I spent more than 8 years retenlessly working between software development, Cloud Operations, Release Engineering then Architecting. People are thirsty to see DevOps at the ground. I let our directors / VPs breathe with me “DevOps”, not just to talk about it… i am here to share the whole experience practically

1. Thu Shalt be a software developer guided by software engineering principles

  • Know what’s README, why, and how to write it concisely.
  • Learn one of frontend Technologies ( VueJS, ReactJS or AngularJS) in webdev & Practice that → Recommend React+Redux
  • Learn/Practice how to write unit-tests…


certified kubernetes security specialist

Today, i was qualified by CNCF as CKS or CKSS— Certified Kubernetes Security Specialist. This article is about my journey towards that.

Enjoy it … !

General Background

While my initial background is software engineering, i did not use my software engineering capabilities for only building web/mobile apps, however, i tried also to use this big speciality for the sake of others: infrastructure, security, networking, machine learning, .. so on.

I am doing that because i believe that #SRE (reliability engineering) cannot be reached without software engineering … everywhere.

Accordingly, being specialized in other fields is required for that purpose.

Marriage of…


Each system can produce data, consume data or both.

Integrating between systems becomes a must.

If system A produces data, and System B & C needs this data, you will have to integrate A +B , then A+C.

Integrating systems costs a lot with this way ( i mean two by two).

- Imagine you have 4 tools, the number of possible integration between every two is : C(4,2) = 6

- Imagine you have 10 tools, the number of possible integration between every two is : C(10,2) = 45

Note: C(n,k) is a maths formula, check it here: https://www.calculatorsoup.com/calculators/discretemathematics/combinations.php


There are two ways:

In json format (but very long output)

ceph osd cursh dump

Or in plain text format ( but easy to read)

ceph osd getcrushmap | crushtool -d -
  • getcrushmap will return binary content
  • crushtool will convert it to plain text

we recommend to use Gluster native client which is “glusterfs-fuse”. However, if you still insist to use NFS protocol, the article is written for that purpose.

Solution

Use nfs-ganesha

Solution Overview

  • Then, install NFSv4 server specific for Gluster Storage
  • enable firewall of 2 services: nfs and rpc-bind


There are a lot of ways to secure a container image for runtime :

  1. Inherit from a distroless image base
  2. Default user of image is not-root ( USER 1001)
  3. If the image expose a port, it must be above 1024 because ports under 1024 requires root.
  4. Files used by the main process must be owned by random user and root group (chown 1001:0)

I search on a Nginx image that complies with these criteria,

I found 2 images however .. :

  • docker.io/kyos0109/nginx-distroless : which focus only on the 1st way.
  • docker.io/nginxinc/docker-nginx-unprivileged: which focus on all ways except the first.

As…


Spending a lot of time to find the best memory-optimized instance but also it should have amd64 as architecture because the current version of EKS is not well compatible with arm64 cpu architecture.

The happy day came when i visited the home page of this software :

ec2-instance-selector  --memory 16  --vcpus 4 --cpu-architecture amd64  -r ap-southeast-1

Amazing !


install yq CLI then :

yq r application.yaml --printMode pv "**" | sed 's/: /=/' > application.properties

Details ? check ; https://stackoverflow.com/a/63098014/747579

Done!

Thanks


alias ab='kubectl run test-load --rm --tty -i --restart='Never' --image devth/alpine-bench --command -- /go/bin/main'ab -n 10000 -c 900 -s 300 https://my.site123.com/

Related Github Git

Abdennour Toumi

Software engineer, Cloud Architect, 5/5 AWS|GCP|PSM Certified, Owner of kubernetes.tn

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store