Composition Files Chart.yaml
apiVersion: v2 name: helm-osi description: A Helm chart for the osi application # A chart can be either an 'application' or a 'library' chart. # # Application charts are a collection of templates that can be packaged into versioned archives # to be deployed. # # Library charts provide useful utilities or functions for the chart developer. They're included as # a dependency of application charts to inject those utilities and functions into the rendering # pipeline.
Cloud Services LAB Commands Task2 helm repo add svc-cat https://kubernetes-sigs.github.io/service-catalog helm search repo service-catalog helm search repo service-catalog kubectl create namespace svc-cat helm install catalog svc-cat/catalog --namespace svc-cat kubectl get all -n svc-cat Task3 helm repo add minibroker https://minibroker.blob.core.windows.net/charts helm install minibroker minibroker/minibroker --namespace srv-cat svcat get broker svcat get classes svcat describe class postgresql svcat provision orderdb --class postgresql --plan 11-6-0 -p postgresqlDatabase=orderdb -p postgresqlUsername=dbUser kubectl get pods,svc svcat bind orderdb --name orderdb-binding --secret-name orderdb-secret svcat get bindings svcat describe binding orderdb-binding --show-secrets kubectl describe secret orderdb-secret svcat unbind orderdb svcat deprovision orderdb Task4 svcat get instances svcat get bindings svcat describe binding orderdb-binding --show-secrets Files k8s/microservice-order.
DevOps continous Delivery faster time to market immediate feedback shorter innovation cycle minimize risks only small changes prove that sw is building find broken build fast and early awareness of current sw status no dependencies on key personell Improve Product Quality automated testing & code auditing documentetd history of builds to verify issues Phases of Software Automation Pipeline Build automation Developer runs build and unit tests on his machine Continuous Integration auto.
12 Factor Apps Code Base Dependencies Config Backing Services Build, release, run Processes Port Binding Concurrency Disposability Dev/prod parity Logs Admin Processes Test Exam Explain the difference between dependency declaration and isolation.
Cloud nativ Apps never expect packages to be already available, but fully declare all needed dependencies.
Dependency isolation means, there is a toolset making sure no dependencies are leakd into the container from the sourounding system.
Runtime Environment Goals Build optimized Dockerfiles, so-called multi-stage Dockerfiles. Recap the concepts of buildpacks Discover the functionality of buildpacks Investigate the internals and structure of buildpacks. Multi stage Dockerfiles Builder pattern
two seperate Dockerfiles were used. one that contained everything needed to build the application. one for production that contained everything to run the app.
Multi Stage Dockerfile
can be solved with this by having a build and a run stage
Service Mesh Disadvantages of Microservice Architectures Overall System is more complex then in a “big” Application each component needs to implement a new set of cross cutting concerns
(Network communication, asychronous requests, distributed state, security, …) large effort to implement seamless and polyglot tendency to uniform frameworks (spring, .net, …) Coordination of API, Protocol Version, migration, … Additional operations overhead (monitorin, logging, debugging, certificate mgmt) 8 common fallacies of distributed computing The network is reliable Latency is zero Bandwidth is infinite The network is secure Topology does not change There is one Administrator Transport cost is zero The network is homogenous Challanges of microservice Architectures Network Resilience
Cloud Patterns Service Registry Circuit Breaker Load Balancer API Gateway Endpoint Monitoring (Health, Metering,…) CNA - Service Registry Endpoint Monitoring Service orientation at scale means using/running many services
These Services need to be monitored.
a Process could stil be a live but the API is not responding
Commands Command description k3d cluster create –config ./lab-setup/k3d-ccp2-config.yaml create cluster Health monitor add this to the deplyoment yaml files: in spec.template.spec.containers
livenessProbe: initialDelaySeconds: 20 httpGet: path: /actuator/health/liveness port: 8080 readinessProbe: httpGet: path: /actuator/health/readiness port: 8080 env Variables for URL microservice-shipping.
12 factor Applications LAB Overview Cloud-Native application is an application optimized for running in the cloud (IaaS or PaaS) Each phase in the application life-cycle has to be adopted and optimized to run in the cloud typically desigened as a distributed application LAB Used Applications K3S: a lightweigt Kubernetes designed to run on low-ressource systems
fully CNCF-certified K3D: a wrapper to run K3s in Docker
makes it easy to run single- and multi-node k3s clusters i.
Penetration Testing LAB NMAP PING-Scan considered host up
Normal User: host accepts or refuses (TCP rst) a connection Root and host in same network: host answers an ARP request normal user and host in diff network: host answers to icmp echo request host replies to tcp ack on port 80 host replies to tcp syn on port 443 root and host in diff network
Penetration Testing 3 Goals explain the activities of threat modeling, vulnerability analysis, exploitation and post exploitations discuss the main challanages in these phases and what methods or tools could be use discuss several reasson why vulnerability scanners might not work perfectly (false positives / false negatives) know the architecture and main features of the Metasploit framework and you can use it for vulnerability testing and exploitation tasks Threat modeling (when building software or systems)