Container – DevopsCurry

Container Security Scanning

Shiwani Sharma — Tue, 11 Jun 2024 07:25:56 +0000

An Brief Introduction On Container Security Scanning & Their Tools

What is Docker Security Scanning?

[Container Security Scanning]….All services that you require inside a container Docker permits you to install all this, you are free from all the worries about installing on a similar package with several versions on your system. You can use Docker to operate services and applications and it has its sandboxes which are known as containers. With the help of a Docker, you can easily dispense the whole environment of an application from one to another. The process to find out the presumed security in the package listed in your Docker image. Docker image security plays a very important role in terms of Docker security. If we have to generate a Docker image then firstly we have to generate a Dockerfile and by utilizing the Docker build command you can turn it into an image after finishing Dockfile.[Container Security Scanning]

Container/ Docker Security Scanning Tools

These tools are important to find out for identifying vulnerabilities in container images. These tools examine container images for known vulnerabilities, compliance issues and misconfigurations. Now we will explain some of the tools are as follow:

Docker Bench

It is utilized in the production to search numerous best practices and the automated tests for checking the best practices around Docker containers and it works like a script. Docker Bench focuses on developers because it regulates containers with the community edition of Docker. You have to require Docker 1.13.0 to operate Docker Bench. It’s an open-source script that checks for best practices in Docker deployments. This tool is created to automate security check , support to making sure that Docker host and container attach to the best security practices as outlined by Docker’s security guidelines.

Clair

It is an open-source project which is utilized in Quay.io that has an alternative to Docker Hub and it is also a public container registry that is created by CoreOS. It proposes security for applications and dockers and by using Clair you can create services that continuously regulate your container for any susceptibility of the container. Every data is recorded in NVD, which means National Vulnerability Database, so in a case where any error recognizes them, it will procure the circumstances and furnish every detail in the report.

Anchore

For scanning, the CI/CD pipeline Anchore is obtainable in Jenkins Plugins and it can operate on orchestration and standalone platforms like Rancher, Kubernetes, Docker Swarm and Amazon ECS. One of the important features of Anchore is to permit the users to execute the intense container image exploration to check the package of the operating system, RubyGEMs and Node.JS modules as well every single file is coated in the analysis.

OpenSCAP

This is one of the best tools that is used by security auditors and IT admins that consists of open source tools, configuration baselines and open security benchmark guides. It also uses SCAP which means Security Content Automation Protocol which is NIST -certified that furnishes the security policies and that is readable to machines. In comparison with others, OpenSCAP is more broad-based than others.

Dagda

It’s an open-source tool that is used for static analysis of container security and also for scanning viruses, vulnerabilities, malware and viruses in Docker containers. If you want to use Dagda then firstly you have to scan the Docker container. It stored the vulnerability data as well. It is very flexible that handles both REST API as well CLI and that is one of the important benefits of Dagda and for the detection of vulnerability, it operates an antivirus engine named ClamAV.

Black Duck OpsSight

It is also an open-source vulnerability that observes and accentuates any of the images which consist of open source vulnerabilities. In case of any differences, Black Duck OpsSight noticed and attended within the orchestration platforms. One of the important features of OpsSight is its standard container images that have a security policy that is open source.

Sysdig Falco

Sysdig Falco tool is formulated by Sysdig to recognize some bizarre action in your application which is an open-source tool as well and that is created for Kubernetes, cloud environment and containers. It also regulates and recognizes host, network activity, container and application. It constantly monitors and discovered unpredicted behavior, vulnerabilities, intrusions in actual time. It combine with several Kubernetes environments, SIEM tools and CI/Cd pipelines.

Dockle

It’s an open-source tool that is very useful for ascertaining that the best practices for writing Dockerfiles chase Docker drawbacks. You can also use Dockle to lint container images in opposition to user exemption escalation, CIS benchmarks, potentially vulnerable commands and assisting to ignore sensitive mysteries. With the help of other platforms like Mac OS X, Linux and Homebrew you can easily install Dockle.

