caspereeko | 8 years ago | on: Docker vs. Kubernetes vs. Mesos
caspereeko's comments
caspereeko | 8 years ago | on: Docker vs. Kubernetes vs. Mesos
I would like to share my personal experience running Meoss.
I have been using Pure Mesos setup, without DC/OS for 2.5 years.
We have the following infra features.:
- 120 micro-services running using marathon.
- 10 batch jobs running using Chronos.
- So far, everything is reliable and no downtime.
- We have Ip-Per-Task enabled with Project Calico.
- We have Public, Private, and IP Access-list enabled per container using Nginx and ELBs.
- The max number of containers we ran on the cluster so far is 3620 containers.
- We have detailed graphs monitoring per-container generated automatically.
- We have (slack #alerts) alerting enabled.
- We have secrets store using vault.
In the end we had to use (Mesos, Marathon, Chronos, Vault, Consul, Nginx, Calico, ELK, TICK.) on AWS.
The thing is, We had to configure these things to work together nicely so it is not out-of-the-box solution. Even though we haven't used Kubernetes yet, we are not religious to Mesos.
But at the moment, it seems we have everything we need and the team is happy with the current setup.
caspereeko | 9 years ago | on: Service Discovery for a microservice with multiple ports
So all services needs to talk to consul DNS to resolve these names, right?
How would you expose for example mqtt to public internet-facing in this case?
caspereeko | 9 years ago | on: How to Setup a Secure VPN Server on Raspberry Pi or DigitalOcean
You can check oh-my-vpn to setup openvpn server in a oneliner command. https://github.com/alaa/oh-my-vpn
caspereeko | 9 years ago | on: Show HN: Use Ansible to Run a “friends and Family” OpenVPN Server on Digital Ocean
You can also use Oh-My-VPN to install OpenVPN with a one-liner. https://github.com/alaa/oh-my-vpn
caspereeko | 9 years ago | on: Ask HN: Anonymous person sent proof of SSH access to our production server
Why would you have and production system exposing SSH to the public?
If you must, at least do these steps:
- Disable password SSH login - Install root kit scanner, like rkhunter and check if your networked systems are infected. s/he might gained access to other instances in your infra. - Use port scanning on all your instances and check if there is any suspecious rpc port is open that you are not familiar wtih. - Enable unattended security upgrades. - Check for the vulnerabilities listings for your internet facing services, like nginx, apache, HAproxy, etc.. - forward all your syslog logs to remote system so the attacker can't cleanup her/her traces after establishing the attack. - enable automatic blockers like fail2ban.
caspereeko | 10 years ago | on: Elasticsearch: The Definitive Guide
I was about the hit the purchase button!, thanks :D
caspereeko | 10 years ago | on: Tell HN: Commercial VPN service now in open source
You can use oh-my-vpn to setup shared VPN server with your friends. https://github.com/alaa/oh-my-vpn
caspereeko | 11 years ago | on: Oh-my-vpn
This is very similar, except it is automoated so no one have to do the steps each time someone wants to configure openVPN server quicky.
caspereeko | 11 years ago | on: Oh-my-vpn
I don't know dockvpn, but actually i am about to build dockerized package too, Since oh-my-vpn is built with chef, provisioning container should not be a problem.
caspereeko | 11 years ago | on: Oh-my-vpn
Install chef-client: https://www.chef.io/download-chef-client/ which actually generates the same one-liner scirpt I used, except for opscode.com domain instead of chef.io, if you run `diff` on both script they are identical with only different domain name.
Please submit your pull req and i will be happy to add your changes.
page 1
- to deploy on demand staging or QA environment including its dependencies.
- allow service/infra devs to try services quickly without the need to use Terraform or to buy expensive instances in the first stage of the development.