I spent more than 8 years retenlessly working between software development, Cloud Operations, Release Engineering then Architecting. People are thirsty to see DevOps at the ground. I let our directors / VPs breathe with me “DevOps”, not just to talk about it… i am here to share the whole experience practically

1. Thu Shalt be a software developer guided by software engineering principles

  • Learn GIT , sorry , Don’t learn it ! but Master it ! Otherwise, Don’t proceed.
  • Know what’s README, why, and how to write it concisely.
  • Learn one of frontend Technologies ( VueJS, ReactJS or AngularJS) in webdev & Practice that → Recommend React+Redux
  • Learn/Practice how to write unit-tests…

CKS CLI is command line interface, designed to help for preparing for CKS (Certified Kubernetes Security Sepciality) exams.

I am currently migrating from Jenkins to Drone CI after more than 3 years serving Jenkins as a pipeline service for a large organizations. While i am migrating, i found it’s useful to share my observations instantly. That’s why, this article will be continuously updated based on my knowledge expansion on Drone CI.

1. Pipeline Configuration as Code

  • Jenkins

it’s a file called by default “Jenkinsfile” to be added in your app git repo. It should be implemented with Groovy programming language

  • Drone CI

it’s a file called by default “.drone.yml” to be added in your app git repo. …

July 2016, i ran the first container on production.

July 2021 and after 5 years, i decided to celebrate by putting a new course which summarises this experience : Practical Cloud Native with Docker and Docker Compose.

I. Upgrade Control plane

i am using this terraform module following GitOps practices, so for me it’s about, replacing 2 attributes :

  • version: 14.0.0 -> 17.1.0 ( version of the terraform module)
  • cluster_versuin: 1.19 -> 1.20

Then, pipeline will do the remaining. I mean: terraform apply -auto-approve

If you are not using Terraform, you still have 3 methods to upgrade the control plane:

II. Upgrade Coredns

check compatibility matrix from here

Then upgrade. For me, it was:

kubectl set image --namespace kube-system deployment.apps/coredns coredns=602401143452.dkr.ecr.ap-southeast-1.amazonaws.com/eks/coredns:v1.8.3-eksbuild.1

III. Upgrade kube-proxy

check compatibility matrix from here

Then upgrade. For me, it was:

kubectl set…

certified kubernetes security specialist

Today, i was qualified by CNCF as CKS or CKSS— Certified Kubernetes Security Specialist. This article is about my journey towards that.

General Background

While my initial background is software engineering, i did not use my software engineering capabilities for only building web/mobile apps, however, i tried also to use this big speciality for the sake of others: infrastructure, security, networking, machine learning, .. so on.

I am doing that because i believe that #SRE (reliability engineering) cannot be reached without software engineering … everywhere.

Accordingly, being specialized in other fields is required for that purpose.

Marriage of…

Each system can produce data, consume data or both.

Integrating between systems becomes a must.

If system A produces data, and System B & C needs this data, you will have to integrate A +B , then A+C.

Integrating systems costs a lot with this way ( i mean two by two).

- Imagine you have 4 tools, the number of possible integration between every two is : C(4,2) = 6

- Imagine you have 10 tools, the number of possible integration between every two is : C(10,2) = 45

Note: C(n,k) is a maths formula, check it here: https://www.calculatorsoup.com/calculators/discretemathematics/combinations.php

There are two ways:

In json format (but very long output)

ceph osd cursh dump

Or in plain text format ( but easy to read)

ceph osd getcrushmap | crushtool -d -
  • getcrushmap will return binary content
  • crushtool will convert it to plain text

we recommend to use Gluster native client which is “glusterfs-fuse”. However, if you still insist to use NFS protocol, the article is written for that purpose.


Use nfs-ganesha

Solution Overview

  • Install GlusterFS
  • Then, install NFSv4 server specific for Gluster Storage
  • enable firewall of 2 services: nfs and rpc-bind

