I was struggling to find the place where I can change the password for my Jenkins CI account, for sites such as: -
https://issues.jenkins-ci.org/login.jsp
https://issues.jenkins-ci.org/secure/Dashboard.jspa
https://issues.jenkins-ci.org/secure/ManageRapidViews.jspa
https://issues.jenkins-ci.org/projects/WEBSITE/issues/WEBSITE-637?filter=allopenissues
Well, I found it .....
Security through obscurity perhaps ....
https://accounts.jenkins.io/myself/
from where I can add my GitHub ID, add SSH public keys and ..... CHANGE MY FLIPPING PASSWORD.
Good to know !
Wednesday, 18 December 2019
More on Kubernetes - Security
Right now, I'm focused upon Kubernetes security, and these are *some* of my reading / listening materials: -
The Path Less Traveled: Abusing Kubernetes Defaults - Ian Coldwater and Duffie Cooley
K8s Root Demo ( Duffie Cooley again )
Attacking and Defending Kubernetes, with Ian Coldwater
2018-039-Ian Coldwater, kubernetes, container security
plus this: -
Kubernetes via Wikipedia
The Path Less Traveled: Abusing Kubernetes Defaults - Ian Coldwater and Duffie Cooley
K8s Root Demo ( Duffie Cooley again )
Attacking and Defending Kubernetes, with Ian Coldwater
2018-039-Ian Coldwater, kubernetes, container security
plus this: -
Kubernetes via Wikipedia
Tuesday, 17 December 2019
Getting back to basics ... using kubectl to explain ... (almost) everything
Found this in a deck related to K8s security: -
The Path Less Traveled: Abusing Kubernetes Defaults
kubectl explain pods
KIND: Pod
VERSION: v1
DESCRIPTION:
Pod is a collection of containers that can run on a host. This resource is
created by clients and scheduled onto hosts.
FIELDS:
apiVersion
APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind
Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata
Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
spec
Specification of the desired behavior of the pod. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
status
Most recently observed status of the pod. This data may not be up to date.
Populated by the system. Read-only. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
kubectl explain nodes
kubectl explain deployments
kubectl explain secrets
kubectl explain roles
kubectl explain replicasets
etc.
In essence, anything that's covered by: -
kubectl api-resources
The Path Less Traveled: Abusing Kubernetes Defaults
kubectl explain pods
KIND: Pod
VERSION: v1
DESCRIPTION:
Pod is a collection of containers that can run on a host. This resource is
created by clients and scheduled onto hosts.
FIELDS:
apiVersion
APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind
Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata
Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
spec
Specification of the desired behavior of the pod. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
status
Most recently observed status of the pod. This data may not be up to date.
Populated by the system. Read-only. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
kubectl explain nodes
kubectl explain deployments
kubectl explain secrets
kubectl explain roles
kubectl explain replicasets
etc.
In essence, anything that's covered by: -
kubectl api-resources
can be explained 🤣
Istio Explained - Getting Started with Service Mesh
This popped up on Twitter a short while ago: -
Istio Explained - Getting Started with Service Mesh
Microservices can be complicated and difficult to manage, but with this practical guide, you'll learn how service meshes can help you control interactions between the services in your application. Explore what a service mesh is and how it works using Istio—an open source service mesh for managing and securing microservices.
Istio Explained - Getting Started with Service Mesh
It's a free ebook available from my employer, IBM, written by two colleagues, Lin Sun and Daniel Berg
Enjoy !
Istio Explained - Getting Started with Service Mesh
Microservices can be complicated and difficult to manage, but with this practical guide, you'll learn how service meshes can help you control interactions between the services in your application. Explore what a service mesh is and how it works using Istio—an open source service mesh for managing and securing microservices.
Istio Explained - Getting Started with Service Mesh
Enjoy !
Kubernetes - Now the learning really really begins ...
As we hasten towards the end of 2019, my ongoing voyage of discovery that is Kubernetes really really kicks into gear ....
To that end, I've followed a number of useful sources, including: -
Kubernetes on bare-metal in 10 minutes
How to Install and Configure Kubernetes and Docker on Ubuntu 18.04 LTS
Kubernetes Concepts
Quickstart for Calico on Kubernetes
to get a basic four node Kubernetes 1.17 cluster up and running across four Ubuntu VMs.
I'm now starting to play with various aspects of K8s, including labels and taints ...
I also found this to be rather fun: -
What even is a kubelet?
which explained how one can drop a YAML such as this: -
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- name: nginx
image: nginx
ports:
- containerPort: 80
into here: -
/etc/kubernetes/manifests
To that end, I've followed a number of useful sources, including: -
Kubernetes on bare-metal in 10 minutes
How to Install and Configure Kubernetes and Docker on Ubuntu 18.04 LTS
Kubernetes Concepts
Quickstart for Calico on Kubernetes
to get a basic four node Kubernetes 1.17 cluster up and running across four Ubuntu VMs.
