I am using cert-manager to manager SSL certificates on kubernetes. Certificates are stored as secrets in my namespace. I'll have to generate near 1 000+ certificates but I read that it is "dangerous" to have a high number of secrets because it could block start of kubernetes when starting new nodes for example.
Do you have more information about how many secrets could be critical ? How many certificates are you managing by cert-manager and is your k8s cluster safe ?
I am upgrading an old Gitlab (manually installed) from 5.0 to 8.0 through 5.1, 6.0, 6.1, 7.14 and 8.0. Every steps were ok except the access through HTTPS with git command lines, in all versions.
A git clone over SSH iw working.
A git clone over HTTPS returns fatal: Authentication failed for.
If I modify a project by placing it as public, git clone over HTTPS works.
Web interface is working fine and I can log in to without issue.
What I am missing in the configuration ?
The SSL certificate used is a Let's Encrypt certificate.
I am configuring an apache/SSO authentication with an AD with Kerberos. My http server is a Debian Wheezy and the AD is a Windows Server 2012.
I generated keytabs files on WS2012 with kpass command for each encryption type available on WS2012.
When I try to open a session with a user [email protected] with kinit, it works.
When I try to open a session with my HTTP/[email protected], I get the message:
kvno HTTP/[email protected]
kvno: KDC has no support for encryption type while getting credentials for HTTP/[email protected]
Also, when I check encryption used for [email protected], I have:
root@SERVER:~# klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [email protected]
Valid starting Expires Service principal
03/04/2015 12:48:21 03/04/2015 22:48:17 krbtgt/[email protected]
renew until 04/04/2015 12:48:21, Etype (skey, tkt): arcfour-hmac, arcfour-hmac
I tried to customize my /etc/krb5.conf with:
default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
And by using the keytab file encrypted with arcfour-hmac without success.
I don't understand how to change encryption type used to communicate, why it always wants arcfour-hmac and why when I give it arcfour-hmac encryption, nothing change...
How to be sure that /etc/krb5.conf changes are effective and how to make the Kerberos ticket generation work too?
I have 2 web servers to provide PHP websites.
One server is : Apache + PHP-FPM + APC
The other : Apache with MPM-itk + APC.
For both of these servers, APC has no cache system entries but only users cache entries as you can see on the screenshot. APC with only users cache entries
APC configuration is :
apc.cache_by_default 1
apc.canonicalize 1
apc.coredump_unmap 0
apc.enable_cli 0
apc.enabled 1
apc.file_md5 0
apc.file_update_protection 2
apc.filters
apc.gc_ttl 3600
apc.include_once_override 0
apc.lazy_classes 0
apc.lazy_functions 0
apc.max_file_size 2
apc.mmap_file_mask
apc.num_files_hint 1000
apc.preload_path
apc.report_autofilter 0
apc.rfc1867 0
apc.rfc1867_freq 0
apc.rfc1867_name APC_UPLOAD_PROGRESS
apc.rfc1867_prefix upload_
apc.rfc1867_ttl 3600
apc.shm_segments 1
apc.shm_size 256
apc.stat 1
apc.stat_ctime 0
apc.ttl 7200
apc.use_request_time 1
apc.user_entries_hint 4096
apc.user_ttl 7200
apc.write_lock 1
Does anyone know why APC acts like this and how to make it work well ?
Thank you for your help!