Labels selectors are core grouping primitive in Kubernetes. They are used by the users to select a set of objects. Kubernetes API currently supports two types of selectors − Equality-based selectors.

Labels and selectors

You can constrain a pod to run only on particular nodes. The recommended approach to do this is to use label selectors to make the selection.

Types of Kubernetes Selector

Following are the types of Kubernetes selector.


namespaces in Kubernetes

Kubernetes namespace is an abstraction to support multiple virtual clusters on the same physical cluster.

You can have multiple namespaces within one Kubernetes cluster, and they are all logically isolated from one another.

Namespaces provide a logical separation of cluster resources between multiple users, teams, projects, and even customers. Namespaces are how to divide cluster resources between multiple users (via resource quota).

Namespaces have below functionalities and on basis of the same we tend to use will use them.

  • Within the same Namespace, Pod to Pod communication.
  • Namespaces are virtual cluster sitting on top of physical cluster.
  • Namespaces provide a…


DaemonSets in Kubernetes Cluster

Like other controllers, DaemonSets manage groups of replicated Pods.

However, DaemonSet ensures that all or selected Worker Nodes run a copy of a Pod (one-Pod-per-node).

As you add nodes, DaemonSets automatically add Pods to the new nodes. As the nodes are removed from the cluster, those Pods are garbage collected.

Here is the manifest of DaemonSet:

apiVersion: apps/v1
kind: DaemonSet
metadata:
name: fluentd
namespace: kube-system
labels:
k8s-app: fluentd
spec:
selector:
matchLabels:
name: fluentd
template:
metadata:
labels:
name: fluentd
spec:
containers:
- name: fluentd
image: fluentd:latest

Create a daemonset:

kubectl create -f daemonset.yamldaemonset.apps "fluentd" created

Check the pod running:

kubectl…


Google Kubernetes Engine (also known as GKE) is a managed, production-ready environment for running Docker containers in the Google cloud.

GKE

It permits you to form multiple-node clusters whereas conjointly providing access to any or all Kubernetes options.


Ensure that Amazon Security Hub insights are regularly reviewed (informational). Security Hub service configuration changes have been detected within your Amazon Web Services account. Ensure that enabled Amazon Security Hub standards are reviewed
Ensure that Amazon Security Hub insights are regularly reviewed (informational). Security Hub service configuration changes have been detected within your Amazon Web Services account. Ensure that enabled Amazon Security Hub standards are reviewed
AWS Security Hub

AWS Security Hub Findings

  • Ensure that Amazon Security Hub findings are analyzed and resolved.

AWS Security Hub Insights

  • Ensure that Amazon Security Hub insights are regularly reviewed (informational).

Detect AWS Security Hub Configuration Changes

  • Security Hub service configuration changes have been detected within your Amazon Web Services account.

Review Enabled Security Hub Standards

  • Ensure that enabled Amazon Security Hub standards are reviewed (informational).

Whether your cloud exploration is just starting to take shape, you’re mid-way through a migration or you’re already running complex workloads in the cloud, Conformity offers full visibility into your overall security and governance posture across various…


AWS WAF

AWS Web Application Firewall In Use

Ensure AWS WAF is in use to protect your web applications from common web exploits.

Using AWS Console

01. Sign in to the AWS Management Console.

02. Navigate to AWS WAF dashboard at https://console.aws.amazon.com/waf/.

03. In the left navigation panel, under the AWS WAF section, choose Web ACLs. A web ACL is a collection of firewall rules that allow you to take control over the web requests that your AWS resources (i.e. CloudFront CDN distributions and Application Load Balancers) respond to. If there is no web ACLs listed on the page, instead a Getting Started page is displayed:


AWS Shield

AWS Shield Standard tier, which provides basic DDoS protection, is automatically enabled for all AWS customers at no additional charge, however, the AWS Shield Advanced, the service that provides advanced DDoS protection, is a paid solution. To determine if AWS Shield Advanced plan is enabled within your AWS account, perform the following:

We can do it by using AWS Console

01. Sign in to the AWS Management Console.

02. Navigate to AWS WAF and AWS Shield home page at https://console.aws.amazon.com/waf/.

03Click Go to AWS Shield to access the service dashboard. …


Protect Your Secrets in ApplicationsSecrets are frequently used to protect sensitive information and functionality.

AWS Secret Manager

Many applications use secrets for various use cases. Using an application ID and Secret key to generate a token or maybe the secret key itself to access APIs, a username, and password to create a database connection string to retrieve data from RDS. Maybe there are various security measurements and standards you’ve been enforced by your organisation. One thing for sure is not storing passwords in configuration files or hard code them in plain texts. …


Ruby on rails in k8s

As stated on their website, “Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications.” Here we’ll take a Rails app, create an image using a Dockerfile, and let Kubernetes manage the containers for us.

We will discuss the following:

  • Secrets
  • Deployments
  • Services
  • Running locally via Minikube

Wanna run Rails in Kubernetes? This Kubernetes tutorial will show you how.

Kubernetes Advocate

Founder and CEO of Kubernetes Advocate Tech author, cloud-native architect, entrepreneur, and startup advisor.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store