Posts

K8s Resume Challenge: Introduction

Why? In an effort to keep my Kubernetes skills sharp, I decided to tackle the Kubernetes Resume Challenge. However, rather than follow the instructions to a T, I’ve decided to add some twists of my own that’ll spice things up. Hence, the reason for the blog series. Hope you enjoy the ride. Setup Like mentioned above, I plan on deviating slightly from the guide. To begin, I will not be using a cloud provider for creating the Kubernetes cluster. While using a CSP like AWS or Azure come with its own benefits, for the sake of this project, I wanted to explore Talos Linux a bit and this seemed like the perfect opportunity. Yes, Talos does support deployment to cloud providers, however for the sake of learning (and cost), began with a new VM running a Talos Linux cluster.

Wednesday, July 31, 2024 Read

K8s Resume Challenge: Containerization

Kubernetes is container orchestration system. With that said, it is only appropriate that our workloads be containerized. Our “product” consists of a kodecloud ecommerce site backed by a MariaDB database. To reach our goal of having it all managed via Kubernetes, a first step involves containerizing the website and database. First, let us focus on the web app. FROM php:7.4-apache RUN docker-php-ext-install mysqli COPY --chown=www-data:www-data --chmod=755 . /var/www/html/ EXPOSE 80 Short and sweet. (And can be better. But for now, it’ll do.)

Friday, August 2, 2024 Read

K8s Resume Challenge: Deploying to Kubernetes

Deploying the E-commerce website For the initial MVP of deploying our application to Kubernetes, the following manifests were used. Starting with the website Deployment spec, we set the environment variables accordingly. apiVersion: apps/v1 kind: Deployment metadata: name: ecom-web spec: replicas: 2 selector: matchLabels: app: ecom-web template: metadata: labels: app: ecom-web spec: containers: - name: ecom-web image: ariyonaty/ecom-web:v1 ports: - containerPort: 80 env: - name: DB_HOST value: ecom-db - name: DB_USER value: ecomuser - name: DB_PASSWORD value: ecompassword - name: DB_NAME value: ecomdb Additionally, we define a Service to expose the application.

Friday, August 2, 2024 Read

K8s Resume Challenge: Administration

In this post, we’ll tackle a collection of tasks that mirror a workflow in a professional environment – both on the dev side, as well as the ops side. Agenda: Add dark mode Publish new version docker image Scale application Liveness/Readiness Probes ConfigMaps / Secrets Dark Mode Per the instructions, the dark mode toggle is to be determined based on value of environment variable FEATURE_DARK_MODE. As the focus of my learning is not web development (nor my area of expertise, if any :p), this feature was rudimentary implemented by creating a separate CSS stylesheet that includes the addition of a dark background color. Then, inline PHP was used to select which stylesheet to load. The below diff demonstrates this.

Sunday, August 4, 2024 Read

DevOps, Flow, and the Pitfalls of Collaboration Software

In the fast-paced world of software development, DevOps has emerged as a crucial methodology for improving efficiency and collaboration between development and operations (and security) teams. However, as we strive for better communication and faster delivery, we may inadvertently be sabotaging one of the most critical elements of productivity: flow. Although “The Phoenix Project” popularized the idea of Flow through The First Way, this concept also represents a state of deep concentration and effortless productivity. It’s a mental state where engineers are fully immersed in their work, leading to high levels of creativity and efficiency.

Sunday, October 13, 2024 Read

Filtering the Noise in Life: Lessons from the Sky and DevOps

We live in a world filled with constant noise. Whether it’s the buzz of modern technology, the demands of daily life, or the stream of notifications from our devices, distractions are everywhere. During the past few days, I took a detour into the world of radars and was able to draw some parallels between concepts applied in detection/filtering and my day-to-day work as a DevOps engineer. And as I gave it more thought, it dawned on me how these same ideas can be applied as life lessons. Learning how to filter out this noise, much like advanced technologies do in aviation and software development, is essential for maintaining clarity and focus. Let’s explore how the radar cross section (RCS) of an F-22 fighter jet shows us the importance of reducing noise, and why it’s critical in both DevOps and flife.

