Monitoring Your Kubernetes Cluster + Auto Scaling GCE + Regular GCE Instances on Google Cloud Platform with Prometheus, Grafana and Graylog

Monitoring Your Kubernetes Cluster + Auto Scaling GCE + Regular GCE Instances on Google Cloud Platform with Prometheus, Grafana and Graylog

Intro As one can understand from the topic, I had a task to set up monitoring for a project on Google Cloud Platform, which consisted from: regular GCE instances GCE auto scaling instances Kubernetes cluster This project had to have its own monitoring, which, in turn, had to be integrated with the main Prometheus instance used to monitor for many other projects that did not have their own Prometheus instance. The tech stack that is going to be used to…

Read More Read More

Limit Access to Your GKE Kubernetes Pods on Google Cloud Platform

Limit Access to Your GKE Kubernetes Pods on Google Cloud Platform

Currently, there are 3 ways of applying GCP Firewall rules to your instances: All instances in the network Specified target tags Specified service account Unfortunately, none of these will work, if you want to allow a certain port of some container to be accessed by a limited number of IPs. I had a case where client’s Prometheus that was being run as a Kubernetes Pod should have been accessed by the main Prometheus instance (used for centralized monitoring) in order…

Read More Read More

OpenVPN + iptables: Limit Access To Your Internal Services on Google Cloud Platform

OpenVPN + iptables: Limit Access To Your Internal Services on Google Cloud Platform

IMPORTANT This article does not cover GCE instance creation and OpenVPN installation steps – there are a lot of guides on the Internet. Just make sure you enable IP Forwarding during instance creation in order for your VPN to work. Why VPN? Now that people more and more often use cloud computing services, they don’t really need VPNs, because all your cloud services share the same internal network. Moreover, you can create your own private subnets in a few mouse…

Read More Read More

GitLab CI + Kubernetes Executor: Setup and Typical Issues

GitLab CI + Kubernetes Executor: Setup and Typical Issues

Intro GitLab Runner has several types of executors, and the most widely used are shell and docker. While everything is clear about these two, the kubernetes executor type is not that popular. First, Kubernetes itself is a specific software and it does not fit every project; second, the kubernetes executor is a good choice in case your CI jobs require much server resources, which usually are CPU and RAM, but you don’t want to be extra charged for the time…

Read More Read More

ConfigServer Firewall (CSF) + Docker

ConfigServer Firewall (CSF) + Docker

CSF is a front-end for the IPTables firewall, so if you have it installed, CSF overwrites any IPTables rule added manually, each time you restart it. Docker has its own set of IPTables rules which are required for communication between containers. It also overwrites IPTables rules each time you restart it. So, in order to resolve possible conflicts between these programs, one should do the following: Add all Docker firewall rules to a shell script that will be executed by…

Read More Read More

cPanel backup API Script

cPanel backup API Script

This is a simple script that sends an API call to the cPanel server to create a full cPanel backup. It can be useful in the following cases: the hosting provider has removed a link to the “Backup” feature from cPanel (if “Backup” is disabled for the cPanel account, then API will not help in this situation) there may be an issue at the hosting provider’s end when cPanel shows that a backup has been started, however, in fact, it has not.

Reseller Transfer Script

Reseller Transfer Script

This script helps to transfer cPanel accounts between servers with the reseller access level. It can be used in the following transfer cases: reseller – reseller root – reseller (If we do not have SSH access to the source server; as a result, WHM’s Transfer Tool cannot be used) reseller – root (obviously, we will not be able to use the Transfer Tool here) The script has got several options: Show pre-transfer information (inode/disk usage, SSL сertificates and basic cPanel server configuration) using…

Read More Read More