Discover and read the best of Twitter Threads about #k8s

Most recents (24)

3 cloud-to-K8s best practices to mitigate the risk of a lateral movement attack 🛡

1️⃣ Avoid storing long-term #cloud keys in workloads
2️⃣ Remove kubeconfig files from publicly exposed workloads
3️⃣ Restrict access to container registries

Details in thread 🧵👇 #kubernetes
1️⃣ Avoid storing long-term #cloud keys in workloads

✅ Attach IAM roles/service accounts/managed identities to workloads and define minimum permissions.

✅ Generate and rotate temporary credentials using the IMDS for improved #cloudsecurity.

🧵 2/5
2️⃣ Remove kubeconfig files from publicly exposed workloads

✅ Remove kubeconfig files from exposed workloads, configure #K8s API server endpoint as private.

✅ Restrict access to specific IP addresses using a strictly configured #security group.

🧵 3/5
Read 5 tweets
Comment survivre à des pics de charge avec son cluster Kubernetes ?

Le brief : tout tourne bien, nos pods sont healthy, reçoivent du traffic, mais tout d'un coup un gros pic de traff sur notre app ! Et là, c'est le drame. 😱

🧵👇
Le HPA (HorizontalPodAutoscaler) réagit bien, il auto-scale notre déploiement en demandant le scheduling de nouveaux pods. Mais là problème... Il n'y a pas assez de noeuds ! #Kubernetes va alors demander de nouveaux noeuds (on part du principe que c'est on-cloud). #k8s #kube
Mais le temps qu'ils arrivent, notre application est au bord de l'explosion, même la p50 latency est au-dessus des 10 secondes, c'est le feu à bord 🔥😱 Les utilisateurs gueulent car tout est pété en prod.
Read 10 tweets
Kubernetes Tutorials For Beginners📚

1️⃣What Is Kubernetes Architecture?
spacelift.io/blog/kubernete…

2️⃣Kubernetes Basic Concepts & Examples
spacelift.io/blog/kubernete…

#devops #kubernetes #k8s #linux #docker #sysadmin #Azure #infrastructureascode #serverless #terraform #ansible
3️⃣ How to Manage Secrets in Kubernetes – A Complete Guide
spacelift.io/blog/kubernete…

4️⃣ Kubernetes Security: 5 Best Practices for 4C Security Model
spacelift.io/blog/kubernete…
5️⃣ Kubernetes Ingress with NGINX Ingress Controller Example
spacelift.io/blog/kubernete…

6️⃣ 15 Kubernetes Best Practices Every Developer Should Know
spacelift.io/blog/kubernete…
Read 3 tweets
For some good reasons I haven't been posting my DevOps journey here.

My Azure DevOps AZ 400 exam, also putting some crafts on Cloud native using AWS and KodeKloud has been taking my time.
Meanwhile, I have covered few DevOps tools in the past few weeks.
#K8s components (deployment, Services, Ingress, Secret, volume and much more...)
#Jenkins
#GitOps
#Vagrant
#Docker deep dive
#Terraform
#Bash scripting
#Selenium (looking for alternative)
#Helm Charts
#Lens
And more...
@PearsonVUE decided to disrupt my exam without consideration, I'm hoping that @MicrosoftLearn will resolve this asap.

The journey has been awesome tho.

I'll share my experience very soon.

#DevOps Engineer
#Development
#Ops
Read 4 tweets
We found a Remote Code Execution vulnerability in every #PostgreSQL database in #IBMCloud 😱

Here is how we did it: 🧵

#HellsKeychain
We set up a PostgreSQL instance in IBM Cloud and tried to execute code using the 'COPY FROM PROGRAM' statement. Unfortunately, this failed due to insufficient privileges. We were blocked! 🚫
We reviewed all IBM Cloud's proprietary functions that had the 'security definer' flag (meaning they will run as superuser). One of these functions had a SQL Injection vulnerability that we were able to exploit:
Read 16 tweets
Kubernetes is a complicated beast. There are many moving parts under the hood. Simplifying Container orchestration isn’t easy

Here are 11 Resources that will make you a Kubernetes wizard in no time 🧵👇

#DevOps #DevOpsCommunity #Kubernetes #K8S
1. A Beginner’s Guide to Kubernetes

A comprehensive introduction to Kubernetes architecture.

