Group items tagged

You can access the service on port 443 of any swarm node. Docker sends the requests to the node which is running the service.

--publish published=443,target=443

The most important aspect is that a load balanced cluster of registries must share the same resources

S3 or Azure, they should be accessing the same resource and share an identical configuration.

you must make sure you are properly sending the X-Forwarded-Proto, X-Forwarded-For, and Host headers to their “client-side” values. Failure to do so usually makes the registry issue redirects to internal hostnames or downgrading from https to http.

A properly secured registry should return 401 when the “/v2/” endpoint is hit without credentials

registries should always implement access restrictions.

REGISTRY_AUTH=htpasswd

REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd

The registry also supports delegated authentication which redirects users to a specific trusted token server. This approach is more complicated to set up, and only makes sense if you need to fully configure ACLs and need more control over the registry’s integration into your global authorization and authentication systems.

The S3FS plugin as of version 0.9.2 cannot delete an S3 bucket unless the bucket is empty, and has never been used (just created) as a Docker volume.

Starting with Docker 1.13 a new plugin system was introduced in which the plugin runs inside of a container.

Even though the plugin is a container image, you cannot start it using either docker image pull or docker container run; you need to use the docker plugin set of sub‑commands.

.tf files can accept values from input variables.

variable definitions can have default values assigned to them.

values are stored in separate files with the .tfvars extension.

looks through the working directory for a file named terraform.tfvars, or for files with the .auto.tfvars extension.

add the terraform.tfvars file to your .gitignore file and keep it out of version control.

include an example terraform.tfvars.example in your Git repository with all of the variable names recorded (but none of the values entered).

terraform apply -var-file=myvars.tfvars

Terraform allows you to keep input variable values in environment variables.

If Terraform does not find a default value for a defined variable; or a value from a .tfvars file, environment variable, or CLI flag; it will prompt you for a value before running an action

state file contains a JSON object that holds your managed infrastructure’s current state

state is a snapshot of the various attributes of your infrastructure at the time it was last modified

Some backends, like Consul, also allow for state locking. If one user is applying a state, another user will be unable to make any changes.

Terraform backends allow the user to securely store their state in a remote location, such as a key/value store like Consul, or an S3 compatible bucket storage like Minio.

at minimum the repository should be private.

MinIO is purpose-built to take full advantage of the Kubernetes architecture.

MinIO and Kubernetes work together to simplify infrastructure management, providing a way to manage object storage infrastructure within the Kubernetes toolset.  

The operator pattern extends Kubernetes's familiar declarative API model with custom resource definitions (CRDs) to perform common operations like resource orchestration, non-disruptive upgrades, cluster expansion and to maintain high-availability

The Operator uses the command set kubectl that the Kubernetes community was already familiar with and adds the kubectl minio plugin . The MinIO Operator and the MinIO kubectl plugin facilitate the deployment and management of MinIO Object Storage on Kubernetes - which is how multi-tenant object storage as a service is delivered.

choosing a leader for a distributed application without an internal member election process

The Operator Console makes Kubernetes object storage easier still. In this graphical user interface, MinIO created something so simple that anyone in the organization can create, deploy and manage object storage as a service.

The primary unit of managing MinIO on Kubernetes is the tenant.

The MinIO Operator can allocate multiple tenants within the same Kubernetes cluster.

each tenant is a cluster of server pools (independent sets of nodes with their own compute, network, and storage resources), that, while sharing the same physical infrastructure, are fully isolated from each other in their own namespaces.

Each tenant scales independently by federating clusters across geographies.