Trivia

It is formulated to be used within the process of CI and CD and to deploy an application or previously delivered to a container to scan for vulnerabilities. In the other word you can say for any container, it’s a vulnerability scanner. This is a complete security scanning tool that is created by Aqua Security and it is utilized for identifying vulnerabilities in file system, container images, & Git repositories. It scan the container images for vulnerabilities in some of the OS package as like RHEL, Debian etc.

Hadolint

This tool is written in Haskell that is operated by a small firm or a team and it also supports the team’s for their structure or in other ways team structure and deploys Docker containers best practices and it works as a linter also.

Conclusion

The adoption of container security scanning tools is not just a best practice but a necessity in today’s fast-paced, security-conscious development landscape. Whether you’re a developer, DevOps engineer, or security professional, leveraging these tools can significantly enhance your security posture and safeguard your applications against evolving threats. Embrace container security scanning as a fundamental part of your DevSecOps strategy to build and maintain resilient, secure applications.

The post Container Security Scanning appeared first on DevopsCurry.

Platform Engineer VS DevOps Vs SRE : Understanding the difference

Shiwani Sharma — Thu, 19 Oct 2023 17:12:19 +0000

Over the last few years the terms and roles of Platform engineer, DevOps & SRE (Site Reliability Engineering) have gained a lot of popularity. All three are related to the same field Software Development and Operations field but they all have different ror even overlapping responsibilities.

Image Credit:https://www.getambassador.io/blog/rise-of-cloud-native-engineering-organizations

As you can see in the image above, you can observe how teams are organized into Platform engineers and SRE, as well as how the teams measure the success of both. This will give you an idea of their differentiation. They collaborate with various teams, including multiple development teams. Now, in the following article, you will learn about SRE, DevOps, and Platform Engineers separately.

What is Platform Engineer?

As we already discussed about platform engineering in our separate blog article (An Overview Of Platform Engineering) you will get the more insights about Platform engineering.

A platform engineer’s responsibilities are to organize, create, and maintain the infrastructure that endorses the DevOps of software applications. Now-a-days platform engineer is becoming in trend because it guaranteed to provide the best experience to developer and speed up the product team. They also helps the work of developer more efficiently just by doing CI/CD pipelines, configuring IaC( Infrastructure as Code) to automate the cloud resources.

Platform engineering is a new discipline that has emerged in response to the growing complexity of our modern day Cloud-native architectures. It can be called as a practice of building and maintaining an integrated product, which we call as “Internal Developer Platform” (IDP) ,which acts as a flexible and supported abstraction layer between developers and the underlying technologies of their applications.

Platform engineering is a process or an art that combines several tools and technologies which streamlines the software development and delivery process and help decrease the mental load on individual contributors, enabling self-service platforms for developers and other stakeholders.

What is DevOps Engineer?

A Process that integrates IT operations, practice, tools, software development And contributes the outstanding characteristics of software with the endless delivery.

It characterises the take on the renewal of programmable infrastructure and expenditure, software development, industrialisation. In a company, it stimulates alliance and transmission.

DevOps have some procedures such as the CI/CD tool (Continuous Integration/ Continuous Delivery) with an intensity of task automation. Microservices, Container, and executing together with the DevOps methodologies. Though it is clear that it has some methodologies, it is not a technology.

Image Credit: https://www.geeksforgeeks.org/devops-tutorial/

As you can see in the above image , you can get some idea exactly about what is DevOps ? The two words define DevOps (Dev + Ops ) (software development and Operations) and in other words, you can say the assortment of software development and operation is known as DevOps.

It enhances the speed and quality of the application that has been delivering to an enormous extent and that’s why it’s becoming more prominent for the organization.

It provides you with the faster speed, security for your code, delivered quickly, these are some of the important features of using DevOps.

