Skip to main content


Automating deployment and managing apps on OpenShift

Previously, we maintained OpenShift templates for deploying apps in development environments as well as delivering these templates to our customers for their on-prem deployment. Customers who refer to our templates (as well as documentation) have their own configuration management tools to automate the deployment such as ArgoCD and FluxCD. Our developers usually modify templates (YAML) directly on OpenShift for testing and then adjust the corresponding templates stored in the Git repository in Bitbucket. This sometimes causes an issue that delivered templates are incorrect because: - Developers forget to update the templates in Git repositories. - Developers don’t test the templates Therefore, our goal was to integrate a tool into our CI/CD that can automate and manage the configuration of OpenShift apps. The delivered templates should be the ones that are able to run on our OpenShift with the following purposes: - Automate deployment from templated in Git repositories onto OpenShift
Recent posts

DevOps Toolchain Enhancement

 Historically, our company ubitec had started with a customer project. Agile/Scrum was our proposal for working with customers. Time by time, Agile/Scrum also became our culture for software development. To be successful with this development approach, we somehow needed to have a fast release for customers (i.e. every one week). Back then, we had a build tool Jenkins which was responsible for having sprint release packages for our customers. The build job pipelines contain some steps such as gathering the artifacts, checking the code convention, running the tests, building docker images, and packaging an archived file (a zip file). The set of tools involved in a pipeline is roughly called a toolchain. It is just a part of a bigger process called the DevOps toolchain. Source: DevOps is a proven method that fits Agile. Today,  it is even treated as a mandatory factor to have Agile

Looking back on my 2021

As of this writing, the COVID-19 pandemic still persists. In Vietnam, people have just passed a horrible time of lockdown, we needed to stay at home for nearly 4 months. I have even got covid infected and spent a quarantine time for more than three weeks. My balcony garden More books read This year, I read 22 books of various kinds. Reading books becomes my habit. English books Grokking Algorithms: An Illustrated Guide for Programmers and Other Curious People The Phoenix Project: A Novel about IT, DevOps, and Helping Your Business Win Leaders Eat Last: Why Some Teams Pull Together and Others Don't The Tao of Microservices Software Architecture for Developers: Volume 2 Vietnamese books Nhân tố Enzyme  Nếu biết trăm năm là hữu hạn Đạo giáo Tâm Thành và Lộc Đời Lịch sử tư tưởng Nhật Bản Totto-chan bên cửa sổ Thiền sư và em bé 5 tuổi Swiss Made Suối Nguồn Hạnh Phúc và May Mắn Một đời quản trị Con chó nhỏ mang giỏi hoa hồng Cách nuôi dạy những đứa trẻ dễ cáu giận, khó bảo Muôn kiếp nhân

Safari (older than 14.1.1) rejects TLS connections of TURN with Let's Encrypt certificates

Summary We could not make a video call successfully on Safari older than 14.1.1. The call kept disconnecting for some seconds. We got the following error in Nginx’s log SSL: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:SSL alert number 48   Root cause The Safari didn’t trust our TLS certificates (certified by Let’s Encrypt) when establishing a TLS connection into our TURN server. It is a known issue that could be found at Bug 219274 - ICE does not resolve for `turns` relay candidates rooted in LetsEncrypt CA . The issue was just recently fixed (end of 2020), therefore old versions of Safari still meet the issues.   Solution In our development environment, we replaced the untrusted certificate with a trusted one. We will warn our customers about this issue in our installation guide. Technical explained WebKit is a browser engine developed by Apple and primarily used in its Safari web browser, as well as all iOS web browsers. The WebRTC of WebKit relied on the upstr

There is no expert, there is only us

Once I was chatting with my teammates... Me : "I wonder why it is always necessary to refer to this source, that source, has anyone done it, is there any research? While no problem is the same, no situation is the same. Why not use our own brains to create a whole new one? Why do we have to be the insiders to consult the outsiders? Isn't that very paradoxical?" My teammate : "I agree with your point that no two situations will be exactly the same and that there is no one size fits all. But there's one like this, I don't think it's all the problems we're dealing with that only we can meet. So of course, if I can find a source to refer to first, it's still better. Just like when implementing a software feature, not every problem is the same. But I still have to go check to see if I'm the only one I've met? Or if someone has met me, I have to see if their method suits me before I decide to try it, but I don't blindly "they do it, I f

Quiz Marker - Chấm điểm AI (Beta) Available Now!

My Fansipanio Team has just launched our first product #QuizMarker, an efficient AI assistant for Vietnamese school teachers to mark their students' quizzes today. Visit Quiz Maker - Chấm điểm AI: Trợ lý chấm thi trắc nghiệm đắc lực của giáo viên for the detail.

Debugging the issue of using NFS shares for PSMDB on OpenShift

I have recently been trying to use PSMDB (Percona Server for MongoDB) as an open-source and free alternative for MongoDB Enterprise Server. I encountered an issue that the pod could not be initialized successfully with Persistent Volumes using NFS shares. I got the logs from the failed pod as follow: ------ ++ id -u ++ id -g + install -o 1000730000 -g 0 -m 0755 -D / /data/db/ install: cannot change ownership of '/data/db/': Operation not permitted ---- I would like to share the steps how I used for debugging. The PSMD StatefulSet was deployed onto my OpenShift 3 OKD. Check the container mount info Go to a pod I could see the mount info as below mongod-data → /data/db read-write - mongod-data: Persistent volume claim name - /data/db: container mounted directory Check Persistent volume binding Go to the storage, I could know which persistent volume was bound to the corresponding persistent volume claim. Bound to volume psmdb-mongodb-data-0 Check P