/destination \ -v /tmp/future-volume:/source \ busybox \ /bin/sh -c "mv /source/* /destination/ && find /destination"
This command mounts (or create if not exists already) volume, mount directory on disk and move files from disk to volume.
After move completion you’ll see tree on moved files:
/destination /destination/somedir /destination/somedir/config.yaml /destination/file1 /destination/test.txt /destination/myfile2
That’s all, easy.
Fortune cookie: A beat schizophrenic said, "Me? I am not I, I'm a tree." But another, more sane, Shouted, "I'm a Great Dane!" And covered his pants leg with pee.