5 posts tagged with "Cloud"

TypeScript SourceMap​

We can generate Source Map files in TypeScript by setting compilerOptions.sourceMap = true in the TypeScript configuration tsconfig.json. This file allows tools like VS Code and Chrome debugger to map the compiled JS files back to the original TypeScript (TS) code.

However, if you receive error stacks from a production environment and want to quickly find the corresponding positions in the TS code, is there a way to do it manually?

Instance Metadata Service​

Instance metadata is the information provided by AWS about your EC2 instances, including details like Host Name, Public IP, and more. This information can be accessed through the Metadata Service available at 169.254.169.254. This address is a link-local address that can only be accessed from within the EC2 instance. For example, you can retrieve the current Public IP using the following API:

curl http://169.254.169.254/latest/meta-data/public-ipv4

What is a Bastion Host?​

Usually, we place internal services such as databases or applications in private subnets. These machines cannot be accessed directly through a public IP. Instead, we use load balancers (ALB, ELB) to redirect traffic to the internal machines. This setup protects our services from external attacks and only allows access to services that truly need to be exposed externally.

What are Intermediate Certificates​

Generally, a certificate authority (CA) does not issue user certificates using the actual root certificate. After all, there are so many end users, and having the root certificate online every day poses a significant risk. Instead, the CA issues a certificate using the root certificate and then uses that certificate to sign user certificates. This certificate is called an "intermediate certificate."

Introduction​

Recently, our company switched to using Nginx ingress controller with a L4 Load Balancer to handle incoming traffic, replacing the previous use of Application Gateway. During deployment, I discovered that the official default setting for ExternalTrafficPolicy on the Service is set to Local (Ingress-nginx Azure deploy.yaml), as mentioned in the AKS documentation. It was also noted that if we want to preserve the client's source IP address, this configuration is necessary.

After some exploration, it was found that this is related to how Kube-proxy handles incoming traffic, which helped address the implementation issues I had with K8S Service. This article aims to document my findings. 🎉