DevOps Hunter Security Automation

Here in this post we will be exploring in deep dive on the Node Affinity. Node Affinity is more capable alternative to node lables and selector on the Kubernetes cluster. There are three types of affinities in Kubernetes Node affinity Pod affinity Pod anti-affinity Node Affinit y meaning that the pod should only be scheduled on target nodes with specific lables, this is basically what the node selector does for example only schedule the db-pod on the size=large Then, We have Pod affinity for dictates that the pod should only be scheduled on nodes where other specific pods are already running. For example cache pod  scheduled only on nodes where the webserver pods already running. In generic way we could say "Schedule Pod X  ' only on where ' Pod Y". Its like Indian girl marrying boy she stay with him! This way we can reduce the network latency between the two pods which need to communication(think about web pod connects with db pods). Finally, the Pod anti-affinity ...

Kubernetes pod  The Kubernetes pod is going to represent a running process on the Kubernetes cluster. It encapsulates an application container, storage resources, a unique network IP Address. Inside a pod, we can have one or more containers. The containers in a Pod are automatically co-located and co-scheduled on the same physical or virtual machine in the Kubernetes cluster. A Multi container pod is going to be very tightly coupled inside. The containers share access to their memory space. They can be connected to each other using localhost. That is if a web application running on a container can be accessed in a busybox container running in the same pod. Containers in the pod can share storage(volumes) disk space as well. What is a Pod in Kubernetes? A pod is an atomic unit of scheduling in the Kubernetes ecosystem. Pods are ephemeral they live in a short time span. On the master node, the different Controllers are running for monitoring and self-healing of the pods. Containers i...

 Overview of DaemonSets Kubernetes DaemonSet is one of the controllers which are at the Kubernetes Master node. A DaemonSet ensures that all or some nodes run a Pod As nodes are added to the Kubernetes cluster, Pods have added accordingly for each node as per the DaemonSet defined. As nodes are removed or drained from the Kubernetes cluster, they are GC. Deleting a DaemonSet will clean up those Pods it created on each node The DaemonSet Controller creating pods on each nodes Where we can use this DaemonSet? When a Kubernetes cluster running many microservices with multi-nodes there will be a need for Monitoring the system resources with collecting metrics and Logging should be enabled for the application level or database level to collect respective access and server-specific logs. Some example daemon pods can be: Collectd, Node exporter -- Monitoring daemon on nodes for Prometheus Fluentd, logstash – log collection daemon for ELK, EFK stacks Ceph, glusterd – Storage daemon for Clo...

We have seen the word 'replicas' in the Docker Swarm services definition time. How to work with ReplicaSet?   What does ReplicaSet do? ReplicaSet will define the group of pods. You can tell how many replicas of pods for your application. The template section will define how many pods and their specification will be defined. Defining ReplicaSet allows you to deploy podand keep it alive as per configuration. How to create ReplicaSet? ReplicaSet relationship with Pod apiVersion: apps/v1 kind: ReplicaSet metadata: name: my-tcat-rs labels: version: "3.0" spec: replicas: 2 selector: matchLabels: project: MyWeb role: frontend template: metadata: labels: project: MyWeb role: frontend env: dev spec: conta...

Greetings of the day dear Orchestrator!! In this post, we will discuss exploring the Kubernetes StatefulSet( sts )  What is the purpose of Stateful deployment? Kubernetes' basic unit is Pod, which will be ephemeral in nature and it was designed in such a way that it cannot store the state. To store and maintain the state of the application, Kubernetes introduced a new type of deployment manifestation called it as StatefulSet. Here in this post, we will be experimenting with the most important deployment model that is StatefulSet which will be interconnected with the multiple storage related objects PersistantVolume(PV) and PersistentVolumeClaim (PVC).    Assumptions To work on this experiment you must have Kubernetes cluster running on single node or multi-node and it should have a NFS remote storage access that depends on your platform. Here I've EC2 instance having  NFS service configured and run: Kubernetes Cluster configured and Up Prepare a NFS...