Chaos engineering has evolved in order to increase confidence in production environments when turbulent and erratic conditions suddenly occur. The main idea is to detect potential risk or failure points prior to those taking place and deal with them before they become cardinal issue and impact quality of service. On a kubernetes environment, the …Continue reading "Chaos kube on Openshit disconnected environment"
The following Linux capabilities describe how unprivileged processes (including those running in containers with a UID and GID of non-zero) these capabilities are per-thread capabilities and the allow an unprivileged process perform certain actions, pending permissions.
This document describes the different capabilities – their meaning and things to lookout for when deploying them on a production cluster.Continue reading "Kubernetes container security – Linux capabilities"
Installing sonatype nexus on Kubernetes with a Persistent volume. Prerequisites NFS server Internet connection Create persistent volume Make sure your NFS server is exporting the /data/k8s-pvs/pv015 directory and that all cluster nodes can reach the NFS server network wise. apiVersion: v1 kind: PersistentVolume metadata: name: nexuspv spec: capacity: storage: 100Gi volumeMode: Filesystem …Continue reading "Installing Nexus on Kubernetes"
Executive Summary This document describes the Risk factors, probability assessment and actions which should be taken when running an OCP environment in production. The document focuses on three main aspects: Application security risks (code), platform security risks (Kubernetes), Node security (cloud) and deployments (CD processes and containers) security risks. Risk Assessment methodology The document is …Continue reading "Kubernetes Security Risk Assessment"
This document aims to depict the main guidelines when producing, storing, testing and using programming products and making sure the outcome of every run on every Kubernetes cluster will be identical.Continue reading "Technical Artifacts considerations K8S aspects"