Image: Google Cloud Tech Youtube

Docker is becoming a de facto for modern software deployment as well as development. From the build pipeline to CI/CD, the adoption of docker is increasing rapidly. Even the workflow automation like Github Actions is fully dependent in docker.

But with the recent change in the Docker Hub pull request limitation, a big number of users are going to be impacted. The cap of 100 and 200 pulls per 6 hours for anonymous and authenticated users respectively is surely gonna impact existing workflow. …


SSH has become trivial but still a truth. In this post, we will talk about securing the ssh connection to compute engine instance as well as centralizing the access control by the use of Idenity-Aware Proxy(IAP). It is a part of BeyondCorp security model also known as zero trust to protect access to GCP’s internal resources through context-aware access capabilities.

image credit: akamai.com

The IAP model allows access to compute instance without the use of vpn by easing the process with a single point of control for managing user access to web applications and cloud resources without exposing them to public internet. …


Quality of Service(QoS) by its name suggests the way service is provided based on need and also in adverse situation. The quality is in terms of the resource(cpu, memory etc.). In this post, we will talk about the QoS of pod in Kubernetes cluster.

While configuring or scheduling pod, we pass 2 parameters which determines the usage of node resources: Requests and Limits. These two parameters are provided for each containers in pod and are mainly dealt with CPU and Memory(RAM). “Request” specifies the minimum resource allocated to container which is reserved whether the container actually uses or not. And…


image credit: xenonstack.com

While creating a docker image, we might need to use secrets for various purposes like:

  • pulling private packages(npm, gradle etc.)
  • git clone or any git actions
  • get private object storage files
  • ssh/rsync

There mostly, there are two ways for using secrets:

  • environment variable
  • file

In this post we will dig into various ways of using the secrets along with the operation from security perspective. So, please read till the end to get idea of various ways. Here is the git repo with all Dockerfiles used in this post: https://github.com/dwdraju/docker-build-time-secrets

Way 1(Passing environment variable on Dockerfile)

# Dockerfile.1
FROM alpine:3.12
ENV MY_SECRET superSecret
CMD tail -f /dev/null


I often get question: How much will it cost to learn Kubernetes? There are various options, providers and tools for creating a cluster including cloud and in local system. Before diving into GKE(Google Kubernetes Engine), I would like to present other few options which are good for starting phase but may not give a good glimpse of connecting points.

image credit: spot.io

Local System

Minikube is popular one but I started to fall in love with microk8s not only because of its easy installation(snap install microk8s) but also it provides easy integration with Istio as well out of the box. …


Github Package Registry, announced in early 2019 is a fully Github integrated package management service where we can store package of npm, gem, mvn, nuget, gradle. By the effective usage of Github Actions and Package, we can build a good flow of release and package.

In this post, we are going to deal with the whole lifecycle of a npm package. Here’s what we will achieve:

  1. Create a nodejs project as a module
  2. Use published module in app
  3. Configure Github Actions for new tag and publish package with auto-increment in version
  4. Use the npm package in docker build
  5. Create docker…


We have come up with this new way of knowledge sharing platform where we will be writing weekly updates in the DevOps community and industry. If you want to share your interesting reads and learning, feel free to mention us. Enjoy this first weekly reading!

News

Helm Graduation: Helm, a package manager for Kubernetes has graduated from the incubating level as a CNCF project. Helm makes it super easy for installation, upgrade, and deletion of bundles of Kubernetes resource definitions. Also, it makes redistribution of application easier, you can consider it as Docker :). Read more on: https://helm.sh/blog/celebrating-helms-cncf-graduation/

New in Market

GitHub Codespaces: Github…


In Kubernetes world, pods are considered to be relatively ephemeral (rather than durable) entities. Means, we cannot expect a pod to be a long running resource. There are various reasons for termination, restart, re-initialization of pods when any change is introduced and the changes can come from multiple dimensions.

A software system can only be perfectly stable if it exists in a vacuum. If we stop changing the codebase, we stop introducing bugs. If the underlying hardware or libraries never change, neither of these components will introduce bugs. …


In finance, things go good when budget is planned well. Even in extreme scenario or disaster, one can sustain if there is a plan. Just like that.

In Kubernetes world, the budget is for pods. We cannot predict everything to be good all the time. Changes happen that might for pod or node itself, both update and upgrade or even disaster. Here, planning means we don’t let everything to go down but set a scenario where on one way neither our service burn out nor we allocate extra resources left unused.

Coming to the point. Let’s consider a scenario, we…


Helm, if you are new to the world, is an application package manager running atop Kubernetes making it easier to define, install, and upgrade Kubernetes application. Helm is also an incubator project in the CNCF and is maintained by the Helm community.

When we are managing the lifecycle of application which includes install, upgrade, rollback, delete using the charts, won’t it be interesting if we could do some task before and after the changes not by making changes on application but adding manifest definition on helm chart? As everything runs on container, this also can’t go beyond. …

Raju Dawadi

DevOps | SRE | #GDE

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store