-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.html
341 lines (280 loc) · 20.5 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-us" lang="en-us">
<head>
<link href="//gmpg.org/xfn/11" rel="profile">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="generator" content="Hugo 0.86.0" />
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Dinesh Tech Bytes</title>
<link type="text/css" rel="stylesheet" href="https://dineshba.github.io/css/print.css" media="print">
<link type="text/css" rel="stylesheet" href="https://dineshba.github.io/css/poole.css">
<link type="text/css" rel="stylesheet" href="https://dineshba.github.io/css/syntax.css">
<link type="text/css" rel="stylesheet" href="https://dineshba.github.io/css/hyde.css">
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Abril+Fatface|PT+Sans:400,400i,700">
<link rel="apple-touch-icon-precomposed" sizes="144x144" href="/apple-touch-icon-144-precomposed.png">
<link rel="shortcut icon" href="/favicon.png">
<link href="https://dineshba.github.io/index.xml" rel="alternate" type="application/rss+xml" title="Dinesh Tech Bytes" />
</head>
<body class="theme-base-0d ">
<aside class="sidebar">
<div class="container sidebar-sticky">
<div class="sidebar-about">
<a href="https://dineshba.github.io/"><h1>Dinesh Tech Bytes</h1></a>
<p class="lead">
Website to share my learnings
</p>
</div>
<nav>
<ul class="sidebar-nav">
<li><a href="https://dineshba.github.io/">Home</a> </li>
<li><a href="https://github.com/dineshba/"> Github </a></li><li><a href="https://www.linkedin.com/in/dineshba/"> LinkedIn </a></li><li><a href="/talks"> My Talks </a></li><li><a href="https://stackoverflow.com/users/5305962/dinesh-balasubramanian"> Stackoverflow </a></li><li><a href="https://www.youtube.com/@dineshtechbytes"> Youtube </a></li>
</ul>
</nav>
<p>© 2023. All rights reserved. </p>
</div>
</aside>
<main class="content container">
<div class="posts">
<article class="post">
<h1 class="post-title">
<a href="https://dineshba.github.io/posts/encrypt-k8s-data/">Encrypt Kubernetes data at rest</a>
</h1>
<time datetime="2023-04-22T13:32:13+0530" class="post-date">Sat, Apr 22, 2023</time>
Notes/Snippets used in the video: Kubernetes stores all of its data in etcd. Apiserver is the only component which reads and writes data into etcd.
So, before storing data into etcd, we can ask apiserver to encrypt the data and while it retrieve data from etcd, we can ask apiserver to decrypt the data.
When we start api-server, we have to provide the encryption config with below flag:
<div class="read-more-link">
<a href="/posts/encrypt-k8s-data/">Read More…</a>
</div>
</article><article class="post">
<h1 class="post-title">
<a href="https://dineshba.github.io/posts/identity-federation/">Identity Federation</a>
</h1>
<time datetime="2021-12-15T00:50:33+0530" class="post-date">Wed, Dec 15, 2021</time>
Before Identity Federation, lets talk about How are we accessing resources in Cloud
Accessing resources in Cloud Note: Application needs access to consume the above resources
Examples of above diagram Application running in on-prem accessing GCP resources (like gcs bucket, container registry, S3, vault, etc) Application running in other cloud accessing GCP resources Github actions trying to deploy/create resources in Azure Jenkins running in Kubernetes trying to deploy things to AWS Application running in GCP cloud function trying to access to aws resource Using Identities of that cloud Create an Identity Attach permissions Create key/secret/token for that identity Share the key with application What are the problems of using cloud identity outside that cloud ?
<div class="read-more-link">
<a href="/posts/identity-federation/">Read More…</a>
</div>
</article><article class="post">
<h1 class="post-title">
<a href="https://dineshba.github.io/posts/terraform_state_mv/">Rename terraform module name or resource name without recreating it</a>
</h1>
<time datetime="2021-09-01T01:12:28+0530" class="post-date">Wed, Sep 1, 2021</time>
Lets say you want to rename your module after terraform is applied atleast once.
