DevOps Hunter Security Automation

 Node in the Kubernetes cluster are schedule the pods as per the Node level Taints will control the Pod creation on the Node.  We can update the taints on one or more nodes with single command. The following are instructions from the kubectl label --help A taint consists of a key, value, and effect. As an argument here, it is expressed as key=value:effect.  The key must begin with a letter or number, and may contain letters, numbers, hyphens, dots, and underscores, up to 253 characters.  Optionally, the key can begin with a DNS subdomain prefix and a single '/', like example.com/my-app.  The value is optional. If given, it must begin with a letter or number, and may contain letters, numbers, hyphens, dots, and underscores, up to 63 characters.   The effect must be NoSchedule, PreferNoSchedule or NoExecute.  Currently taint can only apply to node. How does Taint - Tolerance works in Kubernetes? Taints allow a node to repel a set of pods. Tolerati...

What this post covers? In this post we will explore all possible options that can be used for Kubernetes Labels and selectors. Adding labels Show labels  Replace labels Deleting labels   Adding Labels to Pods Adding labels while you creating bare pods imperatively using 'kubectl run' command, here I'm using three different images httpd, redis, rabbitmq.   kubectl run web --image=httpd:2.4.54-alpine \ --labels="env=prod,author=pavandeverakonda,component=customer,tier=frontend" kubectl run db --image=redis:alpine \ --labels="env=prod,author=pavandeverakonda,component=customer,tier=backend" kubectl run web2 --image=httpd:2.4.54-alpine \ --labels="env=dev,author=pavandeverakonda,component=customer,tier=frontend" kubectl run db2 --image=redis:alpine \ --labels="env=dev,author=pavandeverakonda,component=customer,tier=backend" kubectl run msg-pod --image=rabbitmq \ --labels="env=prod,author=ranjan,component=customer,tier=integra...

Kubernetes pod  The Kubernetes pod is going to represent a running process on the Kubernetes cluster. It encapsulates an application container, storage resources, a unique network IP Address. Inside a pod, we can have one or more containers. The containers in a Pod are automatically co-located and co-scheduled on the same physical or virtual machine in the Kubernetes cluster. A Multi container pod is going to be very tightly coupled inside. The containers share access to their memory space. They can be connected to each other using localhost. That is if a web application running on a container can be accessed in a busybox container running in the same pod. Containers in the pod can share storage(volumes) disk space as well. What is a Pod in Kubernetes? A pod is an atomic unit of scheduling in the Kubernetes ecosystem. Pods are ephemeral they live in a short time span. On the master node, the different Controllers are running for monitoring and self-healing of the pods. Containers i...

 Switch Storage Driver for Docker on Ubuntu This blog post is aimed to experiment based on "How to switch to a different storage driver on an existing docker installation in Ubuntu". Prerequisites Ubuntu Linux VM instance on any Cloud or Local VM Knowledge about filesystem how it works Step1: What filesystem provided by your OS cat /proc/filesystem or grep btrfs /etc/filesystem Is your docker version supports the filesystem available on your VM instance. grep brtfs /proc/filesystem Step 2: Take a backup of docker folder cp -au /var/lib/docker /var/lib/docker.bk Create loop devices attach them using images created by dd command dd if=/dev/zero of=test1 bs=1 count=1 seek=4294967295 dd if=/dev/zero of=test2 bs=1 count=1 seek=4294969343 Here the /dev/zero provides an endless stream of zero bytes when read (if). This function is provided by the kernel and does not require allocating memory. and all writes (of) to given file location. As a result, when ...

Hello DevOps/DevSecOps team, welcome back for another intresting post on Docker. In this post we will be discussing and experiment on "docker restart policies".   What is Docker restart policies? Docker provides restart policies to control whether your containers start automatically when they exit, or when Docker daemon restarts.   A Docker container’s status can be controlled by providing the restart policy while the container is instantiated with docker run sub command.   Docker container restart policies Docker restart policies are there to keep containers active(Up status) in all possible downfalls, we can leverage it in multiple ways as an example if we have a Tomcat/Nginx web server running on a container and have to keep it Up and running even on bad request we can use restart policy with a flag, it will keep the server "Up" and running till we stopped it manually. Syntax : docker run --restart [policy-type] IMAGE [COMMAND] [ARG...]    Below are t...

Hello DevOps or DevSecOps team here in this post I would like to expose more details about how the Git configurations can be done and viewed and where it is going to stored as file. Git Basic Configurations and scopes Let's see what are options we have for "git config" command in a Linux system, here I've used Ubuntu Linux to execute all 'git config' commands.  git config scopes There are three different levels : local, global, system-level configuration values attributes defined in Git.  System Global Local System level config Git allows us to define System wide configuration that means the configured values will be available for all users in the system and for every project repository as well. # System level configurations will be stored in /etc/gitconfig file git config --system core.editor "vim" git config --system merge.tool "vimdiff" The execution of the commands  git config --global command example Global level config Git c...

 Hey Guys!! How are you? In this learning post I would like to share with you awesome Jenkins feature experiment -  Infrastructure as a Code (IaC). The entire Jenkins Job or Project can be configured manually step-by-step in the regular fashion, when you click on the "new item" on the Jenkins Dashboard to create a project. But here story is different - with DSL script you could do the same thing that is dynamically creating a Job with a single flexible scalable durable way with Groovy script.  Jenkins DSL Groovy script generating dynamic Job Groovy is more like Shell scripting but totally executable on Java Virtual Machine. Those who know Java it will be easy to understand the Groovy syntax and its blocks. If you don't then no worries we will be coming up with easy to use DSL script in the following sections. Prerequisite for DSL Job creation Jenkins master-slave installed up and running. SCM installed/github Up and running Jenkins must have plugins installed such as ...