https://medium.com/@danieljimgarcia/nginx-ingress-waf-with-modsecurity-from-zero-to-hero-fa284cb6f54a
Everything you need to get started on enabling and configuring Web Application Firewall (WAF) in your NGINX Ingress controller.
https://medium.com/@danieljimgarcia/dont-use-the-terraform-kubernetes-manifest-resource-6c7ff4fe629a
The kubernetes Terraform provider is useful when bootstrapping clusters. However the kubernetes_manifest resource has important limitations. The article describes these limitations and provides working alternatives.
The official Sonarqube helm chart started as a community maintained effort as part of the Oteemo helm charts. It was later adopted as the official helm chart of Sonarqube and forked to a SonarSource repo.
This helm chart is the official way of installing Sonarqube in Kubernetes, even though it still has some limitations as per the official Sonarqube docs.
The chart allows you to change the default admin password when installing Sonarqube. This is implemented as a post-install helm hook that sends a POST request to the Sonarqube admin API using a container with curl installed.
The problem was that the current/new admin password were sent as part of the query string, but were not URL-encoded. This meant trying to change the admin password to a new password with special characters would fail.
I opened a bug and submitted a PR to fix the issue and URL-encode them it: https://github.com/Oteemo/charts/pull/278
https://www.dotnetcurry.com/aspnet-core/kubernetes-for-developers
Kubernetes became over the past few years one of the most common and important tools that teams and organisations can leverage in the DevSecOps space. In this article, we will go through the core Kubernetes concepts. It follows a hands on approach specifically aimed at developers so it becomes easier to start leveraging Kubernetes.
Kured is an open source tool that allows Kubernetes administrators to control when their Nodes can reboot.
This way, automatic upgrades like unattended-upgrades can be configured in the cluster nodes so the OS dependencies are automatically patched.
When a reboot is necessary, unattended-upgrades will create a file /var/run/reboot-required instead of automatically rebooting the node. Kured runs as a daemon in your Kubernetes cluster and monitors the existing of that file. Once it detects a node needs to be rebooted, kured ensures a single node reboots at a time, and it cordongs & drains the node before rebooting.
In addition, kured lets you define the day of the week and time of the day that your nodes can reboot, as well as delay a reboot based on prometheus alerts and/or pod selectors.
Kured can be configured to send a slack notification when draining and rebooting a Node. However the notification message was hardcoded as in Rebooting node %s.
This was limiting for myself, since I was going to use kured in many clusters across different clouds and regions. It would be great if I could send a message like Rebooting node %s, from cluster %s, region %s
I submitted a PR that introduced 2 new options with drain/reboot message formats. I also stayed for the conversation on refactoring the notifications using shouterrr so destinations other than slack are supported.
https://kaizendorks.github.io/2020/11/13/kubernetes-dns-issues-cheatsheet
Brief cheatsheet on how to debug DNS issues inside Kubernetes.
Why kubectl stopped being able to interact with private clusters located behind a VPN
read more →
https://kaizendorks.github.io/tutorials/kubernetes
Getting started with Kubernetes is not easy, there is quite a learning curve before most people feel comfortable interacting and/or managing their cluster.
The tutorial is aimed at developers with no previous experience of Kubernetes, however it assumes some basic knowledge of docker/containers, networking and web applications.