I'm now starting to play with various aspects of K8s, including labels and taints ...
I also found this to be rather fun: -
What even is a kubelet?
which explained how one can drop a YAML such as this: -
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- name: nginx
image: nginx
ports:
- containerPort: 80
into here: -
/etc/kubernetes/manifests
and have K8s automagically spin up a pod ( collection of containers ) without fanfare ...
kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
default nginx-hatches1.fyre.ibm.com 1/1 Running 0 13m
kube-system calico-kube-controllers-74c9747c46-vdp6w 1/1 Running 0 21h
kube-system calico-node-cf4mb 0/1 Running 0 21h
kube-system calico-node-h55m5 1/1 Running 0 21h
kube-system calico-node-jdcs5 1/1 Running 0 21h
kube-system calico-node-m6c9k 1/1 Running 0 21h
kube-system coredns-6955765f44-2gp8k 1/1 Running 0 22h
kube-system coredns-6955765f44-rhnww 1/1 Running 0 22h
kube-system etcd-hatches1.fyre.ibm.com 1/1 Running 0 22h
kube-system kube-apiserver-hatches1.fyre.ibm.com 1/1 Running 0 22h
kube-system kube-controller-manager-hatches1.fyre.ibm.com 1/1 Running 0 22h
kube-system kube-proxy-4fxwb 1/1 Running 0 21h
kube-system kube-proxy-j6h5z 1/1 Running 0 21h
kube-system kube-proxy-tzxrt 1/1 Running 0 21h
kube-system kube-proxy-xzzqx 1/1 Running 0 22h
kube-system kube-scheduler-hatches1.fyre.ibm.com 1/1 Running 0 22h
which is nice ....
Final thanks to Julia Evans ( @b0rk on Twitter ) for her awesome blog, including: -
and 'twas she who introduced me to Kamal Marhubi who has written a series of blog posts: -
and the aforementioned: -
In case you wondered, I LOVE MY JOB!!!
Thursday, 12 December 2019
Now we are live - IBM Cloud Hyper Protect Virtual Server
As mentioned before, this is an adjunct to some work that my team and I are doing right now .....
IBM Cloud Hyper Protect Virtual Server
Summary
Create and run virtual servers on IBM LinuxONE, the industry’s most secure Linux-based platform. With an SSH key pair under your control, you have complete authority over your sensitive workloads.
IBM Cloud Hyper Protect Virtual Server
Summary
Create and run virtual servers on IBM LinuxONE, the industry’s most secure Linux-based platform. With an SSH key pair under your control, you have complete authority over your sensitive workloads.
Features
Security
Ability to deploy a Virtual Server in a Secure Service Container ensuring confidentiality of data and code running within the VS
Z Capabilities on the cloud
Ability to deploy workload into the most secure, highly performant, Linux virtual server with extreme vertical scale
Easy to use, open, and flexible
User experience at parity with market leaders both when buying and using the VS; with the openness and flexibility of a public cloud
No Z skills required
Access Z technology without having to purchase, install, and maintain unique hardware
with a set of enablement materials here: -
Monday, 9 December 2019
This just in - RHEL 8.1: A minor release with major new container capabilities
This on the Red Hat Blog: -
The release of Red Hat Enterprise Linux 8.1 is a minor update to RHEL, but a major step forward with containers. The container-tools:rhel8 application stream has been updated with new versions of Podman, Buildah, Skopeo, runc, container selinux policies and other libraries. The core set of base images in Red Hat Universal Base Image (UBI) have been updated to 8.1, and UBI has expanded to include Go 1.11.5 as a developer use case. There are now 37 images released as part of UBI - they can all be seen on the UBI product page. Finally, we have released some really good updated documentation covering rootless, and other new features in the container-tools module.
Now, let’s jump in and cover some major features a bit deeper.
RHEL 8.1: A minor release with major new container capabilities
Off to have a play .....
The release of Red Hat Enterprise Linux 8.1 is a minor update to RHEL, but a major step forward with containers. The container-tools:rhel8 application stream has been updated with new versions of Podman, Buildah, Skopeo, runc, container selinux policies and other libraries. The core set of base images in Red Hat Universal Base Image (UBI) have been updated to 8.1, and UBI has expanded to include Go 1.11.5 as a developer use case. There are now 37 images released as part of UBI - they can all be seen on the UBI product page. Finally, we have released some really good updated documentation covering rootless, and other new features in the container-tools module.
Now, let’s jump in and cover some major features a bit deeper.
RHEL 8.1: A minor release with major new container capabilities
Off to have a play .....
Subscribe to:
Posts (Atom)