Example: Lets say you have a module access
module "access" { source = "..." variables = "..." } and you want to rename it to iam like
module "iam" { source = "..." variables = "..." } Normal ways: By destroying and recreating Option1: Comment the module and apply (which will destroy it). And then rename and apply it (which will create it with new name) Option2: Using target destroy and apply like below terraform apply -destroy -target module.
<div class="read-more-link">
<a href="/posts/terraform_state_mv/">Read More…</a>
</div>
</article><article class="post">
<h1 class="post-title">
<a href="https://dineshba.github.io/posts/terraform_deadlocks/">Avoid Deadlocks in Terraform</a>
</h1>
<time datetime="2021-07-29T16:12:28+0530" class="post-date">Thu, Jul 29, 2021</time>
Recently I encountered a problem with the terraform code that I have written. It created a deadlock between resources.
Example Problem Solutions References Example resource "google_compute_instance_template" "instance_template" { } resource "google_compute_instance_group_manager" "igm" { version { instance_template = google_compute_instance_template.instance_template.id } } Note: resource google_compute_instance_group_manager dependson resource google_compute_instance_template
Problem Whenever there is a change in config of google_compute_instance_template, terraform will delete and create it freshly (as google_compute_instance_template is immutable resource)
<div class="read-more-link">
<a href="/posts/terraform_deadlocks/">Read More…</a>
</div>
</article><article class="post">
<h1 class="post-title">
<a href="https://dineshba.github.io/posts/github-actions-approval/">Github actions with Manual Approval Jobs</a>
</h1>
<time datetime="2021-07-21T08:05:15+0530" class="post-date">Wed, Jul 21, 2021</time>
Lets say we use terraform and github actions for ci/cd.
We will have plan and apply steps like below
name: 'Terraform' on: [push, pull_request] jobs: check_lint: #.... check_vulnerability: needs: check_lint #... plan_and_apply: name: 'Plan and Apply' runs-on: ubuntu-latest needs: check_vulnerability steps: - name: Checkout uses: actions/checkout@v2 - name: Setup Terraform uses: hashicorp/setup-terraform@v1 - name: Terraform Init run: terraform init - name: Terraform Plan run: terraform plan - name: Terraform Apply run: terraform apply -auto-approve How to make it approval based ?
<div class="read-more-link">
<a href="/posts/github-actions-approval/">Read More…</a>
</div>
</article><article class="post">
<h1 class="post-title">
<a href="https://dineshba.github.io/posts/git-access-management/">Access management for github at scale</a>
</h1>
<time datetime="2020-12-18T17:49:40+0530" class="post-date">Fri, Dec 18, 2020</time>
In order to manage multiple users in a github organization, it is best to create multiple teams with different access and add users to the necessary teams.
Example: OrgName: example Teams: # each team will have different repo access - frontend - backend - devops Members: - name: dineshba teams: devops, backend - name: another-dev teams: frontend - name: some-tech-lead teams: frontend, backend,devops Hope the above yaml explains the concept of organization, teams and team-memberships at high level
<div class="read-more-link">
<a href="/posts/git-access-management/">Read More…</a>
</div>
</article><article class="post">
<h1 class="post-title">
<a href="https://dineshba.github.io/posts/history/">Terminal: History Matters</a>
</h1>
<time datetime="2020-07-12T13:32:13+0530" class="post-date">Sun, Jul 12, 2020</time>
For more productive, it is better to reuse the commands in history. In order to do that
Save more history Optimize the history Able to find and reuse history easily Save more history # bashrc/zshrc/etc #### increase history size export HISTSIZE=1000000 export HISTFILESIZE=1000000 #### Note: You can specify how big you want
Optimize the history Remove the duplicates in the histroy file Keeps the last entry when there is a duplicate (to maintain the order) I wrote a simple scirpt in nim programming language for the bash_history file.
