Sometimes linkerd get some errors of AccessDenied in linkerd-proxy container inside a kubernetes injected pod. In order to fix this, run the following script:
for deploy1 in $(kubectl get deploy -n linkerd -oname); do
echo ${deploy1}
kubectl rollout restart ${deploy1} -n linkerd
done
Thanks to kr3cj to send his life saver troubleshoot in this issue
$KEYCLOAK_HOME/bin/jboss-cli.sh -c
/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheThemes,value=false)
/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheTemplates,value=false)
/subsystem=keycloak-server/theme=defaults/:write-attribute(name=staticMaxAge,value=-1)
reload
ldapsearch -D "CN=myuser,CN=Users,DC=example,DC=net" -w mypassword -H "ldap://myserver.example.com:389" -b "OU=mycompany,CN=Users,DC=example,DC=net" -s sub "CN=myuser"
ldapsearch -D "CN=myuser,CN=Users,DC=example,DC=net" -w mypassword -H "ldaps://myserver.example.com:636" -b "OU=mycompany,CN=Users,DC=example,DC=net" -Z -s sub "CN=myuser"
Reference: https://linux.die.net/man/1/ldapsearch
If ldapsearch return the following error:
ldap_start_tls: Can't contact LDAP server (-1)
additional info: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (unable to get local issuer certificate)
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Then edit /etc/openldap/ldap.conf or /etc/ldap/ldap.conf and add these lines:
HOST myserver.example.com
PORT 636
TLS_REQCERT never
First of all, close all windows, players, pavucontrol and any application that uses audio, then change to the profile you want with the following command:
#get the profile you selected in pulseaudio volume control
pacmd list-cards | grep 'active profile'
Then get the card you want:
pacmd list-cards | grep 'active profile'
Then sudo vim /etc/pulse/default.pa and add the following line
# set-card-profile
# example:
set-card-profile alsa_card.pci-0000_00_1f.3 output:analog-stereo+input:analog-stereo
Finally comment the problematic line:
#load-module module-switch-on-port-available
Save the file and restart pulse audio with
systemctl --user restart pulseaudio
For example:
version: '3.2'
services:
my-nginx:
image: nginx:stable-alpine
ports:
- "8000:80"
deploy:
resources:
limits:
cpus: '0.1'
memory: 50M
Then run it with the following:
docker-compose -f nginx-limited.yml --compatibility up
[mysqld]
local-infile=0
max_connections = 600
max_user_connections=1000
key_buffer_size = 512M
myisam_sort_buffer_size = 64M
read_buffer_size = 1M
table_open_cache = 5000
thread_cache_size = 384
wait_timeout = 20
connect_timeout = 10
tmp_table_size = 256M
max_heap_table_size = 128M
max_allowed_packet = 64M
net_buffer_length = 16384
max_connect_errors = 10
concurrent_insert = 2
read_rnd_buffer_size = 786432
bulk_insert_buffer_size = 8M
query_cache_limit = 5M
query_cache_size = 128M
query_cache_type = 1
query_prealloc_size = 262144
query_alloc_block_size = 65535
transaction_alloc_block_size = 8192
transaction_prealloc_size = 4096
max_write_lock_count = 8
slow_query_log
log-error
external-locking=FALSE
open_files_limit=50000
[mysqld_safe]
[mysqldump]
quick
max_allowed_packet = 16M
[isamchk]
key_buffer = 384M
sort_buffer = 384M
read_buffer = 256M
write_buffer = 256M
[myisamchk]
key_buffer = 384M
sort_buffer = 384M
read_buffer = 256M
write_buffer = 256M
#### Per connection configuration ####
sort_buffer_size = 1M
join_buffer_size = 1M
thread_stack = 192K
outro link: https://mariadb.com/kb/en/configuring-mariadb-for-optimal-performance/
cat chave | base64 | tr -d '\n' | cat - > chave.b64
cat chave.pub | base64 | tr -d '\n' | cat - > chave.pub.b64
openssl genrsa -out prod.publicKey.pem
openssl pkcs8 -topk8 -inform PEM -in prod.publicKey.pem -out prod.privateKey.pem -nocrypt
openssl rsa -in prod.publicKey.pem -pubout -outform PEM -out prod.publicKey.pem
#Take a backup of the ETCD if it's hosting the ETCD. You can use the in-built command to backup the data like
ETCDCTL_API=3 etcdctl --endpoints=https://[127.0.0.1]:2379 --cacert=/etc/kubernetes/pki/etcd/ca.crt \
--cert=/etc/kubernetes/pki/etcd/server.crt --key=/etc/kubernetes/pki/etcd/server.key \
snapshot save /tmp/snapshot-pre-boot.db
#Now drain the node using
kubectl drain <master01>
#Do the System update | patches and reboot.
#Now uncordon the node back to the cluster
kubectl uncordon <master01>
location /resource {
proxy_cookie_path ~^/(.+)$ "/$1; SameSite=none; Secure; " #this will do the trick
proxy_pass http://your_endpoint:1234/resource;
}
Now your ships are burned and your server will tamper your cookies with the above values.