🔗 medium.com/containermind/…
2. A Guide to the Kubernetes Networking Model

An in-depth run-through of Kubernetes networking.

🔗 sookocheff.com/post/kubernete…
Read 13 tweets
In this thread, you'll find @PrateekJainDev's CKAD exam preparation guide including notes and practice questions.

🧵👇#Kubernetes #CKAD #DevOps #K8s #100DaysOfCloud #CKA
CKAD exam Preparation Notes and Practice Questions: Part 1

This part will cover topics like #Kubernetes Architecture, Pods, Deployments, Namespaces, and ReplicaSets

👀blog.prateekjain.dev/ckad-exam-prep…
CKAD exam Preparation Notes and Practice Questions: Part 2

This part will cover topics like Commands and Arguments, Environment Variables, ConfigMaps, Secrets and Security Context in #Kubernetes.

👀blog.prateekjain.dev/ckad-exam-prep…
👇
Read 8 tweets
How a simple web-app assessment lead to complete #AzureAd tenant takeover 🤯
🧵 👇
#Azure #AzureKubernetesService #aks #Kubernetes #KubernetesSecurity #k8s #bugbounty #bugbountytips #bugbountytip #DevSecOps
1. Poorly-designed file upload functionality lead to RCE
2. Turned out the app was running in a container managed by #AzureKubernetesService (#AKS)
3. #Container was mounting a service account with permissions to deploy #pods in the same namespace
4. I deployed a new pod with hostPath root volume. Deployment was not blocked by any security policy. #Pod got deployed
5. I exec-ed into the pod's #container and escaped it through its hostPath volume. #privesc to the #AKS node succeeded!
Read 7 tweets
Mounting a #Kubernetes service account to a pod with permissions to deploy other pods implies that if your app has RCE, a threat actor will be able to infect other Services in the cluster (yes, even if you use strict PSPs) #KubernetesSecurity #k8s #aks #gke #eks
#DevSecOps
🧵 👇
Background:
▪︎ A Service in #k8s is an object that balances HTTP requests between pods belonging to that Service
▪︎ A Service identifies its pods through a set of labels (e.g. "fancy-app: prod", "db: users", etc)
▪︎ A pod with a label associated with a Service will become part of that Service automatically

Attack scenario:
1. A pod is mounting a service account with permissions to deploy other pods
2. A container in the pod is running a vulnerable app, providing RCE to an attacker
Read 6 tweets
Ansible Tutorials For Beginners📚 🧵

1️⃣Ansible Roles: How to Combine Them With Playbooks
spacelift.io/blog/ansible-r…

2️⃣Working with Ansible Playbooks
spacelift.io/blog/ansible-p…

#devops #kubernetes #cicd #k8s #linux #docker #sysadmin #automation #ansible #serverless #terraform #yaml
3️⃣Ansible Tutorial for Beginners: Ultimate Playbook & Examples
spacelift.io/blog/ansible-t…

4️⃣How to Use Different Types of Ansible Variables (Examples)
spacelift.io/blog/ansible-v…
5️⃣Ansible Modules – How To Use Them Efficiently (Examples)
spacelift.io/blog/ansible-m…

6️⃣44 Ansible Best Practices to Follow [Tips & Tricks]
spacelift.io/blog/ansible-b…
Read 3 tweets
🧵 My top 10 list of the IT books that helped me the most during my career.
1. Inside the Machine by Jon Stokes oreilly.com/library/view/i…
An insightful book to understand how a CPU works and help in earning some mechanical sympathy.
2. How Linux Works by @bricsuc oreilly.com/library/view/h… #linux
The best book, in my opinion, on Linux. A must-read as Linux today is absolutely everywhere. It provides most of the content every developer should be aware of.
Read 11 tweets
5 DevOps Projects that will get you a job

A Thread 🧵
1️⃣ Chatbot Deployment over cloud

▶️ You can create one voice bot using tools like RASA, CSML, Dialogflow or etc.

