Condensed annotations doc
# INGRESS GROUP
alb.ingress.kubernetes.io/group.name: my-group
# [-1000,1000] default 0, not sure who has priority: bigger or smaller?
alb.ingress.kubernetes.io/group.order:
# TRAFFIC LISTENING
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
#Once defined on a single Ingress, it impacts every Ingress within IngressGroup.
alb.ingress.kubernetes.io/ssl-redirect: '443'
# TAFFIC ROUTING
alb.ingress.kubernetes.io/load-balancer-name: custom-name
alb.ingress.kubernetes.io/target-type: ip
# protocol to reach backend HTTP, HTTPS
alb.ingress.kubernetes.io/backend-protocol: HTTP
# protocol version to reach backend : HTTP1 (default) or GRPC or HTTP2
alb.ingress.kubernetes.io/backend-protocol-version: HTTP1
# can use subnetName tag!
alb.ingress.kubernetes.io/subnets: subnet-name-a, subnet-name-b, subnet-name-c
# ACCESS CONTROL
# internal or internet-facing
alb.ingress.kubernetes.io/scheme: internal
# When this annotation is not present, the controller will automatically create one security group
# we can use sg name!
alb.ingress.kubernetes.io/security-groups: nameOfSg1, nameOfSg2
# AUTHENTICATION (oidc)
alb.ingress.kubernetes.io/auth-type: oidc
alb.ingress.kubernetes.io/auth-idp-oidc: '{"issuer":"https://example.com","authorizationEndpoint":"https://authorization.example.com","tokenEndpoint":"https://token.example.com","userInfoEndpoint":"https://userinfo.example.com","secretName":"my-k8s-secret"}'
alb.ingress.kubernetes.io/auth-on-unauthenticated-request: authenticate
alb.ingress.kubernetes.io/auth-session-timeout: '86400'
alb.ingress.kubernetes.io/auth-session-cookie: auth-service-a
# HEALTH CHECK
alb.ingress.kubernetes.io/healthcheck-protocol: HTTP
alb.ingress.kubernetes.io/healthcheck-path: /ping
# The range is 5-300. Default to 30
alb.ingress.kubernetes.io/healthcheck-interval-seconds: 5
# The range is 2–120 seconds, default to 6
alb.ingress.kubernetes.io/healthcheck-timeout-seconds: 2
# The range is 2-10. Defaults to 3.
alb.ingress.kubernetes.io/healthy-threshold-count: 2
# The range is 2-10. Defaults to 3.
alb.ingress.kubernetes.io/unhealthy-threshold-count: 2
# TLS
# can be discovered automatically see https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.13/guide/ingress/cert_discovery/
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-west-2:xxxxx:certificate/xxxxxxx
# CUSTOM
# enable access log to s3
alb.ingress.kubernetes.io/load-balancer-attributes: access_logs.s3.enabled=true,access_logs.s3.bucket=my-access-log-bucket,access_logs.s3.prefix=my-app
# enable http2 support
alb.ingress.kubernetes.io/load-balancer-attributes: routing.http2.enabled=true
Main Ingress example
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: shared-ingress-a
namespace: default
annotations:
# Ingress group
alb.ingress.kubernetes.io/group.name: shared-ingress-a
# Traffic Listening
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
alb.ingress.kubernetes.io/ssl-redirect: '443'
# Traffic routing
alb.ingress.kubernetes.io/load-balancer-name: shared-ingress-a
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/subnets: subnet-name-a, subnet-name-b, subnet-name-c
# Access control
alb.ingress.kubernetes.io/scheme: internal
alb.ingress.kubernetes.io/security-groups: nameOfSg1, nameOfSg2
# Health check
alb.ingress.kubernetes.io/healthcheck-protocol: HTTP
alb.ingress.kubernetes.io/healthcheck-path: /ping
alb.ingress.kubernetes.io/healthcheck-interval-seconds: 5
alb.ingress.kubernetes.io/healthcheck-timeout-seconds: 2
alb.ingress.kubernetes.io/healthy-threshold-count: 2
alb.ingress.kubernetes.io/unhealthy-threshold-count: 2
# TLS => should be autodiscovered
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-west-2:xxxxx:certificate/xxxxxxx
spec:
ingressClassName: alb
Child Ingress example
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-service-a
namespace: my-service-a
annotations:
alb.ingress.kubernetes.io/group.name: shared-ingress-a
alb.ingress.kubernetes.io/group.order:
spec:
ingressClassName: alb
rules:
- host: my-service-a.example.com
http:
paths:
- path: /*
pathType: ImplementationSpecific
backend:
service:
name: "my-service-a"
port:
number: 80
To replace pushbullet on iphone
If you created a presigned URL by using a temporary token, then the URL expires when the token expires, even if you created the URL with a later expiration time. For more information about how the credentials you use affect the expiration time, see Who can create a presigned URL.
So you have to use regular IAM user instead of IAM role for service generating presigned urls..? :-/
https://github.com/go-delve/delve
Delve is a debugger for the Go programming language. The goal of the project is to provide a simple, full featured debugging tool for Go. Delve should be easy to invoke and easy to use. Chances are if you're using a debugger, things aren't going your way. With that in mind, Delve should stay out of your way as much as possible.
This is very different compared to Python and Java! It's another way of thinking to get use to
With this app you can get a yearly view of your google calendars
helm ls -aA
helm history <release>
helm rollback <release> <revision>
pending-upgrade
via martinho
I had no idea such cache exists, very interesting!