What is an SRE? (Site Reliability Engineering)

SRE is known as Site reliability engineering. The team of SRE works as a tool that uses the software for unravelling any difficulties and managing the system. Through coding, it supports regulating huge systems that control a bundle of machines or you can say more than thousands of machines. It has many more similarities to DevOps. Site reliability engineering was inaugurated by Ben TreynorSloss and the idea of SRE came from Google Engineering. The engineer who is working on Google has written SRE. There are two terms and components which are very valuable for SRE are automation and standardization. They always want to work in two ways either to automate operations tasks. It helps the team for its movability means if a team wants to move from a traditional approach to IT operations to a cloud-native method, then the SRE supports their team for that. For enhancing the integrity of software and the infrastructure which operates it and SRE furnishes incentive and expensive input.

Image Credit: https://www.devopsschool.com/blog/𝗗𝗲𝘃𝗢𝗽𝘀-𝗩𝘀-𝗦𝗥𝗘-𝗩𝘀-𝗣𝗹𝗮/

This above image help you to know more about these three and get a better differentiation between DevOps, SRE & Platform Engineering.

Main differences Between Platform Engineer, DevOps & SRE

KEY DIFFERENCES

PLATFORM ENGINEER

DEVOPS

SRE

Automation

Platform engineer forces automation in CI/CD

DevOps encourages automation. It also uses automation in testing, monitoring, CI/CD.

Same as DevOps, SRE also encourages automation.

Communication& Collaboration

It facilitates the communication and it also collaborate between operation and development team.

As a core principle Devops also facilitates the communication and collaborate between operation and development team.

Same as platform engineer and DevOps SRE collaborate with operation and development team and also it deliver high-quality software.

Responsibility

A platform engineer’s responsibilities are to organize, create, and maintain the infrastructure that endorses the DevOps of software applications

DevOps are responsible for solving the trouble and production monitoring.

Same as DevOps but also uses the monitoring tools Grafana,Splunk.

Conclusion:

So at the end we see that these three, DevOps, SRE & Platform Engineering are very important approaches in the today’s software development world and each of these has its own unique function and their responsibility. A platform engineer’s responsibilities are to organize, create, and maintain the infrastructure that endorses the DevOps of software applications. DevOps is a Process that integrates IT operations, practice, tools, software development And contributes the outstanding characteristics of software with the endless delivery. The team of SRE engineers works as a unit that uses the software tools for mointiring and unravelling any difficulties in managing the system.

We can say that the current fast-paced software development environments demand close collaboration among SRE, DevOps and Platform Engineering to meet various requirements for a seamless Development, Deployment, and improved production systems.

We can finally conclude that: Even though these roles are distinct, but their responsibilities may overlap, based on the needs and requirements of the organizations.

The post Platform Engineer VS DevOps Vs SRE : Understanding the difference appeared first on DevopsCurry.

DevOps 2021 : A Docker Container Tutorial for Beginners

Fri, 26 Feb 2021 14:47:35 +0000

A look at Docker in 2021: The most preferred Container technology

I am sure if you are a software professional, then you have probably heard of term Docker at some point in last few years. And you are probably aware of the fact that it has become an instrumental or the must-know technology for any application developer to know and have in their kitty.

However if you have no idea of what I’m talking about, no worries – this article is supposed to share those details with you.

As the global businesses grow, complexity tends to increase in handling large and complicated applications. To manage the extensive applications, it is necessary that we take appropriate measures. Thus, the need to keep the applications on the same host isolated from each other without interfering with the other’s working arises. This issue has been resolved using virtual machines, providing separate environment hardware and software resources for running the application. But it comes with some downfalls as it requires its OS, which can be bulky and difficult to handle. Thus we move to container technology.

Containers allow you to isolate the applications by providing different execution environments sharing the same underlying OS kernel. It will enable you to pack the application more densely on the same hardware. With a container, you can bundle up the applications and their dependencies and libraries into a package that can be easily handled and modified without impacting the working of other applications or the system. But running thousands of containers can be challenging to create and manage. Thus, we require some tools to handle it. Thus Docker comes into the picture.

