Chaos kube on Openshit disconnected environment

Chaos engineering has evolved in order to increase confidence in production environments when turbulent and erratic conditions suddenly occur. The main idea is to detect potential risk or failure points prior to those taking place and deal with them before they become cardinal issue and impact quality of service.   On a kubernetes environment, the …

Continue reading "Chaos kube on Openshit disconnected environment"

Kubernetes container security – Linux capabilities

The following Linux capabilities describe how unprivileged processes (including those running in containers with a UID and GID of non-zero) these capabilities are per-thread capabilities and the allow an unprivileged process perform certain actions, pending permissions.

This document describes the different capabilities – their meaning and things to lookout for when deploying them on a production cluster.

Continue reading "Kubernetes container security – Linux capabilities"

Installing Nexus on Kubernetes

Installing sonatype nexus on Kubernetes with a Persistent volume.   Prerequisites   NFS server Internet connection   Create persistent volume Make sure your NFS server is exporting the /data/k8s-pvs/pv015 directory and that all cluster nodes can reach the NFS server network wise. apiVersion: v1 kind: PersistentVolume metadata: name: nexuspv spec: capacity: storage: 100Gi volumeMode: Filesystem …

Continue reading "Installing Nexus on Kubernetes"

Kubernetes   Security Risk Assessment

Executive Summary This document describes the Risk factors, probability assessment and actions which should be taken when running an OCP environment in production. The document focuses on three main aspects: Application security risks (code), platform security risks (Kubernetes), Node security (cloud) and deployments (CD processes and containers) security risks. Risk Assessment methodology The document is …

Continue reading "Kubernetes   Security Risk Assessment"

Openshift on opennebula CNI not loading

I recently encountered a problem while deploying Openshift on Opennebula based VMs. Because Opennebula uses contextualization, it disables network manager which in turn causes problems when Openshift tries to start the SDN pods (no cni found). There were a couple of challenges  but the one that buffed me the most was the NM_CONTROLLED=no which kept …

Continue reading "Openshift on opennebula CNI not loading"