Servers and Kubernetes
-
The perfect SRE doesn’t exist, but the right one might already be in your organization - SD Times
There’s been an explosion of interest in SRE over the last 18 months and a lot of this has been from companies that are looking at scaling their DevOps or DevSecOps initiatives to look at the reliability concerns of their customers.
-
How to Set Different Kubernetes Restart Policies
We will talk specifically about the various Kubernetes restart policies in this article. Let us first discuss the various policies that are used when Kubernetes has to be restarted. You can use these Policies to stop a certain workload from being deployed in the cluster. While imposing stringent standards in the cluster is typically done to ensure compliance, cluster administrators should also follow several best practices that have been suggested.
-
How to Use Linux sysctls in Kubernetes
This post will discuss what Linux sysctl is in Kubernetes and how it can be used within a cluster of Kubernetes. The sysctl is an interface in the Linux operating system which enables the administrator to modify the parameters of the kernel at runtime. Here, we will demonstrate how to use the Linux sysctls in the Kubernetes platform. We will demonstrate a simple example to help you understand what kind of output you can expect while implementing the kubectl commands for using the sysctls in Kubernetes.
-
Kubernetes HostPath Volumes
A hostPath volume points to a particular file system socket or directory on the node. In Kubernetes, there are various volume types. Because GitRepo and emptyDir volumes are erased, the hostPath volume is advantageous in Kubernetes applications because it preserves the content of the volumes. The hostPath volume and the Kubernetes volumes type are discussed in this article. You will learn how to launch the Minikube and build a YAML file manifest in this article. You will then be guided step-by-step through the configuration of the hostPath volume and the creation of the pod volume.
-
Consider All Microservices Vulnerable — And Monitor Their Behavior | Kubernetes
This post warns Devops from a false sense of security. Following security best practices when developing and configuring microservices do not result in non-vulnerable microservices. The post shows that although all deployed microservices are vulnerable, there is much that can be done to ensure microservices are not exploited. It explains how analyzing the behavior of clients and services from a security standpoint, named here "Security-Behavior Analysis", can protect the deployed vulnerable microservices. It points to Guard, an open source project offering security-behavior monitoring and control of Kubernetes microservices presumed vulnerable.
As cyber attacks continue to intensify in sophistication, organizations deploying cloud services continue to grow their cyber investments aiming to produce safe and non-vulnerable services. However, the year-by-year growth in cyber investments does not result in a parallel reduction in cyber incidents. Instead, the number of cyber incidents continues to grow annually. Evidently, organizations are doomed to fail in this struggle - no matter how much effort is made to detect and remove cyber weaknesses from deployed services, it seems offenders always have the upper hand.