Skip to content

root.tips Posts

Learn how to deploy a highly-available, auto-scalable WordPress with CDN on Kubernetes!

Published by milosh on May 4, 2023

In this tutorial we will learn how to deploy a highly available and automatically scalable containerized installation of popular WordPress CMS, reaping all benefits of modern technologies offered by mainstream public cloud providers such as AWS. We will deploy our containerized WordPress installation on their EKS kubernetes infrastructure, and we will store our website files on their S3 storage service, backed by their CDN (content delivery network) service, thus serving website visitors from geographically close locations, minimizing the lag and improving their overall experience. Biggest advantage of using containerized services is the easiness of implementation of high-availability and more importantly – automatic scalability! This tutorial is of course short and generalized, but with a little bit more work you will be able to set your system in such way that at any given moment it will only use the right amount of resources it needs for smooth operation, drastically cutting down hosting costs when visits are low, and be able to automatically deploy more when visits go up, keeping operation smooth at all times.

Continue readingLearn how to deploy a highly-available, auto-scalable WordPress with CDN on Kubernetes!
Leave a Comment

Building an Intrusion Prevention System with Machine Learning using Open Source Technologies: A Step-by-Step Guide

Published by milosh on April 30, 2023

In this tutorial, we will guide you through the process of creating an intrusion prevention system (IPS) using open-source technologies and machine learning. By leveraging machine learning algorithms, your IPS can recognize anomalies in network traffic and potentially detect and prevent security threats. We will use the open-source tools Zeek (formerly Bro), Elasticsearch, Logstash, Kibana (ELK Stack), and the machine learning library Scikit-learn.

Of course, since creation of such system is a very complex matter, these are generalized instructions, but using them will enable you to build this concept further and create a fully usable system ready for use in production. It is important however that you already possess enough knowledge on topics of system administration, networking and of course machine learning which is what this subject is all about.

Continue readingBuilding an Intrusion Prevention System with Machine Learning using Open Source Technologies: A Step-by-Step Guide
1 Comment

Integration of Chaos Engineering with DevSecOps to Create a Resilient and Secure Infrastructure: A Comprehensive Guide

Published by milosh on April 30, 2023

In this tutorial, we will guide you through the process of integrating Chaos Engineering with DevSecOps to create a resilient and secure infrastructure. By combining these concepts, you can ensure that your applications are not only highly available but also secure from potential threats. We will use Terraform to automate the deployment of our infrastructure and introduce Chaos Engineering using Gremlin, a popular chaos engineering platform.

Prerequisites

1. Basic understanding of DevOps, DevSecOps, Chaos Engineering, and Terraform concepts.
2. Terraform installed on your local machine (version 0.14 or later).
3. An AWS account with the necessary permissions to create resources.
4. AWS CLI installed and configured on your local machine.
5. Gremlin account and Gremlin CLI installed on your local machine.

Continue readingIntegration of Chaos Engineering with DevSecOps to Create a Resilient and Secure Infrastructure: A Comprehensive Guide
1 Comment

Continuous Security Monitoring with Falco and Kubernetes: A Step-by-Step Guide

Published by milosh on April 30, 2023

Continuous security monitoring is a crucial aspect of DevSecOps, and Falco is an open-source, cloud-native runtime security project that can help you achieve this goal. Falco integrates with Kubernetes to monitor and secure your applications by detecting anomalous behavior in real-time. However, there is a lack of comprehensive resources on setting up Falco with Kubernetes for continuous security monitoring. In this tutorial, we will guide you through the process of implementing Falco in a Kubernetes environment. By the end of this tutorial, you will have a better understanding of how to use Falco to monitor your applications and maintain a secure environment.

Prerequisites

1. Basic understanding of Kubernetes, Falco, and DevSecOps concepts.
2. Access to a Kubernetes cluster (version 1.19 or later).
3. `kubectl` command-line tool installed on your local machine.

Continue readingContinuous Security Monitoring with Falco and Kubernetes: A Step-by-Step Guide
1 Comment

Implementing Blue/Green Deployments with Kubernetes and Istio: A Comprehensive Guide

Published by milosh on April 30, 2023

While Blue/Green deployments may be a popular strategy for achieving zero-downtime deployments that reduce the risk of introducing new application versions, but sadly it ain’t easy to find good quality tutorials, examples and documentation covering this topic online. Whole field of work and related technologies themselves are simply evolving too quickly so it will take some time for open-source community to catch up and publish tutorials and howtos of good quality. For this reason, in this tutorial we will try to fill this gap a little and explain the process of setting up Blue/Green deployments using Kubernetes and Istio, and will hopefully bring you closer to understanding how to deploy your applications while avoiding dreadful downtimes. Keep in mind that this is just generalized walk-trough which explains the process, not step by step tutorial you can follow – having solid understanding of kubernetes, and systems & networks in general is still necessary if you want to achieve this in practice.

