Labels selectors are core grouping primitive in Kubernetes. They are used by the users to select a set of objects. Kubernetes API currently supports two types of selectors − Equality-based selectors.
You can constrain a pod to run only on particular nodes. The recommended approach to do this is to use label selectors to make the selection.
Following are the types of Kubernetes selector.
Kubernetes namespace is an abstraction to support multiple virtual clusters on the same physical cluster.
You can have multiple namespaces within one Kubernetes cluster, and they are all logically isolated from one another.
Namespaces provide a logical separation of cluster resources between multiple users, teams, projects, and even customers. Namespaces are how to divide cluster resources between multiple users (via resource quota).
Namespaces have below functionalities and on basis of the same we tend to use will use them.
Like other controllers, DaemonSets manage groups of replicated Pods.
However, DaemonSet ensures that all or selected Worker Nodes run a copy of a Pod (one-Pod-per-node).
As you add nodes, DaemonSets automatically add Pods to the new nodes. As the nodes are removed from the cluster, those Pods are garbage collected.
Here is the manifest of DaemonSet:
- name: fluentd
Create a daemonset:
kubectl create -f daemonset.yamldaemonset.apps "fluentd" created
Check the pod running:
Google Kubernetes Engine (also known as GKE) is a managed, production-ready environment for running Docker containers in the Google cloud.
It permits you to form multiple-node clusters whereas conjointly providing access to any or all Kubernetes options.
Amazon GuardDuty gives users the ability to monitor one or multiple AWS accounts for unusual and unexpected behavior. This is accomplished by analyzing and monitoring existing logs, such as VPC Flow Logs, CloudTrail Event Logs, and DNS Logs.
This will show what AWS Guard-Duty can do for you and the use cases that it will provide. I will explain how to generate sample data to show what Guard-Duty can point out. I will explain the “lists” management on how to whitelist various IPs for secure communication in your environment. …
Connecting branch and corporate offices into the AWS cloud to build a global network is necessary to provide ubiquitous accessibility for users. This solution uses AWS Transit Gateway, AWS Direct Connect, and AWS Accelerated Site-to-Site VPN to build a modern, secure, scalable, and cost-efficient WAN on top of the AWS global network.
How to Provision source and destination locations for AWS EFS and transfer data with AWS DataSync.?
AWS DataSync makes it simple and fast to move large amounts of data between on-premises storage and AWS. DataSync makes it easy for you to move data by automating both the management of data transfer processes and the infrastructure required for high-performance, secure data transfer.
we can use data sync to operate copying files securely between two amazon efs within different regions. DataSync is also used to achieve one-off migrations
Also, DataSync is assumed to be 15 times faster than other tools available.
AWS Security Hub Findings
AWS Security Hub Insights
Detect AWS Security Hub Configuration Changes
Review Enabled Security Hub Standards
Whether your cloud exploration is just starting to take shape, you’re mid-way through a migration or you’re already running complex workloads in the cloud, Conformity offers full visibility into your overall security and governance posture across various…
Ensure AWS WAF is in use to protect your web applications from common web exploits.
01. Sign in to the AWS Management Console.
02. Navigate to AWS WAF dashboard at https://console.aws.amazon.com/waf/.
03. In the left navigation panel, under the AWS WAF section, choose Web ACLs. A web ACL is a collection of firewall rules that allow you to take control over the web requests that your AWS resources (i.e. CloudFront CDN distributions and Application Load Balancers) respond to. If there is no web ACLs listed on the page, instead a Getting Started page is displayed: