profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/paraenggu/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
Christian Affolter paraenggu Bern, Switzerland

adfinis-sygroup/base4kids2-ansible 2

Ansible roles for b4k2

adfinis-sygroup/389-directory-backup 1

389 Directory Server backup script and systemd service

hairmare/docker-rpmdev 1

docker image and some scripts for running rpmbuild et. al.

paraenggu/delicious-absurdities-overlay 1

Gentoo portage overlay with delicious and fragrant absurdities

paraenggu/raar 1

RAAR is a ruby application to manage and browse an audio archive.

adfinis-sygroup/base4kids2-keepalived-scripts 0

Keepalived notify, alerts and check scripts for Base4Kids2

hairmare/puppet-freeradius 0

Puppet module to manage FreeRADIUS

paraenggu/api-gentoo-org 0

Seed data for api.gentoo.org (this is where you create pull requests for new overlays!)

paraenggu/awesome-broadcasting 0

A curated list of amazingly awesome open source resources related to broadcast technologies

paraenggu/base4kids2-ansible 0

Ansible roles for b4k2

startedcontrolm/automation-api-community-solutions

started time in 11 days

startednick-prater/read_lw_sources

started time in 25 days

issue openedopenshift/openshift-docs

[enterprise-4.7] Issue in file networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-ingress-controller.adoc

<!-- Please submit only documentation-related issues with this form, or follow the Contribute to OpenShift guidelines (https://github.com/openshift/openshift-docs/blob/main/contributing_to_docs/contributing.adoc) to submit a PR. -->

Which section(s) is the issue in?

What needs fixing?

The section Using Ingress Controllers and routes states the following:

The Ingress Operator manages Ingress Controllers and wildcard DNS.

Using an Ingress Controller is the most common way to allow external access to an OpenShift Container Platform cluster.

An Ingress Controller is configured to accept external requests and proxy them based on the configured routes. This is limited to HTTP, HTTPS using SNI, and TLS using SNI, which is sufficient for web applications and services that work over TLS with SNI.

However, the subsequent chapters shows an example with a MySQL service, which is confusing, as one would expect an example whereas a HTTP/HTTP service will be exposed, including an explanation regarding the wildcard ingress URL an other ingress configuration possibilities.

It would be very helpful if the chapter could be adapted to provide an example with a HTTP/HTTPS service.

created time in a month

PullRequestReviewEvent

Pull request review commentadfinis-sygroup/openshift-etcd-backup

chore(openshift-etcd-backup): update solution to reflect helm chart

 Since the container needs to be privileged, add the reqired RBAC rules: oc create -f backup-rbac.yaml ``` -Then adjust storage to your needs in `backup-storage.yaml` and deploy it. The example uses NFS but you can use any storage class you want.+Then adjust storage to your needs in `backup-storage.yaml` and deploy it. The example uses NFS but you can use any storage class you want (`hostPath` or `provioning`):

yeah provisioning meaning the auto provisioning setup of your cluster, is that unclear?

The backup-storage.yaml refers to a pre-created PV/PVC, on should probably never use a dynamic provisioner to create a PV, as you need to make sure that you can access the data outside of a running cluster (in case it failed an you have to restore it). Therefor you would have to make sure, that the PV details are known in advance and won't change later on.

vmaillot

comment created time in 2 months

PullRequestReviewEvent
PullRequestReviewEvent
PullRequestReviewEvent

Pull request review commentadfinis-sygroup/openshift-etcd-backup

chore(openshift-etcd-backup): update solution to reflect helm chart

 oc edit -n etcd-backup cm/backup-config ```  The following options are used:-- `backup.subdir`: Sub directory on PVC. If it not exists it will be created.-- `backup.dirname`: Dirname of singe backup. This is a string which run trough+- `OCP_BACKUP_SUBDIR`: Sub directory on PVC. If it not exists it will be created.+- `OCP_BACKUP_DIRNAME`: Dirname of singe backup. This is a string which run trough

Typo: Dirname of singe backup

vmaillot

comment created time in 2 months

Pull request review commentadfinis-sygroup/openshift-etcd-backup

chore(openshift-etcd-backup): update solution to reflect helm chart

 oc edit -n etcd-backup cm/backup-config ```  The following options are used:-- `backup.subdir`: Sub directory on PVC. If it not exists it will be created.-- `backup.dirname`: Dirname of singe backup. This is a string which run trough+- `OCP_BACKUP_SUBDIR`: Sub directory on PVC. If it not exists it will be created.+- `OCP_BACKUP_DIRNAME`: Dirname of singe backup. This is a string which run trough [`date`](https://man7.org/linux/man-pages/man1/date.1.html)-- `backup.expiretype`:+- `OCP_BACKUP_EXPIRE_TYPE`:   - `days`: Keep backups newer than `backup.keepdays`.   - `count`: Keep a number of backups. `backup.keepcount` is used to determine how much.   - `never`: Dont expire backups, keep all of them.-- `backup.keepdays`: Days to keep the backup. Only used if `backup.expiretype` is set to `days`-- `backup.keepcount`: Number of backups to keep. Only used if `backup.expiretype` is set to `count`+- `OCP_BACKUP_KEEP_DAYS`: Days to keep the backup. Only used if `backup.expiretype` is set to `days`+- `OCP_BACKUP_KEEP_COUNT`: Number of backups to keep. Only used if `backup.expiretype` is set to `count`+- `OCP_BACKUP_UMASK`: Umask used inside the script to set proper permission on written files.

