Browsed by
Category: Linux Tips

In this section, I would like to gather solutions to some interesting issues I have ever faced. Why “gather” rather than “share”? Well, I am not sure if someone is going to read these articles or even visit this site, thus I am mostly writing them for myself :) But if you happen to read this, you are always welcome, and I hope you will find these small advises useful! :)

That being said, I am not interested in rewriting simple guides like how to install this or that software with “apt-get install”. Those can easily be googled. I would like to write down some notes here about issus that require a little bit more googling :)

Limit Access to Your GKE Kubernetes Pods on Google Cloud Platform

Limit Access to Your GKE Kubernetes Pods on Google Cloud Platform

Currently, there are 3 ways of applying GCP Firewall rules to your instances: All instances in the network Specified target tags Specified service account Unfortunately, none of these will work, if you want to allow a certain port of some container to be accessed by a limited number of IPs. I had a case where client’s Prometheus that was being run as a Kubernetes Pod should have been accessed by the main Prometheus instance (used for centralized monitoring) in order…

Read More Read More

OpenVPN + iptables: Limit Access To Your Internal Services on Google Cloud Platform

OpenVPN + iptables: Limit Access To Your Internal Services on Google Cloud Platform

IMPORTANT This article does not cover GCE instance creation and OpenVPN installation steps – there are a lot of guides on the Internet. Just make sure you enable IP Forwarding during instance creation in order for your VPN to work. Why VPN? Now that people more and more often use cloud computing services, they don’t really need VPNs, because all your cloud services share the same internal network. Moreover, you can create your own private subnets in a few mouse…

Read More Read More

GitLab CI + Kubernetes Executor: Setup and Typical Issues

GitLab CI + Kubernetes Executor: Setup and Typical Issues

Intro GitLab Runner has several types of executors, and the most widely used are shell and docker. While everything is clear about these two, the kubernetes executor type is not that popular. First, Kubernetes itself is a specific software and it does not fit every project; second, the kubernetes executor is a good choice in case your CI jobs require much server resources, which usually are CPU and RAM, but you don’t want to be extra charged for the time…

Read More Read More

ConfigServer Firewall (CSF) + Docker

ConfigServer Firewall (CSF) + Docker

CSF is a front-end for the IPTables firewall, so if you have it installed, CSF overwrites any IPTables rule added manually, each time you restart it. Docker has its own set of IPTables rules which are required for communication between containers. It also overwrites IPTables rules each time you restart it. So, in order to resolve possible conflicts between these programs, one should do the following: Add all Docker firewall rules to a shell script that will be executed by…

Read More Read More