All about DevOps and Site Reliability Engineering Practices

Earlier in this post, we have talked about TLS Working model and configuring it for application in kubernetes . Basically any HTTPS server open for client connections, will present a server certificate to client to verify against its trusted certificate authorities and if success, it does basic TLS handshake. Its more of a validating whether sever domain is authentic, using server certificate. What if there is a security requirement where client needs a valid certificate before it access server content, this is where mutual authentication fits in. Its basically establishing secure encrypted communication between two parties and authenticity of each party will be verified at other party end with presented certificate against certificate authority. The following diagram demonstrates steps involved in mutual authentication 1. Client requests sever for its content 2. Server replies back by presenting its server certificate 3. Server's identity will be tested by client using

Releasing product is one of the critical phase of software development life cycle, so much brainstorming will go in to design versioning and release strategy for a product. In olden days, it was all different, applications were monolithic, build and release management teams used to build this, entirely as a package (.WAR or .EAR files) by creating one version and putting it in artifact repository, triggering a process to deploy package in application servers. Versioning is pretty straight forward because it is monolithic and treated as one application. Now things are changed, considering complexity and inflexibility of monolithic application, people has opted to build application as set of smaller and interconnected services called microservices. In effect of this, versioning and releasing of individual microservices and for overall application became complex. There are no straight forward principles which solves problem, it entirely depends on various factors like branching strateg

Sharing some of the tips and tricks, that will be helpful while operating on kubernetes clusters. * If you are working on multiple kubernetes clusters running with different versions, its hard to remember apiVersion for kubernetes objects.This can be sorted out by using following commands   kubectl api-resources : This will show kubernetes objects, their short names, kind and whether they can be namespaced. Here we can get apiGroup of the object we are looking for. If apiGroup is empty, it means object belongs to core api group(v1)     We can look for versions available for given api group by using kubectl api-versions command    kubectl api-versions   admissionregistration.k8s.io/v1beta1   apiextensions.k8s.io/v1beta1   apiregistration.k8s.io/v1   apiregistration.k8s.io/v1beta1   apps/v1   apps/v1beta1   apps/v1beta2   extensions/v1beta1      Order of kubernetes feature maturity:  v1alpha1 - v1alpha2..v1alphaN - v1beta1 - v1beta2..v1betaN - v1 , w

TLS basic working model:  Secure communication between the two entities is paramount in today's digital world. TLS provides the secure end to end communication between two machines over a network. Classic example of TLS model is accessing www.google.com(server) via browser(client). Following basic steps are involved * Client makes a call, when URL was entered in browser * Server sends its certificate * Browser will check any Root CA present for server certificate, if its present it will validate via digital sign. If not it asks user to trust the certificate, happens when we use self signed certificates. *  Client sends its certificates, will be verified at server, its optional * Once verification is done, it starts exchanging encrypting messages, which will be only decrypted using certs and keys at their end. Generating TLS certs: There are many tools in market through which we can generate certs. Openssl is one of the widely used opensource tool, we will use t

Jenkins script console is one of the key feature for administrators to automate tasks, troubleshoot on server side like cleaning up older job builds, deleting/creating bunch of jobs, setting up log rotation on all jobs etc. It's hard and monotonous for them to do this tasks from UI repeatedly. The following scripts certainly helps to maintain and operate Jenkins efficiently.