Labels selectors are core grouping primitive in Kubernetes. They are used by the users to select a set of objects. Kubernetes API currently supports two types of selectors − Equality-based selectors.

Labels and selectors

You can constrain a pod to run only on particular nodes. The recommended approach to do this is to use label selectors to make the selection.

Types of Kubernetes Selector

Following are the types of Kubernetes selector.


namespaces in Kubernetes

Kubernetes namespace is an abstraction to support multiple virtual clusters on the same physical cluster.

You can have multiple namespaces within one Kubernetes cluster, and they are all logically isolated from one another.

Namespaces provide a logical separation of cluster resources between multiple users, teams, projects, and even customers. Namespaces are how to divide cluster resources between multiple users (via resource quota).

Namespaces have below functionalities and on basis of the same we tend to use will use them.

  • Within the same Namespace, Pod to Pod communication.
  • Namespaces are virtual cluster sitting on top of physical cluster.
  • Namespaces provide a…


DaemonSets in Kubernetes Cluster

Like other controllers, DaemonSets manage groups of replicated Pods.

However, DaemonSet ensures that all or selected Worker Nodes run a copy of a Pod (one-Pod-per-node).

As you add nodes, DaemonSets automatically add Pods to the new nodes. As the nodes are removed from the cluster, those Pods are garbage collected.

Here is the manifest of DaemonSet:

apiVersion: apps/v1
kind: DaemonSet
metadata:
name: fluentd
namespace: kube-system
labels:
k8s-app: fluentd
spec:
selector:
matchLabels:
name: fluentd
template:
metadata:
labels:
name: fluentd
spec:
containers:
- name: fluentd
image: fluentd:latest

Create a daemonset:

kubectl create -f daemonset.yamldaemonset.apps "fluentd" created

Check the pod running:

kubectl…


Google Kubernetes Engine (also known as GKE) is a managed, production-ready environment for running Docker containers in the Google cloud.

GKE

It permits you to form multiple-node clusters whereas conjointly providing access to any or all Kubernetes options.


Amazon GuardDuty gives users the ability to monitor one or multiple AWS accounts for unusual and unexpected behavior. This is accomplished by analyzing and monitoring existing logs, such as VPC Flow Logs, CloudTrail Event Logs, and DNS Logs.

This will show what AWS Guard-Duty can do for you and the use cases that it will provide. I will explain how to generate sample data to show what Guard-Duty can point out. I will explain the “lists” management on how to whitelist various IPs for secure communication in your environment. …


Connecting branch and corporate offices into the AWS cloud to build a global network is necessary to provide ubiquitous accessibility for users. This solution uses AWS Transit Gateway, AWS Direct Connect, and AWS Accelerated Site-to-Site VPN to build a modern, secure, scalable, and cost-efficient WAN on top of the AWS global network.

Challenges :

Before Transit Gateway

After Transit Gateway


How to Provision source and destination locations for AWS EFS and transfer data with AWS DataSync.?

Background

AWS DataSync makes it simple and fast to move large amounts of data between on-premises storage and AWS. DataSync makes it easy for you to move data by automating both the management of data transfer processes and the infrastructure required for high-performance, secure data transfer.

we can use data sync to operate copying files securely between two amazon efs within different regions. DataSync is also used to achieve one-off migrations

Also, DataSync is assumed to be 15 times faster than other tools available.

In…


AWS Security Hub

AWS Security Hub Findings

  • Ensure that Amazon Security Hub findings are analyzed and resolved.

AWS Security Hub Insights

  • Ensure that Amazon Security Hub insights are regularly reviewed (informational).

Detect AWS Security Hub Configuration Changes

  • Security Hub service configuration changes have been detected within your Amazon Web Services account.

Review Enabled Security Hub Standards

  • Ensure that enabled Amazon Security Hub standards are reviewed (informational).

Whether your cloud exploration is just starting to take shape, you’re mid-way through a migration or you’re already running complex workloads in the cloud, Conformity offers full visibility into your overall security and governance posture across various…


AWS WAF

AWS Web Application Firewall In Use

Ensure AWS WAF is in use to protect your web applications from common web exploits.

Using AWS Console

01. Sign in to the AWS Management Console.

02. Navigate to AWS WAF dashboard at https://console.aws.amazon.com/waf/.

03. In the left navigation panel, under the AWS WAF section, choose Web ACLs. A web ACL is a collection of firewall rules that allow you to take control over the web requests that your AWS resources (i.e. CloudFront CDN distributions and Application Load Balancers) respond to. If there is no web ACLs listed on the page, instead a Getting Started page is displayed:

Kubernetes Advocate

Vineet Sharma-Founder and CEO of Kubernetes Advocate Tech author, cloud-native architect, and startup advisor.https://in.linkedin.com/in/vineet-sharma-0164

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store