DEV Community: Ahmad Bayhaqi The latest articles on DEV Community by Ahmad Bayhaqi (@kyuubang). https://dev.to/kyuubang https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1023996%2Fc3445c17-9f65-4360-a5f4-6cddf3ee18d2.png DEV Community: Ahmad Bayhaqi https://dev.to/kyuubang en What Docker Image Tag Should You Actually Use? Ahmad Bayhaqi Tue, 25 Nov 2025 07:15:59 +0000 https://dev.to/kyuubang/what-docker-image-tag-should-you-actually-use-f4 https://dev.to/kyuubang/what-docker-image-tag-should-you-actually-use-f4 <p>I’ve been working with containerized applications for a while, and one thing that always confused me in the beginning was Docker image tagging.<br> Nobody explained it properly.</p> <p>I just followed whatever the team did, pushed images, and hoped things worked.</p> <p>But over time.. especially when handling multi-tenant apps, shared registries, and too many deployments. I started to see how bad tagging decisions can <strong>break everything</strong>.</p> <p>So here’s my experience and what I learned the hard way.</p> <p>The moment I realized “latest” is a trap</p> <p>When I first started using Docker, I thought:</p> <blockquote> <p>“Ah, just push it with latest. Simple.”</p> </blockquote> <p>Until one day, a tenant’s production environment suddenly rolled back to a previous version.<br> Why?</p> <p>Because someone else on the team pushed a new image with the same latest tag. The registry replaced it silently. The cluster pulled it automatically. Chaos.</p> <p>That’s the moment I understood:</p> <ul> <li>latest is not a version</li> <li>latest is not safe</li> <li>latest will eventually hurt you</li> </ul> <p>But I didn’t stop there. I kept experimenting with different tagging styles.</p> <h2> The Semantic Versioning Phase </h2> <p>After the latest catastrophe, we switched to semantic versioning:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>v1.2.3 v1.2.4 v1.3.0 </code></pre> </div> <p>And honestly... it felt clean.</p> <p>Every release had a meaning.</p> <p>We knew which version fixed what.</p> <p>Rollback was easy — just redeploy the previous version.</p> <p>But then reality hit:</p> <ul> <li>My team was not disciplined enough.</li> <li>People forgot to update the version.</li> <li>Someone tagged two different builds with the same version.</li> <li>And sometimes we just wanted to test something quickly, but bumping semantic version felt “too heavy”.</li> </ul> <p>Semantic versioning worked well for production, but not so much for day-to-day development.</p> <h2> Branch-Based Tagging: Easy but Dangerous </h2> <p>Then we tried a simpler approach:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>dev staging production </code></pre> </div> <p>It felt nice.</p> <p>Our CI/CD pipeline was clean.</p> <p>Each environment had its own tag.</p> <p>But later, when our application grew into a multi-tenant product, things got messy.</p> <p>Imagine this scenario:</p> <ul> <li>Tenant A and Tenant B both use development tag</li> <li>You push a new feature for Tenant A</li> <li>Cluster for Tenant B also pulls the new development image (because it’s the same tag)</li> <li>Tenant B breaks</li> </ul> <p>This happened to us more times than I’m proud of.<br> And again, older images became “untagged” when new ones reused the same tag.</p> <p>No trace.<br> git-revert rollback.<br> I knew we needed something safer. </p> <h2> Finally: Branch + Commit Hash </h2> <p>This was the game changer.<br> Instead of just development, we started tagging like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>development-a1b2c3d development-f39e2a1 production-c41e162 </code></pre> </div> <p>Just 7 characters of the commit hash, unique, simple, and enough to avoid collisions.</p> <p>Suddenly:</p> <ul> <li>Every image had a unique identity</li> <li>Rollbacks became extremely easy</li> <li>Multi-tenant setup was safe</li> <li>Nothing accidentally overwrote something else</li> </ul> <p>The only downside?!</p> <p>Registry will populate a lot of different tags</p> <p>Our container registry filled up fast.<br> We had to implement retention policies.</p> <p>But honestly, compared to breaking tenants?</p> <p>I will happily pay for storage.<br> This tagging style solved everything semantic versioning and branch tagging couldn’t.</p> <h2> So what do I actually recommend? </h2> <p>From my own experience,</p> <p>For development:<br> Use branch + commit hash</p> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>development-7f92c3a </code></pre> </div> <p>It keeps things safe, traceable, and rollback-friendly. cover frequently changes on development.</p> <blockquote> <p>Tips<br> keep <code>latest</code> image (e.g. <code>development-latest</code>). you may push alternative tag on single commit. <br> dont worry it doesn't take your storage, just tag. it will help you to trace which latest tag quickly</p> </blockquote> <p>For production:<br> Use semantic versioning</p> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>v1.4.0 </code></pre> </div> <p>Clean, stable, professional.