▶️ Start using command line to deploy it, Learn Linux apply it.

▶️ Use AWS/GCP services for App deployment like EKS/GKE, ECS, or AWS Lambda.

If you want one, DM
2️⃣ Application deployment

▶️ Learn about AWS services like EKS, ECS, Fargate clusters, Cloudformation, and many more.
🔅One of them is enough for project.

▶️ Create demo application like wordpress or owncloud deployment yaml file.

✍️Link: bit.ly/RG-eksproj
Read 12 tweets
Webhooks are a big part of @kubernetesio. I've recently been going down the webhook rabbithole, especially for offensive use-cases. And here's what I think. A 🧵 1/
@kubernetesio #kubernetes uses an access control object called an Admission Controller. This is beyond AuthN and AuthZ. This allows you to create objects that will allow you the operator to define workloads and configs that are admitted in your cluster. appsecengineer.com/courses-collec…
2/
@kubernetesio This is largely done using Admission Control webhooks. There are two types of webhooks you can use in #k8s, they are:
- validating
- mutating
Watch my 1m video here if you want to learn the differences

3/
Read 11 tweets
Here begins a fun thread of the finished lightboards that we make together during the ϟ Enlightning stream. ♫

Also- a big THANK YOU to all who come out to watch ϟ Enlightning, and also to those who take the time to watch the recording. I appreciate you.

@VMwareTanzu
What is a Small Batch Loop? Featuring guest @cote Image
Dockerfiles Vs. Cloud Native Buildpacks featuring guest @ciberkleid Image
Read 33 tweets
Another call today where a client has application teams throwing things over the fence into #k8s. A huge amount of the problems we are now seeing are apps without the basics.

There are a long list of things you should have, but the top four we highlight for apps on #kubernetes
1. Startup Probe
2. Liveness Probe
3. Readiness Probe
4. Graceful shutdown - be able to handle a sigterm in #kubernetes
Simply put you should not have any apps going into production that does not have the four of these. Your application needs these to take advantage of #k8s and the #kubernetes core team have put a lot of thought into making these simple to use.
Read 5 tweets
Congrats to the full @RedHat team on a strong quarter! Here are Red Hat-related highlights I caught in @IBM's earnings last night. 🧵👇
- IBM's software revenue growth was led by @RedHat, security, automation, and Cloud Paks (which are built on @openshift).
"The one that performed exactly according to what we wanted was Red Hat."
- @RedHat revenue was up 17% (normalized) & 23% all-in
- Red Hat revenue growth was driven by double-digit growth in both infrastructure and application development and emerging technology. 📈
Read 7 tweets
The reason why I love and hate #Kubernetes is it actually good platform to host scalable apps. But the road from developing the app to making it scalable is so painful. Here are few-reasons-why-thread:
#Kubernetes in its bare configuration can only host containers and let you talk to them. Include config maps, volumes, RBAC, etc.
If you ever wanted to scale your app on #Kubernetes you probably heard of MetricsServer - it can collect standard metrics like CPU and RAM of every pod/container.

It’s not a part of #k8s distribution - you need to install it separately.
Read 11 tweets
4 years ago I started implementing an entire #linux #wayland display server in the browser because "wouldn't it be cool if ...", but I never really shared my experiences that eventually lead me to implement a #kubernetes powered cloud desktop computer. 🧵👇
I'll try to keep these posts chronologically but most comes from memory so I apologize in advance. ;)
It basically started with a discussion in #wayland on #irc where it was suggested that one should use (s)rtp for real time video stream. The browser lacking such things, only offers WebRTC so first thing was to check if that could be utilized.
Read 31 tweets
Hello twitter world! As a bunch of you know I was preparing for my Certified #Kubernetes Administrator. I decided to give a go at the exam & failed my first attempt. Here's what I did, my experience with the #CKA and what I plan on doing differently for my re-take.

