In this article I explain how to discovery new microservices in kubernetes balancing them automatically without loosing the sticky session feature necessary for managing stateful services. In order to archive it, I will use a new feature of haproxy, present starting from 1.8 version, that can update an HAProxy configuration during run time, and described ..
In this article I will try to explain the best practises to follow in the implementation of docker containers running in cluster mode (swarm, kubernetes or something different) or not. I’m very passionate of the docker world because there are a lot of systems and network aspects very interesting to explore, manage and deep inside ..
I present in this article a simple HAProxy configuration to balance dynamically the http traffic to set of containers associated to a swarm docker service. You can find the project at this git hub link: https://github.com/stefano-gristina/haproxy–swarm. The reason to make it cames from fact the the microservices should be stateless, and it should permit to ..
This page contains all security vulnerabilities, updates and bulletins of 2018. 2018 Security Vulnerability Bulletins ozilla Releases Security Update for Thunderbird 25/01/2018 Google Releases Security Update for Chrome 2501/2018 Apple Releases Multiple Security Updates 23/01/2018 Mozilla Releases Security Updates 23/01/2018 Lenovo Releases Security Advisory 19/01/2018 NCSC Releases Security Advisory 18/01/2018 Cisco Releases Security Updates, BIND 17/01/2018 ISC Releases ..
Docker swarm and kubernetes are the most widespread container orchestrators for running micro services spanned on different nodes of a cluster. They provide high availability, scalability, security and easy management to complex software architectures. The goal is reached from docker swarm using the stack concept that is a set of docker services related together; in ..
This article has the goal to improve the awareness about the risks of a pivot attack where the target system is exploited through another compromised system. The classic defense against these type of attacks based on the company’s perimeter is obsolete and it requires new solutions and approaches. The systems are compromised generally by phishing attack forcing the ..
WordPress is a free content management system used for hosting web sites. The web application written in php can running under apache or nginx. Whatever the solution adopted, it’s necessary to have a reverse proxy for better managing the web site and for performing SSL termination. In this article a solution with nginx as reverse proxy ..
KVM is a virtualization solution for linux largely used in enterprise environment. It’s permits to define overlay networks scalable over public network by open virtual switch. Layer 2 networks encapsulated over udp packet, by VXLAN or GRE tunnel, enable an use efficient and versatile of network infrastructure. Docker is a open platform that permits to run applications ..
Docker Overlay Network is a good way to create isolate layer two networks where the containers are distributed on different physical hosts. It’s possible to define two equal subnets without any overlap because the network interfaces of containers are in different namespaces. The frame between hosts are tunneled by vxlan protocol that manages until to 16777216 vlan: much ..
Network segmentation is vital in order to limit the risks for business data after a network intrusion. The goal is to make very difficult the movement of threat inside the network and to give to intruders not authorized the minimun privilege possible for avoiding the exploit of critical services for the business. By phishing campaign it’s very ..