</p> <p>For personal or hobby projects:<br> Just use <code>latest</code> or <code>dev</code>.<br> No need to over-engineer.</p> docker kubernetes Azure: How to Configure SSL Using Cert-Manager with (AGIC) Application Gateway Ingress Controller Ahmad Bayhaqi Mon, 03 Apr 2023 06:10:25 +0000 https://dev.to/kyuubang/azure-how-to-configure-ssl-using-cert-manager-with-agic-application-gateway-ingress-controller-3l8p https://dev.to/kyuubang/azure-how-to-configure-ssl-using-cert-manager-with-agic-application-gateway-ingress-controller-3l8p <p>Kubernetes has a lot of support and open-source tools to contribute to the cloud-native project. one of the scopes is the ingress, k8s has a support ingress, you might concern nginx ingress that a very famous ingress in k8s. azure has ingress to work well with an azure cloud environment, that is Application Gateway. The Application Gateway Ingress Controller allows <a href="https://azure.microsoft.com/en-us/services/application-gateway/" rel="noopener noreferrer">Azure Application Gateway</a> to be used as the ingress for an <a href="https://azure.microsoft.com/en-us/services/kubernetes-service/" rel="noopener noreferrer">Azure Kubernetes Service</a> aka AKS cluster.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0enwbzigq2vb0aeujl1q.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0enwbzigq2vb0aeujl1q.jpg" alt="banner" width="800" height="403"></a></p> <p>In this guide, you'll learn how to configure Secure HTTP with Cert-Manager and AGIC. Before getting starting you should have the following requirements.</p> <ul> <li>AKS Cluster</li> <li>Azure Subscriptions</li> <li>kubectl installed on your local machine</li> </ul> <h3> Step 1 -- Create application gateway </h3> <p>Create public ip to used by application gateway as front end IP.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>az network public-ip create <span class="nt">-n</span> myPublicIp <span class="nt">-g</span> myResourceGroup <span class="nt">--allocation-method</span> Static <span class="nt">--sku</span> Standard </code></pre> </div> <p>Create new subnet within AKS vnet.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>az network vnet subnet create <span class="nt">-g</span> MyResourceGroup <span class="nt">--vnet-name</span> MyVnet <span class="nt">-n</span> MySubnet <span class="nt">--address-prefixes</span> 10.226.0.0/24 </code></pre> </div> <p>Create Application gateway within AKS vnet, with different subnet. this guide you will create application gateway with Tier Standard, which is isn't act as WAF.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>az network application-gateway create <span class="nt">-n</span> myApplicationGateway <span class="nt">-l</span> eastus <span class="nt">-g</span> myResourceGroup <span class="nt">--sku</span> Standard_v2 <span class="nt">--public-ip-address</span> myPublicIp <span class="nt">--vnet-name</span> myVnet <span class="nt">--subnet</span> mySubnet <span class="nt">--priority</span> 100 </code></pre> </div> <h3> Step 2 -- Enable add-ons to AKS </h3> <p>after success create app gateway, you need to enable the application gateway with AKS cluster,<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">appgwId</span><span class="o">=</span><span class="si">$(</span>az network application-gateway show <span class="nt">-n</span> myApplicationGateway <span class="nt">-g</span> myResourceGroup <span class="nt">-o</span> tsv <span class="nt">--query</span> <span class="s2">"id"</span><span class="si">)</span> az aks enable-addons <span class="nt">-n</span> myCluster <span class="nt">-g</span> myResourceGroup <span class="nt">-a</span> ingress-appgw <span class="nt">--appgw-id</span> <span class="nv">$appgwId</span> </code></pre> </div> <h3> Step 2 -- Deploy sample app </h3> <p>Create deployment and service app, you will deploy sample HTML 5 game.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">apps/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Deployment</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">clumsy-bird</span> <span class="na">name</span><span class="pi">:</span> <span class="s">clumsy-bird</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">clumsy-bird</span> <span class="na">replicas</span><span class="pi">:</span> <span class="m">2</span> <span class="na">template</span><span class="pi">:</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">clumsy-bird</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">clumsy-bird</span> <span class="na">image</span><span class="pi">:</span> <span class="s">bayhaqisptr/clumsy-bird:latest</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">8001</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Service</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">clumsy-service</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">run</span><span class="pi">:</span> <span class="s">clumsy-service</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">ClusterIp</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">port</span><span class="pi">:</span> <span class="m">8001</span> <span class="na">protocol</span><span class="pi">:</span> <span class="s">TCP</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">clumsy-bird</span> </code></pre> </div> <h3> Step 3 -- Create Ingress </h3> <p>Create ingress, you might notice the annotations <code>kubernetes.io/ingress.class</code> make sure its use <code>azure/application-gateway</code> to tell AKS to use application gateway as Ingress.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">networking.k8s.io/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Ingress</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">clumsy-agic</span> <span class="na">annotations</span><span class="pi">:</span> <span class="na">kubernetes.io/ingress.class</span><span class="pi">:</span> <span class="s">azure/application-gateway</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">tls</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">hosts</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">appgw-test.example.test</span> <span class="na">secretName</span><span class="pi">:</span> <span class="s">clumsy-tls</span> <span class="na">rules</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">host</span><span class="pi">:</span> <span class="s">appgw-test.example.test</span> <span class="na">http</span><span class="pi">:</span> <span class="na">paths</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/</span> <span class="na">pathType</span><span class="pi">:</span> <span class="s">Prefix</span> <span class="na">backend</span><span class="pi">:</span> <span class="na">service</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">clumsy-service</span> <span class="na">port</span><span class="pi">:</span> <span class="na">number</span><span class="pi">:</span> <span class="m">8001</span> </code></pre> </div> <h3> Step 4 -- Create Issuer (Staging) </h3> <p>Create Issuer staging with Let's Encrypt with cert-manager<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">cert-manager.io/v1</span> <span class="s">kind</span><span class="err">:</span> <span class="s">Issuer</span> <span class="s">metadata</span><span class="err">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">letsencrypt-staging</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">acme</span><span class="pi">:</span> <span class="c1"># The ACME server URL</span> <span class="na">server</span><span class="pi">:</span> <span class="s">https://acme-staging-v02.api.letsencrypt.org/directory</span> <span class="c1"># Email address used for ACME registration</span> <span class="na">email</span><span class="pi">:</span> <span class="s">user@example.com</span> <span class="c1"># Name of a secret used to store the ACME account private key</span> <span class="na">privateKeySecretRef</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">letsencrypt-staging</span> <span class="c1"># Enable the HTTP-01 challenge provider</span> <span class="na">solvers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">http01</span><span class="pi">:</span> <span class="na">ingress</span><span class="pi">:</span> <span class="na">class</span><span class="pi">:</span> <span class="s">azure/application-gateway</span> </code></pre> </div> <h3> Step 5 -- Create Issuer (Prod) </h3> <p>Create Issuer staging with Let's Encrypt with cert-manager<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">cert-manager.io/v1</span> <span class="s">kind</span><span class="err">:</span> <span class="s">Issuer</span> <span class="s">metadata</span><span class="err">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">letsencrypt-prod</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">acme</span><span class="pi">:</span> <span class="c1"># The ACME server URL</span> <span class="na">server</span><span class="pi">:</span> <span class="s">https://acme-v02.api.letsencrypt.org/directory</span> <span class="c1"># Email address used for ACME registration</span> <span class="na">email</span><span class="pi">:</span> <span class="s">user@example.com</span> <span class="c1"># Name of a secret used to store the ACME account private key</span> <span class="na">privateKeySecretRef</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">letsencrypt-prod</span> <span class="c1"># Enable the HTTP-01 challenge provider</span> <span class="na">solvers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">http01</span><span class="pi">:</span> <span class="na">ingress</span><span class="pi">:</span> <span class="na">class</span><span class="pi">:</span> <span class="s">azure/application-gateway</span> </code></pre> </div> <h3> Step 6 -- Ingress TLS </h3> <p>after success create issuer with cert-manager, you can enable https connection to handle acme challenge.