Prometheus Featured Federated Prometheus to reduce Metric Cardinality How to reduce Istio metric cardinality following a migration to telemetry v2 - using Prometheus Federation and Rollup recording rules
Istio Istio: 503's with UC's and TCP Fun Times 503 errors are commonly seen by Istio users, but it's a bit of a catch-all error code. This blog helps you debug them using tcpdump and istio-proxy logs
Cloud Hosting Ghost for (almost) nothing How to host a Ghost blog, with domain, and TLS for around £10/year.
GCP Managing your costs on Kubernetes I've been doing quite a lot of work around managing cost in Public Cloud recently, specifically with Kubernetes and Google Cloud Platform. One of the key topics of conversation that always gets brought up during on-prem/private cloud to public cloud migrations is cost. There is generally a
Nginx Creating an OpenWAF solution with Nginx, ElasticSearch and ModSecurity Creating an OpenWAF solution using NGINX, ElasticSearch and ModSecurity.
Docker Securing microservices in the Enterprise I've had a couple of really interesting conversations over the past few months about the complexities of deploying microservices in typical large enterprises, so decided to take some time to pull my thoughts together. Before we start however, I want to ground some terminology: * Microservice: Everyone loves a
AWS Serverless vs Kubernetes Serverless vs Kubernetes, and why I think they're trying to achieve the same thing - virtualised infrastructure abstraction.
Nginx Securing your website Basic steps to have a more secure website, and achieve an A+ rating on Mozilla Observatory.
Kubernetes NGinx Lua scripting to reload configuration Bear with me... I know the first thing you're probably thinking is "why the hell would he want to do that?!", well, let me explain... I was recently building a horizontally scalable deployment of NGinx pods [https://github.com/Stono/docker-nginx-letsencrypt] on kubernetes. They had shared
Docker Using Docker containers as Systemd services If you've read any of my recent posts, you'll know I've recently swithed from MacOSX to Linux. One of the things this has done is made me realise just how much stuff I had installed with brew on MacOSX - for example; Redis [https:
Docker Fuse filesystem mount in Kubernetes The Use Case I have been thinking about this problem for a while now. I have an NGinx container/pod, that use LetsEncrypt [https://letsencrypt.org/] for automatic SSL certificate generation (See my container [https://github.com/Stono/docker-nginx-letsencrypt] over on Github). In short, when the container starts - it
Linux FacetimeHD Camera on Linux I recently migrated away from MacOSX to Korora (Fedora) 25, Linux on my 2016 Macbook Pro. One of the components I struggled to get working was the FacetimeHD (Broadcom 1570) camera, until I came across this driver [https://github.com/patjak/bcwc_pcie], which seems to work nicely on my
Docker Big Data, Small Cloud I have decided to learn about data, Big Data, really Big Data in fact. It's going to be an adventure, and this is your invitation. The pretext I was at the GCP Next '16 conference in London towards the end of last year, watching Reza Rokni, GCP
Security Are the Googles watching? Tinfoil Hat Alert! In summary, I've had a couple of situations recently where things that I have been verbally discussing with people have then quickly appeared as adverts in various places... My first thought was that multiple people in the room use Android, and on occasion, one of
Node.JS Free SSL Certificates with LetsEncrypt and Docker Everyone loves security, yeah?! Up until recently, it's cost a fair whack of money to use SSL certificates on your website. This has been a barrier for a lot of smaller website, which subsequently leaves them vulnerable to common attacks such as man in the middle. Then comes
Ghost Ghost Contact Form Ghost, the blogging platform that I use for this site is relatively new to me, so I'm having to work out things as I go. I'll share them; to save you some pain should you be having the same troubles! Firstly, the platform doesn't
Node.JS AWS Lambda Logs into SumoLogic How to ship AWS Lambda logs to SumoLogic, using yet another Lambda on top of CloudWatch
Ruby Using JSON in chef cookbook attributes One of the little niggles with chef that annoys me is the fact you can't use a JSON file for cookbook attributes, yet role and node attributes are in JSON, instead you're stuck with having to transpose between ruby and JSON. This little trick works around
CI Jenkins Pipeline Step: Outdated NPM Modules How to keep on top of outdated dependencies as part of your CI and CD process, using npm-check-updates and Jenkins.
Redis Redis + Sentinel behind HAProxy Just a quick note, I recently worked out how to have a single IP for your Redis set. Take the following scenario where you have three Redis instances, one master and two slaves. You also have three Redis sentinels which are managing the master/slave state of this set. I
CI Jenkins Pipeline Step: Node Security Project How to run continuous vulnerability scanning using the node security project in your CI/CD pipelines.
Node.JS Revealing Module Pattern and Promises If you're classes are creating immutable objects, for example using the revealing module pattern described at this site, you'll notice that you're unable to use Promise.promisifyAll() on the object (quite rightly) as it can't mutate the frozen object to add the
Ruby MigSQL Migration Tool I've made a little lightweight ruby bin executable to handle MS SQL migration (up/down/targetted version) within a CI environment. Why? I needed a simple way to manage up/down sql scripts within our CI environment for a bunch of existing, very old MS SQL servers. If