Docker was launched in 2013 as an open-source project. It boosts the containerization and microservices concept in software development, also known as cloud-native development.

As per definition from Wikipedia,

Docker is a set of platform as a service (PaaS) products that use OS_level virtualization to deliver software in packages called containers. Containers are isolated from one another and bundle their own software, libraries and configuration files; they can communicate with each other through well-defined channels.Because all of the containers share the services of a single OS kernel , they use fewer resources than virtual machines.

What is Docker?

Docker has gained popularity with containers and has changed how to create and run containers on a cloud platform. Docker is the most popular tool that allows you to create, deploy, and run applications with the help of containers. As a developer, you can bundle the application along with required libraries and dependencies using docker container. You can quickly move these packages as a single application and deploy them in any environment without worrying about compatibility with the underlying infrastructure.

Unlike Virtual machines, Docker does not create a separate OS but provides a complete environment using the same OS kernel for all applications. Docker helps reduce the size of the application and enhances performance as you have to include only the required dependencies that may not be available on the host system.

Well, the question is how Docker manages to package and run applications within the container? You can even run multiple containers at the same time on the same host without consuming too much CPU resources. Docker provides high optimization to run containers within the VM. once you create an application, it is being tested and distributed as a single unit. This single unit can also be deployed to the production environment as a container. This application will efficiently work on any platform like local data enter, cloud provider with great flexibility.

Image Credits: https://www.docker.com/blog/containers-and-vms-together/

Docker architecture

Docker has a client-server application as its engine, which comes with three components- a server, a command-line interface, a client, a docker host, a registry, and a REST API.

The Docker server is the long-running daemon process that handles the Docker operations. The daemon will create and manage Docker objects like networks, volumes, images, and containers.
CLI helps in controlling and interacting with Docker daemon with scripts and commands. REST API will specify the interface to communicate between the daemon and the program.
Docker client interacts with the daemon, which builds, runs, and distributes the containers. You can run client and daemon on the same system, or they can be on different systems. Docker Client and Daemon communicate via REST API over the network interface. With the help of Docker client, docker users can interact with Docker. The client sends the command to the daemon.
Docker Daemon- It listens for the Docker API requests and allows you to manage the Docker objects like images, containers, network, and volumes. Different daemons can interact with each other to control the Docker services.
Docker Registries- Registry is used to store the Docker images. Docker provides Docker Hub, a public registry open to all users, and is configured to look for Docker Hub images by default. Apart from this, you can also maintain your personal Docker registry. You can run various commands to pull and push images from the configured registry.

Image Credits : https://thingsolver.com/hello-docker/

Why is Docker so popular?

There are various reasons for Docker to gain popularity after the Virtual machine. Below are some reasons to adopt the Docker process within your software development lifecycle.

Docker is much faster and reliable than a Virtual machine.
Docker is more portable due to the consistency of the host environment irrespective of the underlying OS hosting the environment.
Docker uses containerized applications that can be easily scaled up or scaled down as per the business requirement.
With the container concept, you can easily break a complex application into small and modular microservices.
Docker rises as an open-source that has marked its territory within the market. It offers a faster way to deploy applications without focusing much on the platform.
Docker can be easily integrated with the DevOps development and deployment cycle. It helps in enhancing agility, flexibility, and scalability.

You can also read about our old posts on reasons to adopt Containers in 2021 and Docker Command Cheatsheet:

Docker Cheatsheet for Beginners

Why you should consider adopting Containers in 2021

What is rom

Advantages of Docker

Below are the top advantages of using Docker that help in driving the successful growth of the business.