Prerequisites

1. Basic understanding of Kubernetes, Istio, and DevOps concepts.
2. Access to a Kubernetes cluster (version 1.19 or later).
3. Istio installed on your Kubernetes cluster (version 1.10 or later).
4. `kubectl` and `istioctl` command-line tools installed on your local machine.

Continue readingImplementing Blue/Green Deployments with Kubernetes and Istio: A Comprehensive Guide
Leave a Comment

Automating Infrastructure Deployment with Terraform and GitOps: A Step-by-Step Guide

Published by milosh on April 30, 2023

One of the most searched DevOps topics with a lack of comprehensive resources is automating infrastructure deployment using Terraform and GitOps. Terraform is a popular infrastructure-as-code (IaC) tool, while GitOps is a methodology that emphasizes using Git to manage your infrastructure and application configurations.

In this tutorial, we will guide you through the process of automating infrastructure deployment using Terraform and GitOps. By the end of this tutorial, you’ll have a better understanding of the benefits of this approach and how to implement it in your own projects.

Continue readingAutomating Infrastructure Deployment with Terraform and GitOps: A Step-by-Step Guide
1 Comment

Create Docker image registry with Let’s Encrypt and NGINX reverse proxy doing SSL termination

Published by milosh on April 26, 2023

This bash script will automatically deploy a container image registry accessible via HTTPS in just a few minutes, using Docker and Nginx as reverse proxy doing SSL termination, along with Let’s Encrypt for obtaining SSL certificates.

Copy this code into new txt file, name it for example deploy.sh, and then make it executable with chmod +x deploy.sh. Once done, just start the script with ./deploy.sh, it will check if all prerequisites exist, ask you what domain you want to use for your registry, which email you want to register with on Let’s Encrypt, and then deploy everything acquiring needed certificates automatically on the way.

Before running the script, make sure you added your server’s IP address into your domain’s DNS records, and keep in mind your server needs to be reachable on port 80 while acquiring Let’s Encrypt certificates!

Continue readingCreate Docker image registry with Let’s Encrypt and NGINX reverse proxy doing SSL termination
Leave a Comment

Using Terraformer tool to copy complete existing infrastructure of an Azure account to another account

Published by milosh on April 25, 2023

Terraformer is a tool which generates Terraform files (`.tf` and `.tfstate`) from existing infrastructure. You can use Terraformer to generate Terraform files for your Azure resources and then apply the generated files in another Azure account, recreating your whole infrastructure there as well.

Here’s a step-by-step guide on how to achieve this using Terraformer:

1. Install Terraformer: Follow the official installation guide to install Terraformer.

2. Authenticate to your Azure account: Ensure you’re authenticated to your source Azure account using the Azure CLI with `az login`.

3. Export your Azure resources with Terraformer:

Continue readingUsing Terraformer tool to copy complete existing infrastructure of an Azure account to another account
Leave a Comment

Exporting all Azure resources to ARM (Azure Resource Manager) Template with a simple PowerShell script

Published by milosh on April 25, 2023

This high-level PowerShell script will export all resources of an Azure account to an ARM (Azure Resource Manager) template and deploy it on another Azure account (please note that this script will export and import only those resources that can be represented in an ARM template).

1. Make sure you have the Azure PowerShell module installed.
2. Authenticate to the source Azure account with `Connect-AzAccount` and the destination Azure account with `Connect-AzAccount -TenantId <TenantId> -SubscriptionId <SubscriptionId>`.

Replace the placeholder values in the script with the appropriate information, such as `SourceResourceGroupName`, `DestinationResourceGroupName`, `DestinationLocation`, `SourceSubscriptionId`, and `DestinationSubscriptionId`.

Continue readingExporting all Azure resources to ARM (Azure Resource Manager) Template with a simple PowerShell script
Leave a Comment

Production ready highly-available Kubernetes cluster with load balancer in just five minutes!

Published by milosh on April 22, 2023

Despite ruling the industry for quite some years now as a smart self-governed, self-healing container orchestration system without competition, allowing us to effortlessly automatically scale according to the actual needs and potentially saving us a fortune in hosting expenses, it still isn’t trivial deploying production ready Kubernetes clusters on our own, forcing us to use relatively expensive hosted Kubernetes offered by mainstream cloud providers like AWS, Google, Azure and others. While this may be fine for most entrepreneurs as long as their revenue beats their expenses, this situation is far from ideal for people and organizations with far greater value for society such as nonprofits or for example educational institutions. Ability to deploy and run Kubernetes on bare-metal servers like the ones offered by Scaleway or Hetzner can shave off a whole zero off hosting expenses, and differences of such magnitude have power to decide if projects/companies will survive or not! This script will automatically deploy Kubernetes cluster on virtual machines ran with libvirt open source hypervisor API, using Alpine linux cloud image for cluster nodes.

Continue readingProduction ready highly-available Kubernetes cluster with load balancer in just five minutes!
1 Comment
WordPress Appliance - Powered by TurnKey Linux