I spent more than 8 years retenlessly working between software development, Cloud Operations, Release Engineering then Architecting. People are thirsty to see DevOps at the ground. I let our directors / VPs breathe with me “DevOps”, not just to talk about it… i am here to share the whole experience practically
Today, i was qualified by CNCF as CKS or CKSS— Certified Kubernetes Security Specialist. This article is about my journey towards that.
Enjoy it … !
While my initial background is software engineering, i did not use my software engineering capabilities for only building web/mobile apps, however, i tried also to use this big speciality for the sake of others: infrastructure, security, networking, machine learning, .. so on.
I am doing that because i believe that #SRE (reliability engineering) cannot be reached without software engineering … everywhere.
Accordingly, being specialized in other fields is required for that purpose.
Challenge: public hostname will be accessed is not mentioned in api-server certificate as SAN :
Each system can produce data, consume data or both.
Integrating between systems becomes a must.
If system A produces data, and System B & C needs this data, you will have to integrate A +B , then A+C.
Integrating systems costs a lot with this way ( i mean two by two).
- Imagine you have 4 tools, the number of possible integration between every two is : C(4,2) = 6
- Imagine you have 10 tools, the number of possible integration between every two is : C(10,2) = 45
Note: C(n,k) is a maths formula, check it here: https://www.calculatorsoup.com/calculators/discretemathematics/combinations.php
There are two ways:
In json format (but very long output)
ceph osd cursh dump
Or in plain text format ( but easy to read)
ceph osd getcrushmap | crushtool -d -
we recommend to use Gluster native client which is “glusterfs-fuse”. However, if you still insist to use NFS protocol, the article is written for that purpose.
There are a lot of ways to secure a container image for runtime :
I search on a Nginx image that complies with these criteria,
I found 2 images however .. :
Spending a lot of time to find the best memory-optimized instance but also it should have amd64 as architecture because the current version of EKS is not well compatible with arm64 cpu architecture.
The happy day came when i visited the home page of this software :
ec2-instance-selector --memory 16 --vcpus 4 --cpu-architecture amd64 -r ap-southeast-1
install yq CLI then :
yq r application.yaml --printMode pv "**" | sed 's/: /=/' > application.properties
Details ? check ; https://stackoverflow.com/a/63098014/747579