Cost-efficiency- Docker comes with various cost-saving offers. It provides a better return on the investment. Not only this, it allows developers to reduce down the cost along with enhancing performance. However, Docker works well for small and large businesses, but large companies tend to gain more profit and stable revenue over a long period. It allows you to spend less on infrastructure and resources required for the development. You will have to employ less staff to develop and manage the applications, leading to lower human resource costs.
Productivity- with Docker, you can efficiently handle multiple deployments and release cycles at the same time. It provides a familiar environment for production to be seamless. It allows team members to collaborate on a large scale to debug errors and analyze their performance. It reduces the time spent on fixing mistakes and manage that time towards development. You can easily roll back a single component of any application without impacting other applications in progress. Docker allows you to create multiple copies of the images for testing purposes, thus increasing productivity.
Compatibility- an application created using Docker will run the same on all servers with different architecture and infrastructure. This helps the developers save their time as they do not have to create different versions of an application for every platform. The codebase can be set up quickly and is more portable than any other platform. You can use the same container image across all development phases of the application.
Easy deployment- you can deploy an application within no time with Docker. You do not have to boot the Docker applications into the Operating system and use OS kernels to make the process simpler. You can perform various actions on the applications without impacting the efficiency.
Continuous testing- with Docker, you can test your applications from an early development stage to the production deployment. You can configure all the Docker containers with all dependencies and required files, which can be used throughout the production states without any modification. For any changes, you can alter the containers at any phase of development, even at the release cycle, without modifying the complete application. Docker makes the application and platform flexible. You can test and release as many images as you want at the same time.
Security- apart from flexibility and scalability, Docker makes sure that all the containers that are running simultaneously will be fully segregated from each other. Developers can control the traffic to your application. The data of any container cannot be accessed and processed by any other container.
Cloud technology- many cloud providers have adopted Docker’s extensive support due to its portability. You can run a Docker container within any cloud platform. Also, you can move applications from one cloud platform to another with great ease.

Conclusion

There is no doubt that Docker is a revolutionary technology, which has changed the style of software development.

To summarise, there are three main reasons for Docker’s success. First, you can get more applications running on the same underlying hardware than other technologies. Second, docker makes it easy for developers to quickly create ready-to-run container applications. And finally, Docker makes managing and deploying your applications much easier.

However we also need to consider the tradeoffs before committing to a Docker-based approach. A careful accounting of the benefits and costs of containerise your entire application stack ,may well lead you to adopt Docker. So if the benefits add up, Docker and containers have the potential to open up new opportunities for your enterprise.

The post DevOps 2021 : A Docker Container Tutorial for Beginners appeared first on DevopsCurry.

What is Knative, and why should have a look at it in 2023 !

Mon, 25 Jan 2021 19:07:38 +0000

Understanding Knative: a Container-based Serverless tool

Since last few years, serverless technologies have been in demand and also seen good adoption. Going by stats, 2021 and onwards have been predicted as years of servereless. The container based applications are the flavor of the season, and kubernetes is witnessing a huge demand and adoption from the corporates.

Kuberenetes is definitely a great tool with a lot of potential, but along with Kubernetes, the ecosystem around it is also ever-growing and expanding with lots of new tools and technologies coming into being. Once such tool is Knative, which makes Kubernetes even better.

Knative is an open-source framework launched to bridge the gap between the containerized and serverless applications among cloud providers. It was developed in 2018 and supported by a group of companies that worked together (Google, IBM, Pivotal, Red Hat, and SAP) to help Kubernetes run microservices and efficiently handle serverless applications.

Many companies widely adopt Kubernetes as an orchestration tool that manages the containers, but you have to rely on the proprietary release-management tools for deploying containers. Also, it demands writing custom code and requires manual effort for troubleshooting in case of failure, and it is challenging to implement serverless computing without the cloud-based serverless platform. Knative was introduced to overcome the situation and establish a standard for cloud-native and cloud-platform orchestration because of these problems.

You can also look at our posts on Serverless and some popular Serverless solutions.