<div class="read-more-link">
<a href="/posts/history/">Read More…</a>
</div>
</article><article class="post">
<h1 class="post-title">
<a href="https://dineshba.github.io/posts/gitfetcher/">Gitfetcher</a>
</h1>
<time datetime="2020-06-26T15:38:55+0530" class="post-date">Fri, Jun 26, 2020</time>
Why I will not do git fetch or git pull ? Because I have automated it.
Highly inspired from bash-git-prompt. If you are already using it (or equivalent of it), below custom script may be useful to you.
Problem Statement:
Whenever I jump into the git directory, I do git pull And sometimes I forget to do it which might create conflicts So created a script, which will do git fetch
<div class="read-more-link">
<a href="/posts/gitfetcher/">Read More…</a>
</div>
</article><article class="post">
<h1 class="post-title">
<a href="https://dineshba.github.io/posts/kubernetesusers/">There are no users in Kubernetes</a>
</h1>
<time datetime="2020-06-20T22:58:45+0530" class="post-date">Sat, Jun 20, 2020</time>
Where is user information stored in kubernetes ? Kubernetes will not store the user details.
Then how kubernetes is able to do the Authentication ? Using CA certificates We can configure to use CA authority Create CA certificates with user name and sign it with kubernetes CA certificate will have the user data (not the kubernetes). Kubernetes will only validate the certificate. Using external systems As it is deligating this authentication to external systems, we can easily onboard users into the kubernetes.
<div class="read-more-link">
<a href="/posts/kubernetesusers/">Read More…</a>
</div>
</article><article class="post">
<h1 class="post-title">
<a href="https://dineshba.github.io/posts/openrc/">Openrc</a>
</h1>
<time datetime="2020-05-19T21:31:36+0530" class="post-date">Tue, May 19, 2020</time>
Problem Statement: After doing git push how many of us wanted to see the
status of the pipeline new commits in github/gitlab ui new artifacts in the nexus repo wiki page of the git repo To be generic, you want to open a particular url after an action. How can we achieve it easily ?
Solution: Put this openrc script file in the path (so that we can invoke this from anywhere) Eg: /usr/local/bin/openrc
<div class="read-more-link">
<a href="/posts/openrc/">Read More…</a>
</div>
</article><article class="post">
<h1 class="post-title">
<a href="https://dineshba.github.io/posts/csrf/">CSRF and its protection</a>
</h1>
<time datetime="2020-05-08T19:27:40+0530" class="post-date">Fri, May 8, 2020</time>
What is Cookie ? An HTTP cookie (web cookie, browser cookie) is a small piece of data that a server sends to the user’s web browser. The browser may store it and send it back with the next request to the same server. source
Note: It is sent to the server back by the browser by default
Cross-Site Request Forgery (CSRF) Lets say you logged into the bank website and the bank website uses cookies to store the user authentication details (say sessionId or oauth tokens)
<div class="read-more-link">
<a href="/posts/csrf/">Read More…</a>
</div>
</article><article class="post">
<h1 class="post-title">
<a href="https://dineshba.github.io/posts/terraform_state/">Fix corrupted Terraform state</a>
</h1>
<time datetime="2020-03-11T20:12:28+0530" class="post-date">Wed, Mar 11, 2020</time>
Lets say you corrupte your terraform state. There are multiple ways in which you can corrupte it. So I am not gonna tell how we corrupted it.
In order to fix it,
You have to remove unneccassary resources from the state. terraform state rm resource.resource_id #eg: terraform state rm google_container_node_pool.node_pool #eg: terraform state rm google_container_cluster.cluster You have to import the actual state into the state file (Make sure import is available for your resource) terraform import resource.
