Thursday, May 16, 2024

Explore Azure devops heaven Demo and Lab

 

  1. Azure DevOps Hands-On Labs:

    • These labs provide practical, hands-on experience with Azure DevOps services.
    • Topics covered include agile planning, version control, continuous integration, test planning, and more.
    • Explore various aspects of DevOps using Azure DevOps tools and services.
    • Access the labs at Azure DevOps Hands-On Labs1.

  2. Azure DevOps Demo Generator:

    • A tool that creates pre-configured projects in your Azure DevOps organization.
    • Generates sample content, including source code, work items, iterations, service endpoints, and build/release definitions.
    • Ideal for experimenting, learning, or demonstrating Azure DevOps features.
    • Access the generator at Azure DevOps Demo Generator2.

Feel free to explore these resources further! 😊🚀

Posted by at No comments :
Labels:

AKS speedup image pull time using new artifact streaming ACR

 Artifact Streaming is a feature in Azure Container Registry (ACR) that allows you to store container images within a single registry and stream them to Azure Kubernetes Service (AKS) clusters in multiple regions. Here are the key points:

  1. Purpose:

    • Accelerate containerized workloads for Azure customers using AKS.

    • Improve image pull times and reduce deployment delays.

  2. How It Works:

    • Artifact Streaming enables streaming of container images from ACR to AKS.

    • AKS only pulls necessary layers during initial pod startup, optimizing image retrieval.

    • Ideal for images <30GB; reduces time to pod readiness by over 15%.

  3. Prerequisites:

    • Existing AKS cluster with ACR integration.

    • Kubernetes version 1.25 or later.

    • Supported on Ubuntu 22.04, Ubuntu 20.04, and Azure Linux node pools (not Windows).

  4. Implementation Steps:

    • Install the aks-preview CLI extension.

    • Register the ArtifactStreamingPreview feature flag in your subscription.

    • Enable Artifact Streaming on ACR.

Remember that AKS preview features are provided “as is” and aren’t meant for production use. If you need more details or have further questions, feel free to ask! 😊🚀

References https://learn.microsoft.com/en-us/azure/aks/artifact-streaming#enable-artifact-streaming-on-acr

https://learn.microsoft.com/en-us/azure/container-registry/container-registry-artifact-streaming?pivots=development-environment-azure-portal

Posted by at No comments :
Labels:

Tuesday, May 14, 2024

AKS Lens extension Resource Map Visualiser

 LensApp Extensions

Lens is a powerful Kubernetes IDE that provides a user-friendly interface for managing and interacting with Kubernetes clusters. Extensions enhance Lens by adding new features, visualizations, and integrations. Here are some notable Lens extensions:

  1. Resource Map Extension:

    • Description: The Resource Map extension displays Kubernetes resources and their relationships as a real-time force-directed graph.

    • GitHub Repository: You can find the extension’s code and documentation on its GitHub repository.

    • Installation:

      • For Lens 5 and above:

        1. Install Lens (if not already installed).

        2. Open the Extensions view (CMD+SHIFT+E on macOS) in Lens.

        3. Enter @nevalla/kube-resource-map into the Install Extension box.

        4. Click the Install button.

      • For Lens 4:

        1. Install Lens (if not already installed).

        2. Download version 0.2.0 tarball from the repository.

        3. Open the Extensions view in Lens.

        4. Select the tarball file from your filesystem.

        5. Click the Install button.

    • Features:

      • Real-time visualization of Kubernetes resources (pods, services, deployments, etc.) and their connections.

      • Helps identify dependencies, bottlenecks, and potential issues.

      • Provides an intuitive way to explore your cluster’s architecture.

    • Usage:

      • Once installed, open Lens and navigate to the Resource Map extension.

      • Explore the graph, zoom in/out, and click on nodes to view details.

      • Customize the display by filtering resources or adjusting settings.

    • Updates: The extension is actively maintained, with periodic releases. Check the releases page for the latest updates1.

  2. GKE Sync Extension:

    • Automatically syncs Google Kubernetes Engine (GKE) projects and clusters with Lens.

    • Simplifies management of GKE resources within Lens.

