May 11, 2020

SSH login with yubikey using PIV

Introduction This article will take you through setting-up a yubikey to hold your SSH private key. It assumes that you have a PIV-enabled yubikey: PIV, or FIPS 201, is a US government standard. It enables RSA or ECC sign/encrypt operations using a private key stored on a smartcard (such as the YubiKey NEO), through common interfaces like PKCS#11. PIV is primarily used for non-web applications. It has built-in support under Windows, and can be used on OS X and Linux via the OpenSC project. Read more

May 3, 2020

Building docker images for multiple architectures

Introduction Since Kubernetes runs on the Raspberry PI I have been investigating ways to build my blog so that it can run on my x86 (Proxmox) as well as ARM Kubernetes cluster, composed of Raspberry PIs and an Nvidia Jetson Nano. This post will take you through my learnings of the taxonomy of architectures and platforms, as well as building docker images for multiple architectures. Architectures Well, I already knew that rpi has a different architecture than my Intel-based hardware, so let’s get into how these are named. Read more

May 2, 2020

Understanding Kubernetes' pod lifecycle: the readiness probe

Introduction Understanding Kubernetes' concepts is key to running highly available applications. This article will take you through the scenario of deploying a new version of a pod, and show how understanding the pod lifecycle and implementing a readiness probe will help you deploying new releases without downtime. Without a readiness probe Kubernetes will try to guess when your pod is ready, and then schedule traffic to it. If the pod has latency between the point-in-time when the container is running and when it can handle traffic, this will cause transactions to be dropped, a. Read more

April 19, 2020

Self-Service Operations: the Why? and the How?

Disclaimer The opinions depicted in this post are mine, not the ones of my employer. Introduction Self-service operations is a term coined by Damon Edwards from Rundeck to describe principles (and tools) that should guide operations in an enterprise, or any other organization that have more than one two pizza team. Why self-service operations is so important comes from the fact, that in large organizations teams depend on other teams (because there is a limit to the size of a team and to what their responsibility can encompass). Read more

April 13, 2020

Securing you kubernetes configuration. Not so simple!

Introduction There are lots of articles explaining what is important and what you should consider to securing your Kubernetes configurations, but I have not found that many guiding you through the steps of implementing these recommendations. And I am not talking about securing the code of the application (this is something that software engineers should be used to) or the containers (this is something for another time). These recommendations are in the realm of: Read more

Content licensed under CC BY 4.0