Forwarded from Записки админа
🛠 Отличная серия статей получилась, как по мне:
- Debugging Distributed Trace Gaps with tcpdump;
- Debugging Distributed Trace Gaps with ftrace;
- Monitoring Linux Audit.
#audit #trace #напочитать
- Debugging Distributed Trace Gaps with tcpdump;
- Debugging Distributed Trace Gaps with ftrace;
- Monitoring Linux Audit.
#audit #trace #напочитать
Forwarded from Библиотека Go разработчика | Golang
Серия статей о работе с Kubernetes API, в том числе с использованием Go:
➖Kubernetes API Basics - Resources, Kinds, and Objects
➖How To Call Kubernetes API using Simple HTTP Client
➖How To Call Kubernetes API using Go - Types and Common Machinery
➖Kubernetes API Basics - Resources, Kinds, and Objects
➖How To Call Kubernetes API using Simple HTTP Client
➖How To Call Kubernetes API using Go - Types and Common Machinery
Iximiuz
Kubernetes API Basics - Resources, Kinds, and Objects
The article explains the most fundamental concepts of the Kubernetes API - Resources, API Groups, Kinds, and Objects - preparing the reader to the first access of the API from code.
Forwarded from Записки админа
🐧 Интересный ресурс, на котором можно изучить работу systemd и попрактиковаться с разными вариантами запуска https://systemd-by-example.com #systemd #линк
Writing a Controller for Pod Labels | Kubernetes
https://kubernetes.io/blog/2021/06/21/writing-a-controller-for-pod-labels/
#k8s #kubernetes #operator #sdk
https://kubernetes.io/blog/2021/06/21/writing-a-controller-for-pod-labels/
#k8s #kubernetes #operator #sdk
Kubernetes
Writing a Controller for Pod Labels
Operators are proving to be an excellent solution to running stateful distributed applications in Kubernetes. Open source tools like the Operator SDK provide ways to build reliable and maintainable operators, making it easier to extend Kubernetes and implement…
https://medium.com/gumgum-tech/streamlining-your-kubernetes-adoption-with-helmfile-argocd-and-gitops-211937e21e29
#helmfile #helm #argocd #gitops
#helmfile #helm #argocd #gitops
Medium
Streamlining your Kubernetes adoption with Helmfile / ArgoCD and GitOps
In a previous article titled Stop being selfish ! — Open up Terraform to your team with Atlantis we showcased how powerful and convenient…
Kubernetes operator is one of the patterns that allows you to extend Kubernetes to fit your business requirements. This series of posts is going to go through the process of creating a very simple Kubernetes operator following TDD approach. The posts assume prior knowledge of Kubernetes operator pattern, what it is, when to use it, basic concepts of operator pattern like reconcillation loop etc.
#operator #sdk #k8s #kubernetes
https://pnguyen.io/posts/test-drive-kubernetes-operator-1/
https://pnguyen.io/posts/test-drive-kubernetes-operator-2/
https://pnguyen.io/posts/test-drive-kubernetes-operator-3/
https://pnguyen.io/posts/test-drive-kubernetes-operator-4/
#operator #sdk #k8s #kubernetes
https://pnguyen.io/posts/test-drive-kubernetes-operator-1/
https://pnguyen.io/posts/test-drive-kubernetes-operator-2/
https://pnguyen.io/posts/test-drive-kubernetes-operator-3/
https://pnguyen.io/posts/test-drive-kubernetes-operator-4/
pnguyen.io
Test drive a Kubernetes operator - Part 1
Create a simple Kubernetes operator following TDD
Webhook for CRD: https://medium.com/trendyol-tech/getting-started-to-write-your-first-kubernetes-admission-webhook-part-1-623f40c2adda
Webhook fo core types: https://medium.com/trendyol-tech/getting-started-to-write-your-first-kubernetes-admission-webhook-part-2-48d0b0b1780e
#webhook #kubebuilder #k8s #kubernetes
Webhook fo core types: https://medium.com/trendyol-tech/getting-started-to-write-your-first-kubernetes-admission-webhook-part-2-48d0b0b1780e
#webhook #kubebuilder #k8s #kubernetes
Medium
Getting Started to Write Your First Kubernetes Admission Webhook Part 1✨
Kubernetes Admission Controllers concept is very popular these days, especially dynamic ones: MutatingAdmissionWebhook and…
Forwarded from k8s (in)security (D1g1)
Статья "Hardening Kaniko build process with Linux capabilities" о повышения уровня безопасности процесса сборки при использовании Kaniko. Вопрос сборки образов внутри
Ситуация с
План: забираем все
Автор в своих изысканиях с
Как вы понимаете такой подход работает и для других приложений ;)
Kubernetes/containers
мы уже как-то поднимали и обсуждали момент с преимуществами такого подхода. Но это статья не о простом использовании Kaniko
, а о том, как можно улучшить, обезопасить процесс.Ситуация с
Kaniko
следующая - его контейнер запускается от пользователя root
. Можно, конечно, предположить, что ему для работы нужны далеко не все capabilitys =) План: забираем все
capabilitys
и явно добавляем только нужные!Автор в своих изысканиях с
Kaniko
пришел к такому результату: CHOWN
, SETUID
, SETGID
, FOWNER
, DAC_OVERRIDE
.Как вы понимаете такой подход работает и для других приложений ;)
Rewanth Tammana's Blog
Hardening Kaniko build process with Linux capabilities
Build images inside Kubernetes/containers? Wide privileges in default configuration? How to secure Kaniko? Can we take things a notch higher?
Forwarded from Записки админа
🐧 How Program Gets Run: Linux. Автор попытался пошагово показать процесс запуска программы в Linux. #напочитать #linux
Vishal Chovatiya
How Program Gets Run: Linux - Vishal Chovatiya
I know it’s long, but please bear with me & have patience.
How do we launch our programs?
Do you know how programs get runs behind the screen when you double-click on it or you type ./a.out on shellAs you know, the standard way to launch an application…
How do we launch our programs?
Do you know how programs get runs behind the screen when you double-click on it or you type ./a.out on shellAs you know, the standard way to launch an application…