<div class="read-more-link">
<a href="/posts/terraform_state/">Read More…</a>
</div>
</article><article class="post">
<h1 class="post-title">
<a href="https://dineshba.github.io/posts/minikube/">Which scheduler scheduled the scheduler in minikube ?</a>
</h1>
<time datetime="2019-12-25T13:10:48+0530" class="post-date">Wed, Dec 25, 2019</time>
In oneliner, minikube is a tool that makes it easy to run Kubernetes locally.
In kube-system namespace, we can see result like below,
$ kubectl get pods -n kube-system -o name -l tier=control-plane pod/etcd-minikube pod/kube-apiserver-minikube pod/kube-controller-manager-minikube pod/kube-scheduler-minikube #scheduler is running, but who scheduled ? Whenever we create pod(rs/deployments/sts/ds), Scheduler is the one which schedules this pods into any of the available node (in minikube, there is only one). In minikube, kube-scheduler-minikube is the one who schedules.
<div class="read-more-link">
<a href="/posts/minikube/">Read More…</a>
</div>
</article><article class="post">
<h1 class="post-title">
<a href="https://dineshba.github.io/posts/not_all_machines_are_pingable/">Not all machines are pingable</a>
</h1>
<time datetime="2019-12-12T22:16:35+0530" class="post-date">Thu, Dec 12, 2019</time>
To check if a machine(IP) is reachable, I only used ping. If ping is not working, then I will come to a conclusion that IP is not reachable. If you are like me, please read further.
How Ping works? Ping sends the ICMP Echo to the given IP and waits for the ICMP Echo Reply. If we get the Echo Reply, then ICMP server in the given IP is able to send response to our Echo request.
<div class="read-more-link">
<a href="/posts/not_all_machines_are_pingable/">Read More…</a>
</div>
</article><article class="post">
<h1 class="post-title">
<a href="https://dineshba.github.io/posts/resolve_vs_reach/">Resolve vs Reach</a>
</h1>
<time datetime="2019-12-10T08:46:06+0530" class="post-date">Tue, Dec 10, 2019</time>
I have seen lot of people confuse between resolving dns vs reach IP. So this small blog.
Inorder to get data from any computer we need to know the address of the computer which is IP address. Let’s say we want to get some data from google and its IP is 172.217.31.196 (currently). Its very hard to remember this IP and also they can have multiple machines(IPs) which will give the same data (horizontal scaling).
<div class="read-more-link">
<a href="/posts/resolve_vs_reach/">Read More…</a>
</div>
</article><article class="post">
<h1 class="post-title">
<a href="https://dineshba.github.io/posts/oss/">My OSS Journey</a>
</h1>
<time datetime="2019-09-04T22:45:25+0530" class="post-date">Wed, Sep 4, 2019</time>
I would love to quickly share my OSS Journey. I will keep it very short. I am writing this now (on September 2019), because I am gonna celebrate my first anniversary of my OSS journey by this October.
Before one year (October 2018) Now (September 2019) No PRs to any tools/libs 31 PRS (25 Merged, 3 Open, 3 Closed) refer Know at hight level what the tool is doing Know what internally it is happening (you might get to know which function is getting called :-P) Okay to live with bugs Raise issue or fix the bug (refer) Okay to live with existing feature Trying to think what feature is helpful for me (and for others also) Not attached to any tool/lib Feeling proud about the tool/lib People from different planet can only contribute No they are just like me No tools by me Have atleast one tool (gg) Nothing special about me My resume shines No cool tshirts Have two tshirts (Hacktoberfest, TW Internal hacktoberfest) Note: You have to be logged in github to see the above pr and issue links
<div class="read-more-link">
<a href="/posts/oss/">Read More…</a>
</div>
</article><article class="post">
<h1 class="post-title">
<a href="https://dineshba.github.io/posts/theme/">Theme of my website</a>
</h1>
<time datetime="2019-08-31T00:50:33+0530" class="post-date">Sat, Aug 31, 2019</time>
Backbone of my website: I am using hugo to build this website. Thanks to Aswin Karthik for his blog by which I setup this website. Just write markdown files and push, and travis-ci will publish your website. So cool !!!.
