Home
 
  
🔍

🔗 Kubernetes NGINX Ingress WAF with ModSecurity. From zero to hero!

https://medium.com/@danieljimgarcia/nginx-ingress-waf-with-modsecurity-from-zero-to-hero-fa284cb6f54a

August 16, 2022

Everything you need to get started on enabling and configuring Web Application Firewall (WAF) in your NGINX Ingress controller.

Fix the sonarqube helm chart hook that updates admin password

April 26, 2021

Sonarqube helm chart

The official Sonarqube helm chart started as a community maintained effort as part of the Oteemo helm charts. It was later adopted as the official helm chart of Sonarqube and forked to a SonarSource repo.

This helm chart is the official way of installing Sonarqube in Kubernetes, even though it still has some limitations as per the official Sonarqube docs.

Contribution

The chart allows you to change the default admin password when installing Sonarqube. This is implemented as a post-install helm hook that sends a POST request to the Sonarqube admin API using a container with curl installed.

The problem was that the current/new admin password were sent as part of the query string, but were not URL-encoded. This meant trying to change the admin password to a new password with special characters would fail.

I opened a bug and submitted a PR to fix the issue and URL-encode them it: https://github.com/Oteemo/charts/pull/278

🔗 Kubernetes for ASP.NET Core Developers. A hands on introduction

https://www.dotnetcurry.com/aspnet-core/kubernetes-for-developers

February 5, 2021

Kubernetes became over the past few years one of the most common and important tools that teams and organisations can leverage in the DevSecOps space. In this article, we will go through the core Kubernetes concepts. It follows a hands on approach specifically aimed at developers so it becomes easier to start leveraging Kubernetes.

Allowed kured drain/reboot notifications to be customised

November 26, 2020

Kured

Kured is an open source tool that allows Kubernetes administrators to control when their Nodes can reboot.

This way, automatic upgrades like unattended-upgrades can be configured in the cluster nodes so the OS dependencies are automatically patched.

When a reboot is necessary, unattended-upgrades will create a file /var/run/reboot-required instead of automatically rebooting the node. Kured runs as a daemon in your Kubernetes cluster and monitors the existing of that file. Once it detects a node needs to be rebooted, kured ensures a single node reboots at a time, and it cordongs & drains the node before rebooting.

In addition, kured lets you define the day of the week and time of the day that your nodes can reboot, as well as delay a reboot based on prometheus alerts and/or pod selectors.

Contribution

Kured can be configured to send a slack notification when draining and rebooting a Node. However the notification message was hardcoded as in Rebooting node %s.

This was limiting for myself, since I was going to use kured in many clusters across different clouds and regions. It would be great if I could send a message like Rebooting node %s, from cluster %s, region %s

I submitted a PR that introduced 2 new options with drain/reboot message formats. I also stayed for the conversation on refactoring the notifications using shouterrr so destinations other than slack are supported.

 

© 2022