CKS CLI is command line interface, designed to help for preparing for CKS (Certified Kubernetes Security Sepciality) exams.

Enjoy it!

https://cks.kubernetes.tn/

I am currently migrating from Jenkins to Drone CI after more than 3 years serving Jenkins as a pipeline service for a large organizations. While i am migrating, i found it’s useful to share my observations instantly. That’s why, this article will be continuously updated based on my knowledge expansion on Drone CI.

1. Pipeline Configuration as Code

• Jenkins

it’s a file called by default “Jenkinsfile” to be added in your app git repo. It should be implemented with Groovy programming language

• Drone CI

it’s a file called by default “.drone.yml” to be added in your app git repo. …

July 2016, i ran the first container on production.

July 2021 and after 5 years, i decided to celebrate by putting a new course which summarises this experience : Practical Cloud Native with Docker and Docker Compose.

I. Upgrade Control plane

i am using this terraform module following GitOps practices, so for me it’s about, replacing 2 attributes :

• version: 14.0.0 -> 17.1.0 ( version of the terraform module)
• cluster_versuin: 1.19 -> 1.20

Then, pipeline will do the remaining. I mean: terraform apply -auto-approve

If you are not using Terraform, you still have 3 methods to upgrade the control plane:

• aws console: https://docs.aws.amazon.com/eks/latest/userguide/update-cluster.html#aws-management-console
• aws cli : https://docs.aws.amazon.com/eks/latest/userguide/update-cluster.html#aws-cli
• eksctl : https://docs.aws.amazon.com/eks/latest/userguide/update-cluster.html#eksctl

II. Upgrade Coredns

check compatibility matrix from here

Then upgrade. For me, it was:

kubectl set image --namespace kube-system deployment.apps/coredns coredns=602401143452.dkr.ecr.ap-southeast-1.amazonaws.com/eks/coredns:v1.8.3-eksbuild.1

III. Upgrade kube-proxy

check compatibility matrix from here

Then upgrade. For me, it was:

kubectl set…

Today, i was qualified by CNCF as CKS or CKSS— Certified Kubernetes Security Specialist. This article is about my journey towards that.

Enjoy it … !

General Background

While my initial background is software engineering, i did not use my software engineering capabilities for only building web/mobile apps, however, i tried also to use this big speciality for the sake of others: infrastructure, security, networking, machine learning, .. so on.

I am doing that because i believe that #SRE (reliability engineering) cannot be reached without software engineering … everywhere.

Accordingly, being specialized in other fields is required for that purpose.

Marriage of…

Challenge: public hostname will be accessed is not mentioned in api-server certificate as SAN :

Solution:

Credits to :

1. https://blog.scottlowe.org/2019/07/30/adding-a-name-to-kubernetes-api-server-certificate/
2. https://serverfault.com/q/1030307/213258

Each system can produce data, consume data or both.

Integrating between systems becomes a must.

If system A produces data, and System B & C needs this data, you will have to integrate A +B , then A+C.

Integrating systems costs a lot with this way ( i mean two by two).

- Imagine you have 4 tools, the number of possible integration between every two is : C(4,2) = 6

- Imagine you have 10 tools, the number of possible integration between every two is : C(10,2) = 45

Note: C(n,k) is a maths formula, check it here: https://www.calculatorsoup.com/calculators/discretemathematics/combinations.php

…

There are two ways:

In json format (but very long output)

ceph osd cursh dump

Or in plain text format ( but easy to read)

ceph osd getcrushmap | crushtool -d -

• getcrushmap will return binary content
• crushtool will convert it to plain text