As many times before, I keep writing cheat sheets after the tasks which made me search a lot and glue things together before I found a solution. Long story short, this time I was asked to set up Google SSO for Kibana without switching from a basic license to a paid one. Kibana, by the moment, already had authentication set up and the customer wanted to log in there with the use of Google Workspace user accounts. Along with that, the customer wanted to keep user account which was already there, in Kibana. There was no need for role mapping or other advanced features, just plain SSO and that's all. As you probably know Elastic provides SSO feature only on paid license, so I have had no other way to get it working except for using 3rd party software. But first things first, let's list the steps we should go over:
Software Development Methodology
About «free» #iam, #oidc, #saml, #etc
There is a task to develop a solution that allows:
- Access control to web applications via #oidc/#saml
- Access control to vanilla #Kubernetes
- SSH access control to bare-metal hosts - using SSH certificate technology if possible
- Authorizing users to other server applications such as #Vault, #PostgreSQL, #Kafka, #ClickHouse, #MongoDB
- Being able to connect users from third-party organizations to certain resources based on group membership, etc
- Ensuring that everything described above works, including the bare metal environment
Data Phoenix Digest — ISSUE 2.2023
Video recording of our webinar about dstack and reproducible ML workflows, AVL binary tree operations, Ultralytics YOLOv8, training XGBoost, productionize ML models, introduction to forecasting ensembles, domain expansion of image generators, Muse, X-Decoder, Box2Mask, RoDynRF, AgileAvatar and more.
Understanding the Differences Between Kafka and RabbitMQ: in Simple Terms
Software message brokers became the standard for creating complex systems. However not all IT specialists understand how these instruments work. Pavel Malygin, Lead System Analyst at Innotech, dives into the topic of message brokers and explains how they are used.
An Antidote to Absent-Mindedness, or How I Gained Access to an OpenShift Node without an SSH Key
Typically when a Node falls out of the OpenShift cluster, this is resolved by simply restarting the offending element. What should you do, however, if you’ve forgotten the SSH key or left it in the office? You can attempt to restore access by using your wit and knowledge of Linux commands. Renat Garaev, lead developer at Innotech, described how he found the solution for this riddle and what was the outcome.
IaC Development Life Cycle
IaC Development Life Cycle
This is the translation of my speech at T-Meetup: DevOps Life Cycle.
I believe that you have heard about SDLC (Systems development life cycle). Is it possible that the same things are applicable for the IaC?
Best warnings of static analyzer
Everyone who runs the static analyzer on a project for the first time is slightly shocked by hundreds, thousands or even tens of thousands of warnings. It may be frustrating. Is my code so terrible? Or is the analyzer lying? In any case, filtering by the severity changes the situation, not completely though. That's why we thought about how we could improve the first experience with the analyzer. Let me show you the new feature step by step...
Turning RTSP into WebRTC: how many cameras will the server withstand?
This article continues the series of articles on load tests. Today we will analyze the testing methodology and answer the question: "How many IP cameras can be connected to a WebRTC server?"
Load test of WebRTC recording on AWS
Do you remember how just a few years ago it was a disaster to lose a camera at the end of a vacation? All memorable pictures and videos then disappeared along with the lost device. Probably, this fact prompted the great minds to invent cloud storage, so that the safety of records no longer depends on the presence of the devices on which these records are made.
WebRTC face to face video chat. Load test
We continue to review variants of load tests. In this article we will go over the testing methodology and conduct a load test that we will use to try and determine the number of users that could watch and stream at the same time, meaning the users will simultaneously publish and view the streams.
Load testing for WebRTC mixer
This article is a continuation of our series of write-ups about load tests for our server. We have already discussed how to compile metrics and how to use them to choose the equipment, and we also provided an overview of various load testing methods. Today we shall look at how the server handles stream mixing.
Using a headless browser for WebRTC load tests
In the previous article we went over a load test whose data could be used to choose a load-appropriate server. In the course of the testing, we would publish a stream on one WCS, and we would pick up that stream several times using a second WCS. The acquired results could be used as a basis for decisions on server operability.
Some would (justly) have concerns regarding the possible biases in such a test — after all, one of our servers was used to test another one of our servers. Could it be that we were using a specially optimized code that skewed the results in our favor?
Clickhouse next to Zabbix or how to collect logs next to monitoring
If you use Zabbix to monitor your infrastructure objects but have not previously thought about collecting and storing logs from these objects then this article is for you.
Choosing a server for 1000 WebRTC streams
In any project, a great deal of importance is placed on the selection of server hardware and WebRTC streaming is no exception. One of the key principles of such a selection is balance – the hardware should be powerful enough to handle the streams with no drops in quality, but not too powerful so as to waste resources. So, how does one choose the right server?
Monitoring WebRTC streams with Prometheus and Grafana
Monitoring systems are a vital tool for any system administrator, because they can be used to extract specific information from services, such that:
WebRTC in Docker. Struggling for resources
A few weeks ago we wrote an article about Docker and WebRTC servers and talked about the intricacies of launching containers. Our readers (rightly) questioned whether Docker was a suitable tool for production, for the following reasons:
Cloud services for WebRTC CDN: How much does it cost? Where to place it?
The developer or owner of a software product often faces the question of choosing a suitable location for hosting server capacity. As you know, software always meets hardware.
Google Cloud Platform for WebRTC CDN with Balancing and Autoscaling
In the previous article we refreshed our memory of WebRTC CDN and the ways this technology helps to minimize latency for WebRTC streams. We also discussed why load balancing and autoscaling wouldn't be amiss in CDNs. Here are the main points from the article:
AWS, ELB, CDN, Autoscaling and other abbreviations and terms related to low-latency WebRTC
The modern browsers do not give users a choice between using WebRTC and not using it. And while you can playback streams using HLS or MSE, WebRTC remains the only tool for capturing camera feeds and publishing streams from a browser. The browser developers have accepted this "format" and integrated it into their products – just as they used to support the Flash Player as a plugin. The only difference is that WebRTC comes natively integrated into the browser — as code, not a plugin. If, in a few years, a new and better library for video streaming is introduced they will undoubtedly make a switch. But these days, Chrome maintains its dominance, so no contenders for WebRTC are in sight.
Automatize it, or Docker container delivery for WebRTC
The vast majority of IT specialists in various fields strive to perform manually as few actions as possible. I won't be afraid of the loud words: what can be automatized, must be automatized!
Let's imagine a situation: you need to deploy a lot of servers of the same type and do it quickly. Quickly deploy, quickly undeploy. For example, to deploy test rigs for developers. When development is carried out in parallel, you may need to separate the developers, so they don't impede each other and possible errors of one of them don't block the work of the others.
There may be several ways to solve this problem: