DevOps Hunter Security Automation

 We as DevOps and DevSecOps Engineers working on many microservice based application architectures where we need to manage Kubernetes Cluster  Troubleshot at various levels. You cannot rely on single point of look for failures. While working on Kubernetes Troubleshooting we can make ourselves easy to understand the problem, if we could classify the problem belong to the following categories. Application Failure Master node/ControlPlane Failures Worker node Failures Application Failure - trobleshooting Here I'm listing out these with my understanding and experiance in practice tests provided by Munshad Mohammad on KodeKloud. You should know the architecture how it is deployed what all its dependents, where they have deployed with what endpoints, what names used. Check the service 'name' defined and referring service should match and also check the services 'Endpoints' are correctly defined and in referenceing used correctly. k -n dev-ns get all Better to check that t...

Hey Guys, Welcome to "DevOps Hunter" blog! In this post I would like to share my learnings at different times collected that is about Kubernetes commands and their applied tricks and tips. Initially I've collected few kubectl related alias command tricks Play with the etcd database and then backup and recovery short-cuts Finally worked on the Kubernetes command tools kubectx, kubens for easy switching in CLI. Come on! let's explore about the API resources which we might be frequently use when we prepare the YAML files for each Kubernetes Objects. kubectl api-resources We can get sometime the API version mismatch due to change in API version. This can be examine what is new in the current version How do you identify the certificate file used to authenticate 'apiserver'? cat /etc/kubernetes/manifests/kube-apiserver.yaml|grep tls-cert - --tls-cert-file=/etc/kubernetes/pki/apiserver.crt The tls-cert-file will be Kubernetes apiserver ceri...

  Delegation to a host Here is an example where we can delegate the task to a particular host. This play book is using inventory_hostname from the gather facts. - name: Delegation to localhost hosts: all tasks: - name: create a file on target server file: path: /tmp/i_m_on_target_server.txt state: touch - name: create a file with host named file by delegation to localhost file: state: touch path: "/tmp/{{ inventory_hostname }}.txt" delegate_to: localhost connection paramer We can use this "connection" parameter add to your task level or play level. # Filename: connection_local.yml # To do some task on ansible server # local means without doing ssh command (no need of password and no need of ssh keys) # with the local connection parameter for the play --- - name: This is to determine how the connection parameter works with local hosts: app connection: local gather_facts: false tasks: - name: connecti...

Hello DevOps Automations Engineers!!  Ansible provides us special command 'ansible-vault' that is used to encrypt, decrypt, view an Ansible  playbook, this is also have amazing feature specific to role, vars YAML files, we can apply this to string of text in regular variables.  Why do we need to encrypt our Play books? Our Ansible automation projects, we need to work on multiple tasks and which may have some sensitive data such as database user credentials, any cloud IAM role details or it can be some other applications login credentials that's used to validate URL availability. Or it can be used to store the SSL certificates. At any point of time if the system is using plain text and it  has trouble to your confidential and sensitive data otherwise it could causes huge damage to your organization. Where we need a way to store the sensitive data can be protected by data encryption  tool, and this can be done using the Ansible-vault command.  Le...

Hello DevOps Experts!! let's zoom  into the usage of the Ansible Handlers and notifies   What are Ansible Handlers? The handlers section or the tasks defined under the handlers folder are executed at the end of the play once all tasks are finished. In the handlers tasks we are typically do either start, reload, restart and stop services. Sometimes we may need to execute the task only when a particular change is made that can be notified.  Simple example of Apache web server when we modify httpd.conf file then we want to restart the httpd service.  When we were working on Tomcat, when tomcat service is enabled. then there is a need for the reload firewalld service this is where we need to move this reload task under handlers and the enable tomcat service should have notify the task name 'reload firewalld service'. These are the perfect examples for handlers usage in Ansible play. So here the point is that handler tasks will be performed only when they are notif...