Month: April 2023

Building an Intrusion Prevention System with Machine Learning using Open Source Technologies: A Step-by-Step Guide

Published by milosh on April 30, 2023

In this tutorial, we will guide you through the process of creating an intrusion prevention system (IPS) using open-source technologies and machine learning. By leveraging machine learning algorithms, your IPS can recognize anomalies in network traffic and potentially detect and prevent security threats. We will use the open-source tools Zeek (formerly Bro), Elasticsearch, Logstash, Kibana (ELK Stack), and the machine learning library Scikit-learn.

Of course, since creation of such system is a very complex matter, these are generalized instructions, but using them will enable you to build this concept further and create a fully usable system ready for use in production. It is important however that you already possess enough knowledge on topics of system administration, networking and of course machine learning which is what this subject is all about.

1 Comment

Integration of Chaos Engineering with DevSecOps to Create a Resilient and Secure Infrastructure: A Comprehensive Guide

Published by milosh on April 30, 2023

In this tutorial, we will guide you through the process of integrating Chaos Engineering with DevSecOps to create a resilient and secure infrastructure. By combining these concepts, you can ensure that your applications are not only highly available but also secure from potential threats. We will use Terraform to automate the deployment of our infrastructure and introduce Chaos Engineering using Gremlin, a popular chaos engineering platform.

Prerequisites

1. Basic understanding of DevOps, DevSecOps, Chaos Engineering, and Terraform concepts.
2. Terraform installed on your local machine (version 0.14 or later).
3. An AWS account with the necessary permissions to create resources.
4. AWS CLI installed and configured on your local machine.
5. Gremlin account and Gremlin CLI installed on your local machine.

1 Comment

Continuous Security Monitoring with Falco and Kubernetes: A Step-by-Step Guide

Published by milosh on April 30, 2023

Continuous security monitoring is a crucial aspect of DevSecOps, and Falco is an open-source, cloud-native runtime security project that can help you achieve this goal. Falco integrates with Kubernetes to monitor and secure your applications by detecting anomalous behavior in real-time. However, there is a lack of comprehensive resources on setting up Falco with Kubernetes for continuous security monitoring. In this tutorial, we will guide you through the process of implementing Falco in a Kubernetes environment. By the end of this tutorial, you will have a better understanding of how to use Falco to monitor your applications and maintain a secure environment.

Prerequisites

1. Basic understanding of Kubernetes, Falco, and DevSecOps concepts.
2. Access to a Kubernetes cluster (version 1.19 or later).
3. `kubectl` command-line tool installed on your local machine.

1 Comment

Implementing Blue/Green Deployments with Kubernetes and Istio: A Comprehensive Guide

Published by milosh on April 30, 2023

While Blue/Green deployments may be a popular strategy for achieving zero-downtime deployments that reduce the risk of introducing new application versions, but sadly it ain’t easy to find good quality tutorials, examples and documentation covering this topic online. Whole field of work and related technologies themselves are simply evolving too quickly so it will take some time for open-source community to catch up and publish tutorials and howtos of good quality. For this reason, in this tutorial we will try to fill this gap a little and explain the process of setting up Blue/Green deployments using Kubernetes and Istio, and will hopefully bring you closer to understanding how to deploy your applications while avoiding dreadful downtimes. Keep in mind that this is just generalized walk-trough which explains the process, not step by step tutorial you can follow – having solid understanding of kubernetes, and systems & networks in general is still necessary if you want to achieve this in practice.

Prerequisites

1. Basic understanding of Kubernetes, Istio, and DevOps concepts.
2. Access to a Kubernetes cluster (version 1.19 or later).
3. Istio installed on your Kubernetes cluster (version 1.10 or later).
4. `kubectl` and `istioctl` command-line tools installed on your local machine.

Leave a Comment

Automating Infrastructure Deployment with Terraform and GitOps: A Step-by-Step Guide

Published by milosh on April 30, 2023

One of the most searched DevOps topics with a lack of comprehensive resources is automating infrastructure deployment using Terraform and GitOps. Terraform is a popular infrastructure-as-code (IaC) tool, while GitOps is a methodology that emphasizes using Git to manage your infrastructure and application configurations.

In this tutorial, we will guide you through the process of automating infrastructure deployment using Terraform and GitOps. By the end of this tutorial, you’ll have a better understanding of the benefits of this approach and how to implement it in your own projects.

1 Comment

Create Docker image registry with Let’s Encrypt and NGINX reverse proxy doing SSL termination

Published by milosh on April 26, 2023

This bash script will automatically deploy a container image registry accessible via HTTPS in just a few minutes, using Docker and Nginx as reverse proxy doing SSL termination, along with Let’s Encrypt for obtaining SSL certificates.