to set proper permission on written files

to set restrictive permissions on the written files, as they might contain sensitive information.

vmaillot

comment created time in 2 months

Pull request review commentadfinis-sygroup/openshift-etcd-backup

chore(openshift-etcd-backup): update solution to reflect helm chart

 oc edit -n etcd-backup cm/backup-config ```  The following options are used:-- `backup.subdir`: Sub directory on PVC. If it not exists it will be created.-- `backup.dirname`: Dirname of singe backup. This is a string which run trough+- `OCP_BACKUP_SUBDIR`: Sub directory on PVC. If it not exists it will be created.

If it not exists

If it doesn't exist [...]

vmaillot

comment created time in 2 months

Pull request review commentadfinis-sygroup/openshift-etcd-backup

chore(openshift-etcd-backup): update solution to reflect helm chart

 spec:           containers:           - command:             - /bin/sh-            - /scripts/backup.sh+            - /usr/local/bin/backup.sh             image: ghcr.io/adfinis-adsygroup/openshift-etcd-backup

Shouldn't the image originate from quay.io, as quay.io has to be allowed already to deploy OpenShift?

vmaillot

comment created time in 2 months

Pull request review commentadfinis-sygroup/openshift-etcd-backup

chore(openshift-etcd-backup): update solution to reflect helm chart

 Since the container needs to be privileged, add the reqired RBAC rules: oc create -f backup-rbac.yaml ``` -Then adjust storage to your needs in `backup-storage.yaml` and deploy it. The example uses NFS but you can use any storage class you want.+Then adjust storage to your needs in `backup-storage.yaml` and deploy it. The example uses NFS but you can use any storage class you want (`hostPath` or `provioning`):

provioning?

vmaillot

comment created time in 2 months

PullRequestReviewEvent
PullRequestReviewEvent

Pull request review commentadfinis-sygroup/helm-charts

Add openshift-etcd-backup chart

+{{- if .Values.persistence.nfs.enabled }}+apiVersion: v1+kind: PersistentVolume

@tongpu

Question: The statement that the volume mustn't be provisioned dynamically is only valid in case we're using a static NFS mount correct?

Usually we will probably have an NFS share for the etcd-backup, but it could also be another NAS-like share.

The way I recommended to implement this is to to specify the NFS volume mount directly in the pod specification (under spec.volumes), without creating a PV at all.

As long as we're able to specify the required GIDs that's fine, but aren't we limited then to NFS? @eni23 idea was that with a PV we get the flexibility to use whatever the customer provides.

because I can't yet imagine an etcd restore scenario where you have a working Kubernetes API to fetch the PV from

Exactly, that's why we need to be able to access (mount) the share outside the cluster.

vmaillot

comment created time in 3 months

PullRequestReviewEvent

Pull request review commentadfinis-sygroup/helm-charts

Add openshift-etcd-backup chart

+{{- if .Values.persistence.nfs.enabled }}+apiVersion: v1+kind: PersistentVolume

@vmaillot why is it gone?

A pre-created dedicated backup volume shall be used here. This volume mustn't be provisioned dynamically over a provisioner. The PV is needed in case of a restore, where one doesn't have a working cluster available. It is therefore crucial to know the exact volume mount information so that you can access the backup data on that volume independently.

vmaillot

comment created time in 3 months

PullRequestReviewEvent

Pull request review commentadfinis-sygroup/helm-charts

Add openshift-etcd-backup chart

+apiVersion: v2+name: openshift-etcd-backup+description: Chart for openshfit-etcd-backup solution+type: application+version: 0.1.0+appVersion: 1.0.0

if need be we can push our image to quay so it will come from the same source as the image used upstream

No, the image originates from the internal mirror registry not from quay in this case.

vmaillot

comment created time in 3 months

PullRequestReviewEvent

Pull request review commentadfinis-sygroup/helm-charts

Add openshift-etcd-backup chart

+apiVersion: v2+name: openshift-etcd-backup+description: Chart for openshfit-etcd-backup solution+type: application+version: 0.1.0+appVersion: 1.0.0

