Kubernetes

The Problem You have a (headless) background worker process that needs to communicate its readiness to kubernetes. The Solution ASP.NET Core provides a decent approach to performing a series of agnostic health checks. There are hundreds of health probes available such as Network, Elasticsearch, Kafka and NpgSql. However being part of ASP.NET Core, does mean that some of these dependencies, such as Microsoft.AspNetCore.Diagnostics.HealthChecks package, will bleed into the worker as a needed dependency. The plus side is that you can avoid reinventing the wheel. ...

Trying to deploy an NGINX container to an OpenShift cluster today, ran into: nginx: [emerg] mkdir() "/var/cache/nginx/client_temp" failed (13: Permission denied) To do some investigating spun up a new Pod an attached an interactive shell using oc: oc run --rm -i -t frontend --image=artifactory.evilcorp.com/frontend:1.0.0 --restart=Never --command -- /bin/sh Indeed a quick ls -la /var/cache revealed that the nginx subdirectory is writtable by root. No good for OpenShift, which by default is non-root: ...

Kubernetes provides a neat concept for managing sensitive pieces of data, the Secret A Secret is an object that contains a small amount of sensitive data such as a password, a token, or a key. Such information might otherwise be put in a Pod specification or in a container image. Using a Secret means that you don’t need to include confidential data in your application code. Secret text is by default base64 encoded. For this reason it’s recommended that secret definitions are not published to git. ...