In this article I investigate the possibility to implement a ceph storage solution, robust, scalable and high available inside a kubernetes cluster using rook (https://rook.io/) that automates the delivery and the management of the ceph solution. The benefits of this solution are to have a storage area easy to install and manage, opposite to big ..
My question that I want to share in this article is whether the public cloud is truly an instrument of liberation from technological annoyances, or an instrument of caging our professional freedom within technical enclosures that the professional elites has designed for all. Who says that a company cannot develop following new and innovative approaches, ..
As I explained in my previous article, https://www.securityandit.com/network/best-practices-for-network-segmentation/. network segmentation is vital in order to limit the risks for business data after a network intrusion. The goal is to make very difficult the movement of threat inside the network and to give to intruders not authorized the minimun privilege possible for avoiding the exploit of critical services ..
In this series of articles I will try to describe how to install and configure a kubernetes cluster in high availability and for production use, using an easy approach opposite to hard way, proposed by https://github.com/kelseyhightower/kubernetes-the-hard-way, that, however, is a good way to understand and learn more, inside the scenes, the infrastructure of a kubernetes ..
I write this article for sharing my experience in the configuration of kubernetes services to expose outside, explaining advantages and disadvantages of the two different solutions most used: NodePort and Ingress controller. In this direction, after different years to work with kubernetes, I can say that the best solution doesn’t exists and it depends on ..
In this article I will go deeper into the implementation of networking in kubernetes cluster explaining a scenario implemented wit Calico network plugin. Calico is a open source networking and network solution for containers that can be easily integrated with kubernetes by the container network interface specification that are well described here. I chose ..
In this article I would like to share my experience of these last years in the management of microservices architecture making a comparison with monolithic applications, through the point of view of service operation, coherently to my experience. I’m very passionate about the system and network concepts behind the scenes – kernel namespace, onion ..
In this article I explain how to discovery new microservices in kubernetes balancing them automatically without loosing the sticky session feature necessary for managing stateful services. In order to archive it, I will use a new feature of haproxy, present starting from 1.8 version, that can update an HAProxy configuration during run time, and ..
In this article I will try to explain the best practises to follow in the implementation of docker containers running in cluster mode (swarm, kubernetes or something different) or not. I’m very passionate of the docker world because there are a lot of systems and network aspects very interesting to explore, manage and deep ..
I present in this article a simple HAProxy configuration to balance dynamically the http traffic to set of containers associated to a swarm docker service. You can find the project at this git hub link: https://github.com/stefano-gristina/haproxy–swarm. The reason to make it cames from fact the the microservices should be stateless, and it should permit ..