@tongpu see [https://github.com/adfinis-sygroup/helm-charts/pull/287/files#r656032602 #r656032602] for the reason behind the usage of the upstream image.

vmaillot

comment created time in 3 months

PullRequestReviewEvent
PullRequestReviewEvent

Pull request review commentadfinis-sygroup/helm-charts

Add openshift-etcd-backup chart

+# Default values for openshift-etcd-backup.+# This is a YAML-formatted file.+# Declare variables to be passed into your templates.++backup:+  # Sub directory path+  subdir: "/"+  # Directory name of single backup+  dirname: "+etcd-backup-%F-%H-%M-%S"+  # expiretype could be days (keep backups newer than backup.keepdays,+  # count (keep a number of backups with backup.keepcount),+  # never (do not expire backups, keep all of them)+  expiretype: "days"+  # retention period+  keepdays: "30"+  # count retetion if expiretype set to count+  keepcount: "10"+  # backup schedule+  schedule: "0 0 * * *"++persistence:+  # Set reclaim policy (Retain or Delete)+  reclaimPolicy: Retain+  # Define the storage size+  capacity: 10Gi+  nfs:+    # Enable nfs backend storage+    enabled: false+    # NFS server name or IP+    server: example.com+    # NFS server path+    path: "/etcd-backups"+  hostPath:+    # Enable hostPath+    enabled: true+    # hostPath existing path on host+    path: "/opt/etcd-backups"

/opt/ is probably not the best path here, use something below /mnt (in case it's temporary) or something below /var/opt/.

vmaillot

comment created time in 3 months

Pull request review commentadfinis-sygroup/helm-charts

Add openshift-etcd-backup chart

+# openshift-etcd-backup++![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square)++Chart for openshfit-etcd-backup solution

Typo: openshfit

vmaillot

comment created time in 3 months

PullRequestReviewEvent

Pull request review commentadfinis-sygroup/helm-charts

Add openshift-etcd-backup chart

 Configure cert-manager Issuers and ClusterIssuers via Helm | [infra-apps](charts/infra-apps) | Argo CD app-of-apps config for infrastructure components | ![Version: 0.x](https://img.shields.io/badge/version-0.x-brightgreen) ![App version: 0.x](https://img.shields.io/badge/app%20version-0.x-brightgreen) | | [logging-apps](charts/logging-apps) | Argo CD app-of-apps config for logging applications | ![Version: 0.x](https://img.shields.io/badge/version-0.x-brightgreen) ![App version: 0.x](https://img.shields.io/badge/app%20version-0.x-brightgreen) | | [misc-apps](charts/misc-apps) | Argo CD app-of-apps config for miscellaneous small tools | ![Version: 0.x](https://img.shields.io/badge/version-0.x-brightgreen) ![App version: 0.x](https://img.shields.io/badge/app%20version-0.x-brightgreen) |+| [openshift-etcd-backup](charts/openshift-etcd-backup) | Chart for openshfit-etcd-backup solution | ![Version: 0.x](https://img.shields.io/badge/version-0.x-brightgreen) ![App version: 1.0.x](https://img.shields.io/badge/app%20version-1.0.x-brightgreen) |

Typo: openshfit -> openshift

vmaillot

comment created time in 3 months

PullRequestReviewEvent

Pull request review commentadfinis-sygroup/helm-charts

Add openshift-etcd-backup chart

+# Default values for openshift-etcd-backup.+# This is a YAML-formatted file.+# Declare variables to be passed into your templates.++backup:+  # Sub directory path+  subdir: "/"+  # Directory name of single backup+  dirname: "+etcd-backup-%F-%H-%M-%S"+  # expiretype could be days (keep backups newer than backup.keepdays,+  # count (keep a number of backups with backup.keepcount),+  # never (do not expire backups, keep all of them)+  expiretype: "days"+  # retention period+  keepdays: "30"+  # count retetion if expiretype set to count+  keepcount: "10"+  # backup schedule+  schedule: "0 0 * * *"++persistence:+  # Set reclaim policy (Retain or Delete)+  reclaimPolicy: Retain+  # Define the storage size+  capacity: 10Gi+  nfs:+    # Enable nfs backend storage+    enabled: false+    # NFS server name or IP+    server: example.com+    # NFS server path+    path: "/etcd-backups"+  hostPath:+    # Enable hostPath+    enabled: true+    # hostPath existing path on host+    path: "/opt/etcd-backups"+  provisionned:+    # Enable provisionned backend storage with default or overrided storageClass+    enabled: false+    storageClass: ""++image:+  # change repository value below with the result of the following command+  # `oc adm release info --image-for=tools | cut -d: -f1`+  repository: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256

The idea here was to use an image which is always available, especially while running in restricted environments where the images are served by a mirror registry with limitations on what can be pulled-in.

vmaillot

comment created time in 3 months