June 20, 2019

kubernetes cloud disaster recovery

Introduction I run my workloads (blog, different apps) on my homelab server (proxmox) and kubernetes, because I can. I have been working on backup as well as automated provisioning of Azure Kubernetes Service (aks) lately so I thought why not put both together and automate a disaster recovery scenario. Depending on conditions the azure provisioning time may vary but based on different tests the end-to-end process takes about 15 minutes. Read more

June 10, 2019

kubernetes backup to Azure with velero

Introduction I run my workloads on a kubernetes cluster in my my homelab and wanted to create an offsite (cloud) backup. Velero (formerly ark) is a neat project that supports a lot of options and cloud providers so I decided to take it for a spin. My specific scenario is currently only iaming at backing up the kubernetes objects from a selected list of namespaces; backing up state (e.g. databases) will come later, either with velero or with another tool like stash: I have not decided yet. Read more

March 2, 2019

Locating ssh hackers

Introduction Have you ever read an article and thought: I want to build this? Well that happened to me while reading Geolocating SSH Hackers In Real-Time, so I decided to build it. I am into kubernetes these days so I decided that I would host the showcase on my kubernetes lab environment: - I run a proxmox server with 64 cores and 256 GB of RAM, that is reachable over ssh from the internet (pub/priv-key login only). Read more

February 23, 2019

Protect critical Kubernetes namespaces with Open Policy Agent

Introduction Open Policy Agent is an open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack. OPA provides greater flexibility and expressiveness than hard-coded service logic or ad-hoc domain-specific languages and comes with powerful tooling to help anyone get started. In this post we will explore OPA with the purpose of implementing a policy that prevents from inadvertedly deleting kubenetes namespaces annotated with protected: "yes". Read more

Content licensed under CC BY 4.0