Olivier Dauby's questions -server

Olivier Dauby

Asked: 2019-04-18 06:06:09 +0800 CST

How to grant a Service Principal access to AKS API when RBAC and AAD integration are activated?

2

I need to grant a process (build pipeline) RBAC access to AKS API for deployment purposes. But the target AKS cluster has AAD integration active (as described here)

I was expecting to be able to access the AKS API's with a simple Service Principal, but I'm redirected to a devicelogin page:

$ az login --service-principal  --username [REDACTED]-XXXX-XXXX-XXXX-XXXXXXXXXXXX --password [REDACTED]XXxxXXxxXXxxxXXXxxXXxxXXxx= --tenant [REDACTED]-XXXX-XXXX-XXXX-XXXXXXXXXXXX

$ az aks get-credentials -n oli-aksdemo01 -g oli-aksdemo01
Merged "oli-aksdemo01" as current context in /home/olivier/.kube/config

$ kubectl get nodes
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code C2NP77EGR to authenticate.

:-(

Is there a way to avoid the devicelogin page when authenticating a Service Principal on an AAD-integrated AKS cluster on Azure ?

Olivier Dauby

Asked: 2017-12-15 02:31:23 +0800 CST

How to mount azurefile persistentVolume in a Kubernetes pod with non-root user rights?

0

I'm running a Kubernetes 1.8.4 cluster on Azure (populated with acs-engine v0.10).

I need to run a Redis pod with data persistency, so I'm using persistentVolume / persistentVolumeClaim with azurefile storageClass so that Redis can save to that volume.

Problem is that Redis container is running with redis:redis user and that Kubernetes mounts the volume with a root:root ownership and 0700 access mode.

=> So Redis can't write to that volume and dies.

Normally I'd fix this with mountOptions, but I fear this option is not supported for AzureFiles as per Kubernetes documentation:

Note: Not all Persistent volume types support mount options.

Did anybody ever managed to mount AzureFiles volumes in a Kubernetes pod with non-root access ? If so, I'd love to know how :-)

TIA!

Olivier Dauby

Asked: 2016-09-15 06:04:44 +0800 CST

How to handle Redis raising memory fragmentation?

9

I have a Redis 3.0.5 instance that tend to show growing mem_fragmentation_ratio over time.

The application using that instance is constantly creating and deleting keys.

After one month, I end up with a mem_fragmentation_ratio > 1.30. This impacts the memory footprint of Redis on that server:

~$ redis-cli info memory
# Memory
used_memory:7711297480
used_memory_human:7.18G
used_memory_rss:10695098368
used_memory_peak:11301744128
used_memory_peak_human:10.53G
used_memory_lua:95232
mem_fragmentation_ratio:1.39
mem_allocator:jemalloc-3.6.0

If I restart the Redis service and reload from AOF, mem_fragmentation_ratio goes back to acceptable level (1.06):

~$ redis-cli info memory
# Memory
used_memory:7493466968
used_memory_human:6.98G
used_memory_rss:7924920320
used_memory_peak:8279112992
used_memory_peak_human:7.71G
used_memory_lua:91136
mem_fragmentation_ratio:1.06
mem_allocator:jemalloc-3.6.0

Recycling Redis is impacting for our application (even if we do this with a Sentinel failover after a slave restart).

Is there another way to reduce mem_fragmentation_ratio, like a 'defragmentation' process that I could schedule off-peak ?

Olivier Dauby

Asked: 2015-10-20 05:30:42 +0800 CST

Azure internal DNS search suffixes

0

I mainly use Azure for IaaS purposes (Linux and Windows VM's). We have a strict Front-End (FE) / Back-end (BE) segregation policy.

FE and BE are in the same Virtual Network, but in different Subnets/Cloud Services.

I've noticed that FE and BE VM's are getting different DNS suffixes via DHCP:

FE machines get frontend-something.a9.internal.cloudapp.net as DNS search suffix
BE machines get backend-something.a1.internal.cloudapp.net as DNS search suffix

FE machines can reach each other simply by hostname thanks to this search suffix but can't reach BE machines unless I add the BE DNS search suffix in their config.

My question is: Is there a way (via PowerShell / Azure CLI) to find out what DNS suffix is used in a subnet/Cloud Service ?

I need this to automate deployments and I can't predict what the internal DNS search suffix will be (like the "a9" and "a1" that I don't control and that appear in the DNS search suffixed examples above).

Kind Regards,

O.

Olivier Dauby

Asked: 2015-08-26 05:50:30 +0800 CST

Redis memory usage impact on performance

0

While performing health checks of a Redis 2.8.19 setup running on an 30GB Ubuntu Server 14.04 LTS, I noticed that Linux memory usage was split as follows:

Used memory : 10GB
Cached Memory : 10GB
Free : 10GB

The Redis database is going to grow in the future and I need to forecast next memory upgrade. As a rule of thumb, I trigger an upgrade when 70% of any resource is reached.

My question is: Will Redis performance be impacted when Used memory + Cached memory will reach the 30 GB barrier? (and yes, swap is configured :) )

Kind Regards,

O.

How to grant a Service Principal access to AKS API when RBAC and AAD integration are activated?

How to mount azurefile persistentVolume in a Kubernetes pod with non-root user rights?

How to handle Redis raising memory fragmentation?

Azure internal DNS search suffixes

Redis memory usage impact on performance

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?