  3. Debug Pods Extension:

    • Allows easy debugging of pods directly from the Lens menu.

Remember to explore other Lens extensions as well! They can significantly enhance your Kubernetes management experience. 😊

Feel free to ask if you need further details or have any other questions! 🚀

References:

  1. Releases · nevalla/lens-resource-map-extension · GitHub 

  1. nevalla/lens-resource-map-extension: Lens - GitHub 

  1. GitHub - lensapp/lens-extensions: List of Lens Extensions 

Posted by at No comments :
Labels:

Wednesday, May 8, 2024

Why we should care? Secure coding and OWASP top 10

When you ask about secure coding to any developer , you might get different answers and it might be bit flakky. OWASP on other hand gives us a shared vocabulary based on which we can talk about and elaborate. It tells ways to implement secure coding in our project.

Some of you might think that I don't have that much data. My project is not that level, I don't even think I'm a target. Well, How about this? A small breaches account for $4M per incident. Sure, that $4M will not come out of your pocket as a developer. But, how would you feel if your name is attached to the commit that introduced the vulnerabilities. Then you might argue what about firewall blocking those request , how about peneteration test that could have caught the actual issue from causing and what about code review must have missed it , so on and so forth. We are tangled into when and how did this happen? Right, The truth is can't patch your way out of being hacked. You can't know all the risks and you can't rely on someone to take care.

When database for sotware vulnerabilies was created in 1999 only 894 unique vulnerabilities was documented and filed. Now, last year alone they have added 20K+ unique vulnerabilities, with this there is a way to handle these vulnerabilities with confidence with ever evolving risk landscape to get ahead and stay ahead. And that's what OWASP open web application security project, does the best. It is community of developers and security professional who creates a useful and cleary organised projects providing solutions for many common problems and application security. OWASP provides top 10 lists every year, ranking and categorising risks and knowing those risks as a good starting point. OWASP provides list of general controls that should be implemented in every projects.

Posted by at No comments :
Labels:

Simple understanding of Encryption Encoding and Hashing

Encoding

Hashing

Encryption

Reversible transformation of data format, used to preserve the usability of data.

  • Base64 for binary format for files, images through text , JWT Token

  • Unicode complex data such as emojis

  • URL encoding dealing with spaces , characters in url etc

A one-way summary of data that cannot be reversed and is used to validate the integrity of data.

Two identical data with same salt generate same hashed data

Two different data with same salt generate different hashed data

For e.g password entered combined with salt generate hashed password.

SHA512 - Secure Hash Algorithm

Secure encoding of data used to protect the confidentiality of data.

Symmetric Encryption: Same key used to encrypt and decrypt data .
Algorithm AES Advanced

Encryption Standard

Asymmetric Public key: Different key to encypt and decrypt data

Algorithm RSA

 Reference
https://www.packetlabs.net/posts/encryption-encoding-and-hashing/

Encoding, Encryption, and Hashing (auth0.com)

Posted by at No comments :
Labels:

Change web config file in AKS Pods at runtime for .net application

Change web.config at runtime in PODS hosted in IIS

We should always do the changes to web.config with the normal process of app code build image and deploy through the pipeline, however in very rare situation where we have fix things very quickly on the fly below method can be adopted. 

# Change web.config inside running Windows container

Exec into the running pod

kubectl exec -i <pod_name> -n <app namespace> -- powershell

Go to webapp root folder, find and replace web.confg setting required

cd ../inetpub/wwwroot


$find='<add key="someAppSetting" value="true"/>' $replace='<add key="someAppSetting" value="false"/>' (gc web.config).replace($find, $replace) | sc web.config select-string tracingEnabled web.config 

# Do not stop start or iisreset. Be carfeul not to restart IIS because that will terminate the container. 
# Instead, recycle the AppPool. This will fix most hangs and is so much more efficient.

stop-iissite "Default Web Site" start-iissite "Default Web Site" get-iissite


# Restart default app pool 

Restart-WebAppPool -Name "DefaultAppPool"  

Posted by at No comments :
Labels:
Subscribe to: Posts ( Atom )