A thread 1/n
First of all, you need to be okay with failing the exam on the first attempt. I had to change this about me as I don't bode well with failure.

At @kloudleinc, we have no taboo about failure. It's just a way to evaluate what you can do differently for your next attempt.

2/n
Last week during an internal discussion, @makash shared a technique called "Genchi Genbutsu" (conversion-rate-experts.com/genchi-genbuts…) that got me to book the exam with whatever prep I had done so far instead of waiting for an arbitrary date in the future that looked "right" to me 😬

3/n
Read 14 tweets
YAML jokes are getting old, so as the FUD around #kubernetes and the cloud native landscape.

How about my "Kubernetes - the good parts" list instead?

🧵
My background: DevOps cosultant, on-boarded many devs to #k8s, built internal app platforms the past 4 years.

This thread is here to increase focus. You may have the killer usecase for things I don't speak highly of, but know that this list is for beginners✌️
Basics first: Pods, Deployments, Services, ConfigMaps, Secrets

Use them, know the concepts. Some point you have to debug them anyways.
Read 21 tweets
🧵 M E G A T H R E A D

Check out all of my amazing threads that cover various topics like #JavaScript, #React, my favourite podcasts and many more...

👇#100DaysOfCode #CodeNewbie
Thread #1: This is the place where you can find most of the amazing resources, tutorials, code snippets, tips and tricks about #JavaScript. Happy Coding Days 😎

👇#100DaysOfCode #CodeNewbie #React
Thread #2: This is the place where you can learn most of the thing about #React. Find out some of the best resources, tutorials, code snippets, tips and tricks to enhance your React skills.

👇#100DaysOfCode #CodeNewbie #JavaScript #ReactHooks
Read 21 tweets
(1/12) ¿Cuál es el mejor stack tecnológico para un aplicación?

🅰️ Angular/Ionic = Frontend
🏗️ NestJS/GraphQL = API
💾 Couchbase = DB
🔃 Celery = Colas de tareas
☁️ Docker = Orquestador de servicios.

En este hilo explicó las razones👇
(2/12) 🅰️ #Angular posee características increíbles y es un Framework que permite tener una arquitectura sólida desde el inicio con código limpio.
(3/12) 📲 #Ionic y su ecosistema permite enfocarse en entregar valor y tener una UI/UX consistente para cualquier dispositivo, además que con capacitor se puede crear apps para Android/IOS/PWA/Electron.
Read 12 tweets
Gave a lightening talk about “Ways in which you can enable #canary deployments in @kubernetesio” at @DevOpsDaysIN #Kubernetes #deployments #k8s #DevOpsDaysIndia2019 Image
@traefik @IstioMesh @Linkerd I wrote a more detailed blog post about the same here if you're interested in digging deep in the analysis tasdikrahman.me/2019/09/12/way… #Kubernetes #traefik #canarydeployments #linkerd #istio
Read 3 tweets
This year's CFP is closed and the agenda is already published on our website jcconf.tw. If anyone is interested in submitting a proposal, plz consider JCConf 2020. Or you can DM me your information, I will contact you next year. 😊
If you don't understand Mandarin, don't worry about it. This year we have 10 English sessions too. So don't hesitate to join us. 🥳
This year we have many hot topics which include #Java, @springframework , #Scala, #FP, #Kotlin, @graalvm, @zipkinproject, #k8s, #Microservices, @intellijidea ...etc. There are so many fun topics I can't list all of them. Please join us. 😎
twjug.kktix.cc/events/jcconf-…
Read 4 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!