There are lot of themes available here. After some search, I landed to current theme which is hyde. I really liked the theme and it saved lot of my time. This theme gives lot of options to customize our website.
<div class="read-more-link">
<a href="/posts/theme/">Read More…</a>
</div>
</article><article class="post">
<h1 class="post-title">
<a href="https://dineshba.github.io/posts/fzf/">How I am using fzf for every 5 min of my programming life</a>
</h1>
<time datetime="2019-08-31T00:41:10+0530" class="post-date">Sat, Aug 31, 2019</time>
Installation for new users $ brew install fzf $ $(brew --prefix)/opt/fzf/install # useful key bindings and fuzzy completion Note: Its better to use key bindings and fuzzy completion
Default options that I use export FZF_DEFAULT_OPTS='--height 40% --reverse --border' My usages To Search in command history: CTRL + R
To Change directory: cd + (CTRL + T) # type cd and then press CTRL plus T or cd ** + TAB To find and open files in vim(or any editor): vim $(fzf) vim + (CTRL + T) vim ** + TAB vim $(fzf --preview 'cat {}') You can even search and open multiple files using tab
<div class="read-more-link">
<a href="/posts/fzf/">Read More…</a>
</div>
</article><article class="post">
<h1 class="post-title">
<a href="https://dineshba.github.io/posts/exec/">Super cool exec command</a>
</h1>
<time datetime="2019-08-27T22:56:45+0530" class="post-date">Tue, Aug 27, 2019</time>
exec (built-in command) We can use exec for two use cases (as far as I learned today :-P)
To create independent shell from current shell Usual way:
$ bash # created a bash shell $ #do whatever you wanted $ exit # will go back to the shell which it created Using exec:
$ exec bash #created a bash shell and killed the current shell $ #do whatever you wanted $ exit # will not go back to the shell which it created.
<div class="read-more-link">
<a href="/posts/exec/">Read More…</a>
</div>
</article><article class="post">
<h1 class="post-title">
<a href="https://dineshba.github.io/talks/">My Talks</a>
</h1>
<time datetime="2019-08-27T20:05:50+0530" class="post-date">Tue, Aug 27, 2019</time>
Recent Top
Deploying application securely using Hashicorp Vault
Secret Management becomes tedious while dealing with a lot of users/applications. Let's try to deploy a sample application using Jenkins CI/CD to Kubernetes cluster with Hashicorp vault and understand how vault is able to solve it seamlessly. Power of Hashicorp Vault and it’s internal
As we are started moving all our infra to cloud,secret management for the applications and also for the developers/infra admin is the challenging task.
<div class="read-more-link">
<a href="/talks/">Read More…</a>
</div>
</article><article class="post">
<h1 class="post-title">
<a href="https://dineshba.github.io/about/">About</a>
</h1>
<time datetime="2019-08-26T20:05:50+0530" class="post-date">Mon, Aug 26, 2019</time>
I’m a coding freak who is always interested in solving/seeking challenging problems.
Being in Thoughtworks, I found a lot of opportunities to work in various domains, few of them being - devops tools(docker, kubernetes, terraform, etc), mobile(both iOS and Android), micro services architecture.
In all experiences on my projects, we have used a ton of open source tools and benefited a lot. After taking a lot from community I felt its only natural to give back as well.
<div class="read-more-link">
<a href="/about/">Read More…</a>
</div>
</article>
</div>
</main>
<script type="application/javascript">
var doNotTrack = false;
if (!doNotTrack) {
window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date;
ga('create', 'UA-146789724-1', 'auto');
ga('send', 'pageview');
}
</script>
<script async src='https://www.google-analytics.com/analytics.js'></script>
</body>
</html>