serverfault.com

I have deployed the application in Kubernetes and I have couple of secret files for the application further I want to implement the secret file to load at the boot of application is any strategy is there for implementing the above scenario for application deployment. Could anyone from the kube community tell as the strategy for this. Please feel free to message for further information if required. Thanks logu

Has anyone seen this issue before? So two DNS servers (Domain Controllers) via site-site VPN. with a client in a third location. The client can FQDN and hostname values for the servers.. Dcdiag shows the DNS servers are clean. The whole _ldap._tcp.dc._msdcs.xyz.lan value exists in the DNS servers.. and is resolvable and pingable on the Domain controllers. But yet.. If I try to do a nslookup for the _ldap._tcp.dc._msdcs..lan from the client, it fails.. and I see it trying to send the query to the root servers. (a.root-servers.net). But nothing I can think of would send A/CNAME inquries to one server (or the properly defined servers) but send SRV queries to the root hints servers. Using wireshark, I can see that the query went to the correct DNS server.. BUT the DNS server (running Windows Server 2019) is saying its a non-existant domain (even though its not, its a AD joined domain). This of course is preventing computers from joining the doma

I am not sure if the title is correct. I will describe what my issue is. I have a router in my home network that supports Wireguard. I can connect from a client to the VPN from anywhere and access my home network. Now my issue is I have a laptop I want to be able to connect to the VPN (all I need actually is that the laptop gets my country's IP). The issue is, it is a company laptop and I can't install the wireguard client on it. My idea was I use another Laptop (a personal one) to connect to the VPN and then somehow share the internet connection to the company laptop. What would be the best solution for this? Or maybe there is another simpler solution? Thx

Is containers created using podman have integration scope with checkpoint firewall? Is containers created using podman have integration scope with cisco sdn?

I am trying to configure SNMPv3 with AES256 encryption for a Solarwind monitoring sistem. The problem is that when i create a SNMPV3 user with this command. The user is created with DES encryption: sudo /usr/local/net-snmp-5.9.3/bin/net-snmp-create-v3-user -ro -a SHA -A "W1nt3r-2025" -x AES256 -X "Summ3r-2025" snmpmon -f /usr/local/net-snmp-5.9.3/etc/snmp/snmpd.conf adding the following line to /var/net-snmp/snmpd.conf: createUser snmpmon SHA "W1nt3r-2025" DES "Summ3r-2025" adding the following line to /usr/local/net-snmp-5.9.3/share/snmp/snmpd.conf: rouser snmpmon If I edit the snmpd.conf file manually and insert AES256 ... the snmpwalk command fails... if i insert only AES ... the snmpwalk is running — AES -> means automatically AES128.... which has worked this morning. snmpd_debug.log: trace: usm_process_in_msg(): snmpu

I have a strange error in my event log, which occurred as the first error in a series of errors following a connection loss of my iSCSI storage on one of our Hyper-V 2016 Cluster nodes. The error code is 12636, it says The Virtual HDD has experienced a correctable Error. The confusing thing about it is, the path to the VHD is from an old cluster shared volume location which doesn't exist any more, it has been moved to a new storage location a while ago. There is no VHD at the path shown in the error. The GUI does not show any leftovers pointing to that location, whether I use the Hyper-V manager or the failover cluster manager. So my question would be, how can I find out where this leftover pointer is sitting and how can I get rid of it, since it seems to cause errors in my iSCSI connections?

I am using traefik with basicauth to put some passwords in a swagger opendocs file from a docker container. I configure it on a docker-compose.yml file as follows: - "traefik.enable=true" - "traefik.backend=my-docker" - "traefik.http.routers.my-api.rule=Host(`${machine_domain}`) && (PathPrefix(`/my-application/swagger{any:.*}`) || PathPrefix(`/my-application/v3/api-{any:.*}`))" - "traefik.http.routers.my-api.entrypoints=https" - "traefik.http.routers.my-api.tls.certresolver=https" - "traefik.http.routers.my-api.middlewares=auth" - "traefik.http.middlewares.auth.basicauth.users=admin:$$2y$$05$$p..." This configuration was working on v2 but now no user and password is prompted to the user. Traefik dashboard is protected by password with a very similar configuration and it is working fine in both v2 and v3. - "traefik.http.routers.dashboard.rul

in an Ubuntu 24.04 Server machine, im using HAProxy (2.8.5-1ubuntu3.3) to load balance my company's API. Load Balancing works great but i am having issues with rate limiting of incoming requests. What I want is to limit 50 requests per second per source ip, so for example if a specific source ip is sending 60rps, I want HAProxy to allow the first 50 requests and limit the rest (10) for each second separately. I read the official documentation: https://www.haproxy.com/documentation/haproxy-configuration-tutorials/security/traffic-policing/ so in haproxy.cfg I created a stick table (inside frontend https_in): stick-table type ip size 100k expire 30s store http_req_rate(1s) Then i added an http-request track directive to store the client’s IP address with their request count in the stick table:

Has anyone configured a trusted certificate with ILO5 in a DL360 g10 system? The certificate I am using is working with other infrastructure servers. I can import self signed certificate without any error but the URL shows as not secure. Error: The Certificate could not be imported from the supplied X.509 Certificate data. Verify the following: The input text was base64-encoded X.509 certificate data The provided certificate was intended for this server (not another server)

I want to create something like SCCM for remote login to a macbook. Any suggestion?