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">networking.k8s.io/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Ingress</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">mokita-agic</span> <span class="na">annotations</span><span class="pi">:</span> <span class="na">kubernetes.io/ingress.class</span><span class="pi">:</span> <span class="s">azure/application-gateway</span> <span class="na">cert-manager.io/issuer</span><span class="pi">:</span> <span class="s">letsencrypt-prod-agic</span> <span class="na">cert-manager.io/acme-challenge-type</span><span class="pi">:</span> <span class="s">http01</span> <span class="na">acme.cert-manager.io/http01-edit-in-place</span><span class="pi">:</span> <span class="s2">"</span><span class="s">true"</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">tls</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">hosts</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">appgw-test-16769.southeastasia.cloudapp.azure.com</span> <span class="na">secretName</span><span class="pi">:</span> <span class="s">mokita-agic</span> <span class="na">rules</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">host</span><span class="pi">:</span> <span class="s">appgw-test-16769.southeastasia.cloudapp.azure.com</span> <span class="na">http</span><span class="pi">:</span> <span class="na">paths</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/</span> <span class="na">pathType</span><span class="pi">:</span> <span class="s">Prefix</span> <span class="na">backend</span><span class="pi">:</span> <span class="na">service</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">mokita-service</span> <span class="na">port</span><span class="pi">:</span> <span class="na">number</span><span class="pi">:</span> <span class="m">80</span> </code></pre> </div> <h3> Conclusion </h3> <p>In Cloud Native world has many project available to explore. for example k8s has many ingress support to use, link nginx ingress, ingress nginx, kong, agic, etc.</p> <p>This guide cover some step to configure let's encrypt with agic ingress</p> <ul> <li><a href="https://azure.github.io/application-gateway-kubernetes-ingress/" rel="noopener noreferrer">https://azure.github.io/application-gateway-kubernetes-ingress/</a></li> <li><a href="https://cert-manager.io/docs/tutorials/acme/nginx-ingress/" rel="noopener noreferrer">https://cert-manager.io/docs/tutorials/acme/nginx-ingress/</a></li> </ul> azure kubernetes cloudnative Rolling update in Kubernetes Ahmad Bayhaqi Wed, 15 Feb 2023 08:42:07 +0000 https://dev.to/kyuubang/rolling-update-in-kubernetes-1oj0 https://dev.to/kyuubang/rolling-update-in-kubernetes-1oj0 <p>Rolling Update is a way of updating your application running in Kubernetes without causing downtime. It gradually replaces the old version with the new version one by one, so that users can still access the application while the update is happening. This makes updates more reliable and easier to manage, and helps ensure that your application remains available and responsive to users.</p> <h3> Step 1 -- Create deployment and Service </h3> <p>create file named rolling-app.yaml<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="s">cat &gt; rolling-app.yaml &lt;&lt; EOF</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">apps/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Deployment</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">my-app</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">rolling</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">replicas</span><span class="pi">:</span> <span class="m">5</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">my-app</span> <span class="na">template</span><span class="pi">:</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">my-app</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">nginx</span> <span class="na">image</span><span class="pi">:</span> <span class="s">bayhaqisptr/nginx-canary:v1</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">http</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">80</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">requests</span><span class="pi">:</span> <span class="na">cpu</span><span class="pi">:</span> <span class="s">100m</span> <span class="na">memory</span><span class="pi">:</span> <span class="s">50Mi</span> <span class="na">limits</span><span class="pi">:</span> <span class="na">cpu</span><span class="pi">:</span> <span class="s">200m</span> <span class="na">memory</span><span class="pi">:</span> <span class="s">100Mi</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Service</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">my-app</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">rolling</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">my-app</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">NodePort</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">http</span> <span class="na">port</span><span class="pi">:</span> <span class="m">80</span> <span class="na">targetPort</span><span class="pi">:</span> <span class="s">http</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">my-app</span> <span class="s">EOF</span> </code></pre> </div> <p>Create namespace <code>rolling</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl create ns rolling </code></pre> </div> <p>and apply <code>rolling-app.yaml</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl apply <span class="nt">-f</span> rolling-app.yaml </code></pre> </div> <h3> Step 2 -- Set image with another version tag </h3> <p>use command <code>kubectl set image</code> to set image in existing deployment<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl <span class="nb">set </span>image deployment.v1.apps/my-app my-app<span class="o">=</span>bayhaqisptr/nginx-canary:v2 </code></pre> </div> <p>see rollout status with following command<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl rollout status deployments/my-app </code></pre> </div> <p>show available changes that made<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>➜ rolling kubectl rollout <span class="nb">history </span>deployment.apps/my-app <span class="nt">-n</span> rolling deployment.apps/my-app REVISION CHANGE-CAUSE 2 &lt;none&gt; 3 &lt;none&gt; </code></pre> </div> <p>check service will be responses with version 2</p> <p>access app with node ip and node port has been created<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>➜ curl 172.23.0.5:31374 &lt;html&gt; &lt;h1&gt;Hello World!&lt;/h1&gt; &lt;p&gt;This is version 2&lt;/p&gt; &lt;/html&gt; </code></pre> </div> <h3> Step 3 -- Rollback deployment </h3> <p>rolling back to one previous version<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl rolling undo deployment/my-app </code></pre> </div> <p>rolling back to specific revisions<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl rolling undo deployment/my-app <span class="nt">--revision</span><span class="o">=</span>2 </code></pre> </div> kubernetes deployment How to recreate MONs out of quorum on Ceph Ahmad Bayhaqi Fri, 10 Feb 2023 03:16:41 +0000 https://dev.to/kyuubang/how-to-recreate-mons-out-of-quorum-on-ceph-1ic6 https://dev.to/kyuubang/how-to-recreate-mons-out-of-quorum-on-ceph-1ic6 <p>MONs are recommended to ensure fault tolerance and maintainability. If a cluster's MONs cannot form a quorum, which happens if not enough of the provisioned MONs are up, then new clients won't be able to connect to the system.</p> <p>quorum is fundamental to all consensus algorithms that are designed to<br> access information in a fault-tolerant distributed system. Minimum number of votes achieve consensus among a set of nodes called quorum.</p> <p>Sometime you had Ceph MONs are down, and return <code>out of quorum</code> status. This tutorial you will learn How to recreate MON daemon on Ceph.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyyew56m23b7dalkaw673.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyyew56m23b7dalkaw673.png" alt="preview" width="800" height="276"></a></p> <h3> Step 1 -- Remove MONs </h3> <p>first step you need to see the status of cluster. based on the information below, you have 1/3 mons down, and return <code>out of quorum</code> status and everything else is safe.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>ceph status cluster: <span class="nb">id</span>: 4664a822-3fac-11ed-b14c-5bcb09093cfa health: HEALTH_WARN 1/3 mons down, quorum pod-bayhaqisptr04-ceph1,pod-bayhaqisptr04-ceph2 services: mon: 3 daemons, quorum pod-bayhaqisptr04-ceph1,pod-bayhaqisptr04-ceph2 <span class="o">(</span>age 0.343641s<span class="o">)</span>, out of quorum: pod-bayhaqisptr04-ceph3 mgr: pod-bayhaqisptr04-ceph1.ufgzyk<span class="o">(</span>active, since 3d<span class="o">)</span>, standbys: pod-bayhaqisptr04-ceph2.qcmvuo osd: 6 osds: 6 up <span class="o">(</span>since 117m<span class="o">)</span>, 6 <span class="k">in</span> <span class="o">(</span>since 117m<span class="o">)</span> data: pools: 1 pools, 1 pgs objects: 2 objects, 449 KiB usage: 105 MiB used, 30 GiB / 30 GiB avail pgs: 1 active+clean </code></pre> </div> <p>you should remove mon from the ceph cluster. you can type with command below.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>ceph mon remove pod-bayhaqisptr04-ceph3 </code></pre> </div> <blockquote> <p><strong>Info</strong></p> <p>ID of MONs is ussually the host name that are provisioned daemon.