Year: 2019

How To Build a Serverless CI/CD Pipeline On AWS

“How To Build a Serverless CI/CD Pipeline On AWS” is a nice guide to some of the newer Amazon AWS services, targeted at developers and DevOps. It shows how to tie together the following:

Amazon EC2 (server instances)
Docker (containers)
Amazon ECR (Elastic Container Registry)
Amazon S3 (storage)
Amazon IAM (Identity and Access Management)
Amazon CodeBuild (Continuous Integration)
Amazon CodePipeline (Continuous Delivery)
Amazon CloudWatch (monitoring)
Amazon CloudTail (logs)

The examples in the article are for setting up the CI/CD pipeline for .NET, but they are easily adoptable for other development stacks.

Introduction to Microservices, Docker, and Kubernetes

There is plenty of documentation, tutorials, and guides online, explaining Docker containers, Kubernetes container orchestration, and microservices. Here are a few that I found useful for the quick and simple introduction into these technologies and how to tie them together.

Firstly, some basic 101s:

Secondly, “Introduction to Microservices, Docker, and Kubernetes” YouTube video nicely puts all the things together, with complete code and configuration examples, some glue, and extra tips.

And finally, a few bits that you might need to solve on the way, which are not necessarily related, but can throw you off:

Some of the virtualization bits (such as VirtualBox) might fail to run properly if you have Secure Boot enabled. To solve this problem, reboot the machine, go to the BIOS, and disable Secure Boot (enable Legacy Mode).
Additionally, while you are there, check for the Virtualization Technology settings. Enable Virtualization Technology in the BIOS to further smooth out VirtualBox and friends.
While working on your first minikube cluster (sorting out VirtualBox and such), it helps to completely remove and start again, after sorting out any issues that prevent Kubernetes to start (proxy timeouts, etc). A quick “minikube delete && minikube start” will save you some time on troubleshooting weird issues, than just “minikube start” after a failure.

Have fun!

A Deep Dive into Iptables and Netfilter Architecture

It’s been a while since I had to dive into the iptables and netfilter. These days I mostly have to do some basic configuration here and there, with occasional adjustments or troubleshooting (less and less so, thanks to Amazon AWS). But if drilled on the details, I quickly lose my confidence. In an effort to refresh my memory, I looked around for a blog post or an article that is short and simple, yet deep enough for me to brush some rust of. I found “A Deep Dive into Iptables and Netfilter Architecture” very helpful.

Turns out, the bit I needed the most was this one:

Chain Traversal Order
Assuming that the server knows how to route a packet and that the firewall rules permit its transmission, the following flows represent the paths that will be traversed in different situations:
* Incoming packets destined for the local system: PREROUTING -> INPUT
* Incoming packets destined to another host: PREROUTING -> FORWARD -> POSTROUTING
* Locally generated packets: OUTPUT -> POSTROUTING

Technical documentation is so much easier these days. I remember the old days of manual pages and HOWTO guides, and I think we’ve made a lot of progress.

Docker and Kubernetes in high security environments

“Docker and Kubernetes in high security environments” is an interesting case-study from the Swedish Police Authority, on how to setup and maintain a high security configuration of Docker and Kubernetes.

Not something that you’d think of on a daily basis, but a very handy guide for a weekend reading, or for a priority target scenario.

Kubernetes, Kubeadm, and the AWS Cloud Provider

Scott Lowe shares an updated setup of Kubernets on the Amazon AWS. This blog post covers some of the bits in Kubeadm, which have been updated and improved, since his previous post on the subject some time last year.

If you are working with Amazon AWS, Kubernetes, Docker, VMWare, or other related technologies, I can’t recommend his blog high enough.