What is a Secret in Kubernetes?

Question
What is a Secret in Kubernetes?

Answer
It is a ConfigMap with sensitive data that is encoded in Base64 text. What is a ConfigMap? It is a .yaml with a special format. There is always a “data:” section that is part of the YAML definition of a ConfigMap. The key-value pairs in the “data” section will have keys that appear in regular text;

 » Read more..

What Is The Immutable Bit vs. The Sticky Bit?

Problem scenario
You have heard of the immutable bit and want to know how it is different from the sticky bit. What is the immutable bit versus the sticky bit? What are the differences between the two?

Solution
We like the term “immutable flag” as opposed to “immutable bit” to help distinguish the two. We have three parts to explain this.

Part 1: What is the immutable flag?

 » Read more..

How Do You Open a Port to Connect to a GCP server?

Problem scenario
You are used to AWS Security Groups. You created a firewall rule in GCP. You cannot seem to reach the GCP server. What is wrong?

Possible Solution
Does the GCP firewall rule use the same shorthand notation like this?
x.x.x.x/32

Inbound rules in AWS Security Groups use the /32 to allow an IP address to connect to an EC-2 instance or service.

 » Read more..

How Do You Set up SSH on a Windows 2016 Server with Cygwin?

Problem scenario
You have a heterogeneous enterprise network of servers. You want your Linux machines to communicate and transfer files with your Windows machines. You do not want to use Active Directory. What do you do?

Solution
1. Install Cygwin on the Windows server if it has not been set up already. If you need assistance with this, see this posting.

 » Read more..

Why Cannot You Ping a Server when Nmap Commands to The Server Work?

Problem scenario
You cannot ping a server, but my nmap results show that port 22 on the server is open. You can reach the server with nmap, but not with ping. What is wrong?

Possible solution
Is the server in the AWS Security Group that you think it is? Go to the AWS console and verify the security group for the server is what you think is correct.

 » Read more..

How Do You Set Up a Multi-Node Cluster of Zookeeper?

Problem scenario
You want to set up Zookeeper with three nodes in AWS. What do you do?

Solution
1. Install Zookeeper on each of the servers. If you need assistance with this, see this posting.

2. Modify the zoo.cfg file on each of the servers. Add stanzas like these but substitute foobarX.amazonaws.com with the Public DNS name of each server:

server.1=foobar1.amazonaws.com:2888:3888
server.2=foobar2.amazonaws.com:2888:3888
server.3=foobar3.amazonaws.com:2888:3888
initLimit=5
syncLimit=5

3.

 » Read more..

What is SELinux?

Question
What is SELinux?

Answer
Security-Enhanced Linux (or SELinux) is a kernel module that can be installed and turned on in a Linux server. It categorizes files, hardware resources and processes; to learn more see this posting. It has the ability to restrict access to these categories. If a server is designated as an application server, a database server, or a web server,

 » Read more..

How Do You Troubleshoot The Kerberos Error ‘kinit: Cannot find KDC for realm “CONTINUALINTEGRATION.COM” while getting initial credentials’?

Problem Scenario
You run a “kinit” command. But you receive this:

‘kinit: Cannot find KDC for realm “CONTINUALINTEGRATION.COM” while getting initial credentials’

What should you do?

Solution
Look at the /etc/krb5.conf file. Look at the REALM section. Does it look like this?

[realms]
EXAMPLE.COM =

You need to change “EXAMPLE.COM” to your domain name.

Look also at the libdefaults section.

 » Read more..

What is a Container Breakout?

Question
What is a container breakout?

Answer
A container breakout is an the act of a user or process in a container gaining access to its underlying host server. Containerization is the isolation of processes and/or disk space on a server. A container is isolated from the host server via cgroups and namespaces. Bypassing the cgroup(s) and namespace(s) through intentional acts can be desirable for legitimate systems engineers.

 » Read more..

Do the Credentials “****” in Jenkins, Taken from the Credentials Plugin, Have the Username or the Password?

Problem Scenario
You want to use the credentials from the Jenkins credentials plugin in a Jenkins pipeline. When you assign the credentials to a variable in a pipeline, is it the username, the password, both or something else?

Solution
It is the username and password, but the two are separated by a colon. You will only see “****” in the console output (for security reasons).

 » Read more..