DevOps

How to grant Cross AWS Account Access Resource by resource-based policies in microservices

Recently, our payment service is building with serverless Event-Driven Architecture with SNS, SQS, and lambda function, this will support the Event callback with core payment event service (the following will show as core event service), and this core event service are integration muli-purchase 3rd vendor to one interface.

When a user has subscriptions behavior in our platform, each action send to 3rd party vendor, the 3rd party vendor will create an Event to core event service, and the core event service send the callbacks Event to project payment service’s SNS, for the final process, project service need provide a cross VPC account access SNS grants to core Event service:

3rd vendor --(callback event)--> core event service --(callback event)--> project

Continue Reading

How Manage Aws Ecs Sensitive/Non-Sensitive Environment Variables

When developing an APP in ECS, We need to pass the environment variables to the tasks container.

Because we have sensitive and non-sensitive environment variables, so we need to take care in choosing the policy.

Continue Reading

Troubleshoot on AWS Elb Return 5xxs Error: 504 Gateway Timeout

We have a service that sometimes got a 504 Gateway Time-Out response from ELB( actually is CLB).

When investigating the root cause, we found out that CLB’s 3 instances are normal in the current two weeks, and the 504 time-outs happened in CLB.

Continue Reading

What different key features between Http1 Http2 Http3?

In this article, we will introduce the main key features of HTTP 1.0, HTTP 1.1, HTTP 2.0, and HTTP 3.0.

HTTP1.0

HTTP1.0 was published in 1996 and already obsoleted.

In HTTP1.0, each request needs to make TCP 3-way-handshake connection, which means will high cost for time-consuming and low efficiency.

Continue Reading

Getting Start install Gitlab Runner in AWS EC2 and Regist

In this article is a tutorial to get started with GitLab Runner, will show you how to install runner in AWS EC2 and registrations to GitLab.

Before you start, you need to make sure local with the following configuration:

  • login AWS CLI
  • Docker
  • nodejs

Continue Reading

Develop and Debug Aws Lambda Function in Local by Vscode

AWS CLI tool - AWS SAM CLI

AWS SAM CLI is a AWS CLI tool that allows you to develop, test and analysis your application in the local environment.

In MAC environment, install SAM tool by brew:

brew tap aws/tap
brew install aws-sam-cli
sam --version

Continue Reading

Aws Opsworks Introduction

Opsworks Introduction AWS OpsWorks is an configuration management service that provides an easy way to create and manage AWS stacks and application. You can preset your AWS resourcce and manage the configuration, deploy those resources and monitor the status of the resources activity.

Continue Reading

How to Setting Kubernetes Secret to Pod Local File

This is part II to illustrate how to setting secret to kubernetes pod local file.

(Aobut the setting secret to environment variables can reference : How to setting kubernetes secret to environment variables )

In Kubernetes, some sensitive information needs to be managed in Pods, which can be managed by Kubernetes secret.

Here we will demonstrate how to manage secrets and save to pod local file.

Continue Reading

How to setting Kubernetes Secret to environment variables

In Kubernetes, some sensitive information needs to be managed in Pods, which can be managed by Kubernetes secret.

Here we will demonstrate how to manage secrets.

Continue Reading

Getting start to run kubernetes

This article will illustrate how to run a Kubernetes in mac M1 local, and learn how to use kubectl command to deploy a service. More detailed concept can reference Kubernetes documents

Continue Reading

What Is Sli Slo Sla and User Facing

A service provider probably has a technology-related service contract with the client to promise about the service level availability and usability.

Here we will discuss service level terminology about SLI/SLO/SLA and User-Facing:

Continue Reading

Saltstack introduction - How to install salt master and salt minion

Saltstack is an automatic configuration management tool, easy extension infrastructure, and high performance.

Using Saltstack can easy to manage large-scale servers, include dynamic connections, can be used for remote/local execution, config management, etc.

Continue Reading

Terraform 安裝與運行

Terraform 安裝與運行

Terraform 安裝與運行

Terraform 是由 HashiCorp 開發的一套 Infrastructure as Code 工具。

這裡記錄 Terraform 基本安裝及設定的步驟,示範如何在 GCP 建立一個 instance。

Continue Reading

GCP 佈建 Kubernetes 入門 - 使用 Kubernetes Engine

GCP 佈建 Kubernetes 入門 - 使用 Kubernetes Engine

GCP 佈建 Kubernetes 入門 - 使用 Kubernetes Engine

在這裡記錄如何從 GCP 建立起 Kubernetes Engine 建立起 cluster 流程:

Continue Reading

Ansible 配置管理與部署入門

Ansible 配置管理與部署入門

Ansible 配置管理與部署入門

簡介

Ansible 是一個開源的系統自動化工具,擁有配置系統,任務排程,可以透過代碼來管理我們的infra,可以進階設計出一些 CI/CD 流程等功能。Ansible 預設使用 SSH 來進行遠端主機管理,Ansible 1.3 之後的版本可以透過本地的 OpenSSH 與遠端的主機進行通訊,如果是在比較老舊的作業系統,則會採取 paramiko 的相對應做法。

Continue Reading

Kubernetes (K8S) - Mac 本地執行練習上手 如何用 K8S 快速佈建一個 Go Server

Kubernetes (K8S) - Mac 本地執行練習上手 如何用 K8S 快速佈建一個 Go Server

Kubernetes (K8S) - Mac 本地執行練習上手 如何用 K8S 快速佈建一個 Go Server

如何在 Mac 本地快速透過 K8S 啟用一個服務,這裡以一個簡易的 go server 為例子,一步步來說明如何啟動。

Continue Reading

SSH Secure Tunneling (Proxy&Port Forwarding)

SSH Secure tunnel forwarding

在 SSH 連線有一個 Secure Tuunel (加密通道)方式,

可以將 local 與remote server 之間建立一條 secure tunneling 通道。

這通道的方向可以是 local -> server 或者 server -> local。

首先關於 local to server 以 L (left) 表示, server to local 以 R (right) 表示。

其中在通道的傳輸都是透過 SSH 22port 來做 proxy,以下會再舉例說明:

Continue Reading

Laradock Redis Production 環境配置

Laradock Redis Production 環境配置

Laradock 在開發測試環境相當方便,但是若是對外暴露的情況下,則會由一定的安全設定需要處理。

這裡記錄過去在開設測試環境時,經常會使用到的設定方式:

Continue Reading

如何在 CentOS7 安裝 FFmpeg

如何在 CentOS7 安裝 FFmpeg

FFmpeg 是一個非常強大的影音串流及轉檔服務,這裡主要說明如何在 CentOS7 安裝 ffmpeg

安裝 FFmpeg

在 CentOS7 沒有 FFmpeg 相關的核心套件可以直接下載,因此需透過 Nux Dextop repository 來安裝。

首先,先更新 package

Continue Reading

解決 Docker build apt-get update "-yqq" failed Failed to fetch http://xxx 與 IPv4 forwarding is disabled 問題

在試用某家 VPS 廠商的服務時,發現在執行一些服務安裝時,使用 apt-get update -yqq 出現了一些錯誤,在這裡記錄下問題發生的可能原因及解決方案:

WARNING: IPv4 forwarding is disabled. Networking will not work

遇到這問題,解決方式可以直接在系統 sysctl 設定加入允許 ipv4 forward

開啟 sysctl 設定檔案

vim /etc/sysctl.conf

加入以下代碼

Continue Reading