Monday, October 7, 2024 Read

Hurricane Electric IPv6 Certification

One of the members of a Linux community I’m in posted a neat little site, Hurricane Electric, that created an IPv6 certification - free of charge - verifies one’s expertise with IPv6. The certification can be found here. Components of the certification include testing ability to: Prove that you have IPv6 connectivity Prove that you have a working IPv6 web server Prove that you have a working IPv6 email address Prove that you have working forward IPv6 DNS Prove that you have working reverse IPv6 DNS for your mail server Prove that you have name servers with IPv6 addresses that can respond to queries via IPv6 Prove your knowledge of IPv6 technologies through quick and easy testing Furthermore, the certification also demonstrates familiarity with IPv6 concepts including:

Friday, October 28, 2022 Read

DevSecOps: Continuous Application Security

DevSecOps: Building a Secure Continuous Delivery Pipeline Linkedin Learning - Instructor: Tim Chase Prerequisites: High-level DevOps understanding General InfoSec knowledge Scripting Tooling: Python3 JDK Docker SonarQube SonarScanner Zaproxy (Docker) ContrastSecurity WebGoat Anchore-Engine Anchore-CLI OWASP dependcy check Trufflehog DevSecOps DevSecOps is the integration of security into DevOps, extending CI/CD to security. Allows for security at scale. Advantages of DevSecOps include: Allow security to scale with DevOps teams Security can quickly respond to events Increased collaboration surrounding security Goals of DevSecOps include:

Sunday, August 21, 2022 Read

Jenkins Essentials

Essential Jenkins Linkedin Learning - Instructor: Michael J. The Jenkins Pipeline Two pipeline formats: Scripted node {} Declaritive pipeline {} Pipeline Configuration: Agent // run on first available system agent any // run on system with label "linux" agent { label 'linux' } // run pipeline inside docker container using specified image agent { docker { image 'maven' } } // defer agent selection to stages agent none Pipeline Configuration: Stages and Steps Example

Thursday, August 18, 2022 Read

DevSecOps: Building a Secure Continuous Delivery Pipeline

DevSecOps: Building a Secure Continuous Delivery Pipeline Linkedin Learning - Instructor: James Wickett Stages of a CD Pipeline Develop: Application design and development takes place Inherit: Dependecies get bundled and inherited into code Build: Build steps are run and acceptance testing is done Deploy: Artifacts are deployed Operate: Application is up and running Develop: Static Code Analysis Language/Framework Tools PHP Phan Java Web Apps Find Security Bugs Node NodeJsScan Golang GoSec Develop: Secrets git-secrets for scanning repo for secrets

Tuesday, August 16, 2022 Read

Deploying Hugo Site with AWS Amplify

website.github.io is great, but your own domain name is even better! For years, I’ve been deploying hugo sites for free with GitHub pages (still do!). However, I was looking for something a bit more professional for sharing a portfolio site. While GitHub pages does offer the ability to configurate a custom domain, I decided to take the opportunity to expand on my cloud skills and use an AWS service. During the research stage, I encounted several potential AWS services that can be used for publishing a website, including:

Thursday, August 4, 2022 Read

How To: Deploy an Internal Container Registry in Kubernetes

DigitalOcean Kubernetes Challenge Hey there, reader! About a week ago (12/22), I happened to catch a DigitalOcean stream on Twitch and learned of the Kubernetes Challenge they were hosting. Having just gone on break from school, I thought, “Hey, I’ve heard of this kubernoodles stuff before” and with no prior experience and about a week until the challenge due date, decided to spend my break to finally learn Kubernetes and participate in the challenge. Learn by doing, right?!

Tuesday, December 28, 2021 Read