Copy this code into new txt file, name it for example deploy.sh, and then make it executable with chmod +x deploy.sh. Once done, just start the script with ./deploy.sh, it will check if all prerequisites exist, ask you what domain you want to use for your registry, which email you want to register with on Let’s Encrypt, and then deploy everything acquiring needed certificates automatically on the way.

Before running the script, make sure you added your server’s IP address into your domain’s DNS records, and keep in mind your server needs to be reachable on port 80 while acquiring Let’s Encrypt certificates!

Leave a Comment

Using Terraformer tool to copy complete existing infrastructure of an Azure account to another account

Published by milosh on April 25, 2023

Terraformer is a tool which generates Terraform files (`.tf` and `.tfstate`) from existing infrastructure. You can use Terraformer to generate Terraform files for your Azure resources and then apply the generated files in another Azure account, recreating your whole infrastructure there as well.

Here’s a step-by-step guide on how to achieve this using Terraformer:

1. Install Terraformer: Follow the official installation guide to install Terraformer.

2. Authenticate to your Azure account: Ensure you’re authenticated to your source Azure account using the Azure CLI with `az login`.

3. Export your Azure resources with Terraformer:

Leave a Comment

Exporting all Azure resources to ARM (Azure Resource Manager) Template with a simple PowerShell script

Published by milosh on April 25, 2023

This high-level PowerShell script will export all resources of an Azure account to an ARM (Azure Resource Manager) template and deploy it on another Azure account (please note that this script will export and import only those resources that can be represented in an ARM template).

1. Make sure you have the Azure PowerShell module installed.
2. Authenticate to the source Azure account with `Connect-AzAccount` and the destination Azure account with `Connect-AzAccount -TenantId <TenantId> -SubscriptionId <SubscriptionId>`.

Replace the placeholder values in the script with the appropriate information, such as `SourceResourceGroupName`, `DestinationResourceGroupName`, `DestinationLocation`, `SourceSubscriptionId`, and `DestinationSubscriptionId`.

Leave a Comment

Production ready highly-available Kubernetes cluster with load balancer in just five minutes!

Published by milosh on April 22, 2023

Despite ruling the industry for quite some years now as a smart self-governed, self-healing container orchestration system without competition, allowing us to effortlessly automatically scale according to the actual needs and potentially saving us a fortune in hosting expenses, it still isn’t trivial deploying production ready Kubernetes clusters on our own, forcing us to use relatively expensive hosted Kubernetes offered by mainstream cloud providers like AWS, Google, Azure and others. While this may be fine for most entrepreneurs as long as their revenue beats their expenses, this situation is far from ideal for people and organizations with far greater value for society such as nonprofits or for example educational institutions. Ability to deploy and run Kubernetes on bare-metal servers like the ones offered by Scaleway or Hetzner can shave off a whole zero off hosting expenses, and differences of such magnitude have power to decide if projects/companies will survive or not! This script will automatically deploy Kubernetes cluster on virtual machines ran with libvirt open source hypervisor API, using Alpine linux cloud image for cluster nodes.

1 Comment

Zero to Zero Trust in a few minutes: Boundary with Vault as credential store, brokering SSH keys!

Published by milosh on April 21, 2023

With our environment becoming more and more sophisticated and complex each day thanks to various automated systems and processes, it became completely impossible to secure it using old access control subsystems and methods, and this problem had to be effectively resolved in order for us to move forward! Despite timely warnings from industry experts of what might happen, it took epic failures (like ransomware that ransacked british national health system by kidnapping priceless patient data of millions of empire’s sovereigns, or even more brazen stuxnet worm attack that screwed up iranian uranium enrichment centrifuges by messing up Siemens industrial control systems there to prevent fuckups) for our kind to realize how vulnerable we are and how important IT security is in our lives in 21st century! This finally led us to novel conclusions which completely changed the rules of the game! Zero Trust philosophy as a great example of this overnight changed from something we want into something we need and cannot go on without if we want to be taken seriously! Radical transformations which completely change the way our systems talk to each other would however be hell on earth no one gladly steps into without fantastic apps from the kitchen that already terraformed us with Terraform and repacked us with Packer, the brilliant Hashicorp! By their definition: “Boundary is a tool for managing identity-based access in modern dynamic infrastructure”, and Vault “an identity-based secrets and encryption management system”.

To cut story short, this script will automatically install and configure OSS Boundary onto newly deployed Debian 11 system, together with OSS Vault which will serve as credential store that brokers short-lived temporary SSH keys to Boundary users so they can access the servers that are defined in Boundary as targets.

4 Comments