</p> </blockquote> <p>after successful remove mon from cluster you need check again health. The Health will be OK. Because no one MONs down, you already remove it. health are OK but MON decrease 2 daemon in cluster<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>ceph status cluster: <span class="nb">id</span>: 4664a822-3fac-11ed-b14c-5bcb09093cfa health: HEALTH_OK services: mon: 2 daemons, quorum pod-bayhaqisptr04-ceph1,pod-bayhaqisptr04-ceph2 <span class="o">(</span>age 3s<span class="o">)</span> mgr: pod-bayhaqisptr04-ceph1.ufgzyk<span class="o">(</span>active, since 3d<span class="o">)</span>, standbys: pod-bayhaqisptr04-ceph2.qcmvuo osd: 6 osds: 6 up <span class="o">(</span>since 2h<span class="o">)</span>, 6 <span class="k">in</span> <span class="o">(</span>since 2h<span class="o">)</span> data: pools: 1 pools, 1 pgs objects: 2 objects, 449 KiB usage: 105 MiB used, 30 GiB / 30 GiB avail pgs: 1 active+clean </code></pre> </div> <h3> Step 2 -- Make sure daemon are removed on Node </h3> <p>MONs might removed from cluster, but what about the Node itself? you need to checkout to host.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>ssh ceph3 <span class="nv">$ </span><span class="nb">sudo </span>cephadm <span class="nb">ls</span> | <span class="nb">grep </span>mon <span class="s2">"name"</span>: <span class="s2">"mon.pod-bayhaqisptr04-ceph3"</span>, <span class="s2">"systemd_unit"</span>: <span class="s2">"ceph-4664a822-3fac-11ed-b14c-5bcb09093cfa@mon.pod-bayhaqisptr04-ceph3"</span>, <span class="s2">"service_name"</span>: <span class="s2">"mon"</span>, </code></pre> </div> <p>if you see like this output that means daemon was stopped but daemon still registered on cephadm host. to remove it you can use rm-daemon subcommand on cephadm.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>cephadm rm-daemon <span class="nt">--name</span> mon.pod-bayhaqisptr04-ceph3 <span class="nt">--fsid</span> 35de853b-3a4e-4568-b698-f223c8382bb8 <span class="nt">--force</span> </code></pre> </div> <p>after success remove, check again that are still available or not.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>cephadm <span class="nb">ls</span> | <span class="nb">grep </span>mon </code></pre> </div> <p>to get your fsid use this command to grep you cluster id<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>ceph status | <span class="nb">awk</span> <span class="s1">'/id:/ {print $2}'</span> </code></pre> </div> <p>it might take a few minutes to update entire database of cephadm before you can redeploy new Ceph MON</p> <h3> Step 3 -- Redeploy Ceph MON </h3> <p>after daemon are removed you need to redeploy daemon. to reliaze it you can set mon to unmanaged mode<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>ceph orch apply mon <span class="nt">--unmanaged</span> </code></pre> </div> <p>and redeploy new daemon with given spesific host and address<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>ceph orch daemon add mon pod-bayhaqisptr04-ceph3:10.9.9.30 Deployed mon.pod-bayhaqisptr04-ceph3 on host <span class="s1">'pod-bayhaqisptr04-ceph3'</span> </code></pre> </div> <p>verify its work properly<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">sudo </span>ceph status student@pod-bayhaqisptr04-ceph1:~<span class="nv">$ </span><span class="nb">sudo </span>ceph status cluster: <span class="nb">id</span>: 4664a822-3fac-11ed-b14c-5bcb09093cfa health: HEALTH_OK services: mon: 3 daemons, quorum pod-bayhaqisptr04-ceph1,pod-bayhaqisptr04-ceph2,pod-bayhaqisptr04-ceph3 <span class="o">(</span>age 55s<span class="o">)</span> mgr: pod-bayhaqisptr04-ceph1.ufgzyk<span class="o">(</span>active, since 3d<span class="o">)</span>, standbys: pod-bayhaqisptr04-ceph2.qcmvuo osd: 6 osds: 6 up <span class="o">(</span>since 2h<span class="o">)</span>, 6 <span class="k">in</span> <span class="o">(</span>since 2h<span class="o">)</span> data: pools: 1 pools, 1 pgs objects: 2 objects, 449 KiB usage: 105 MiB used, 30 GiB / 30 GiB avail pgs: 1 active+clean </code></pre> </div> <p>Congrats! you have recreate and bringing up you Ceph MON.</p> <h3> Conclusion </h3> <p>The ceph cluster uses several daemons to build its system. and registered on cluster and host itself. ceph mon is responsible for ensuring all daemons are in good working order.</p> <p>This guide cover some common cephadm command to operate remove daemon <code>cephadm rm-daemon</code>, and also learn how to recreate it <code>ceph orch daemon add</code>. the link below might be as useful reference</p> <ul> <li><a href="https://docs.ceph.com/en/quincy/cephadm/services/mon/#deploying-monitors-on-a-particular-network" rel="noopener noreferrer">https://docs.ceph.com/en/quincy/cephadm/services/mon/#deploying-monitors-on-a-particular-network</a></li> <li><a href="https://stackoverflow.com/questions/69488109/how-to-restart-a-mon-in-a-ceph-cluster" rel="noopener noreferrer">https://stackoverflow.com/questions/69488109/how-to-restart-a-mon-in-a-ceph-cluster</a></li> </ul> discuss