In the post below, we will talk about Knative in detail, its benefits, why there is a need to adopt Knative, its core components, and the future of Knative for Kubernetes and cloud-based enterprises.

What is Knative?

Knative (pronounced kay-nay-tiv) is an open-source, Kubernetes-based serverless framework that was initially developed by Google. Its key feature is to maintain the standard for cross-platform orchestration, which is being implemented by integrating the container or function creation, workload management, auto-scaling, and event models.

Knative is not the only serverless platform available in the market. Earlier, we have other open-source solutions like Kubeless, Fission, Apache OpenWhisk, etc. Also, we have cloud providers that provide equivalent FaaS products like Lambda, Azure functions, function compute, and many more. Every solution mentioned above has its ways to deploy business code to a serverless platform, which may cause market fragmentation due to a lack of standardized practices. This may lead you to be bound to a specific provider for a particular feature that may not be provided by the other solution or provider. This causes problems like migration to the cloud in a serverless manner, hard to build a general-purpose PaaS platform. That is why Knative comes into play to fix these problems.

The need for Knative depends on you much you are struggling to implement the tasks that can be implemented efficiently within a Kubernetes-based pipeline. As Kubernetes has been in great demand, so has the Knative for automating the process of container-based serverless applications. Unlike other serverless environments, Knative allows you to avoid cloud vendor lock-in.

Below are some features of Knative.

With the help of Knative, developers can directly use the Kubernetes API to deploy serverless services.
You can easily integrate Knative within any supported environment.
It is Kubernetes-based and allows you to deploy services to Kubernetes.
It allows the users to trigger serverless services in Knative with the help of the eventing system.

Benefits of Knative

Knative supports Kubernetes serverless orchestration and provides services like service connection, route management, and phased release. It comes with a large community supporting it. Below are some benefits of Knative can influences business to adopt it within the Kubernetes pipeline.

Knative is not a PaaS but is a serverless orchestration platform that allows you to create your serverless PaaS.
It provides a CloudEvent standard framework to design serverless architecture. Unlike other FaaS solutions, it has standard events, and it is compatible with other FaaS solution.
It comes with cross-platform support and provides a universal standard among different cloud providers that eliminate the risk of binding vendors to a specific solution.
It has a mature and full-fledged serverless design.
Knative helps in building a complete application from source code to images.
It helps in supporting the proportional phased releases.
It provides you a flexible framework without the risk of vendor lock-in for a specific solution.
It allows you to leverage the serverless experience within a containerized environment.
It helps in removing the reliability of customized tolling and management.
By implementing Kubernetes, you can easily migrate to other cloud providers integrated with Knative.
It helps in processing IoT data, running accessibility checks for your website, and validating the configuration of the security groups.
It provides a request-driven compute model.
It helps developers to focus on coding and allow them to create iterative code frequently. It also ensures that developers will implement new versions of the containers.
Knative allows you to manage the workflow as a service automatically.
Its event-based model allows you to implement designs that include registration, subscription, and connection to the external system.

Knative Architecture (Three core components of Knative)

Knative is a Kubernetes extension that allows you to build, run, and operate microservices using serverless traits. Knative is a Kubernetes-based framework to provide serverless containerization functionality. Knative has with three core components.

Image Credits:https://github.com/knative/docs/

Building- this component helps in extending and utilizing the existing primitives of Kubernetes that enables you to run on-cluster builds of the container from the source code. It allows getting the source code from the repository and the dependencies, building container images, and registering them.
Serving- this component is built on Kubernetes and Istio that supports the serverless application’s deployment. It also enables the rapid development of serverless containers, automatic scaling, and network programming for Istio components. It considers containers a scalable service that can range from one instance to thousand of container instances.
Eventing- it allows you to create a communication between the loosely-coupled event producers and consumers for building an event-driven architecture. Knative places these events in a queue to be performed automatically without the developers creating a script. These events are then delivered to the containers and send feeds to the producers to perform container tasks. These events will make a connection and send the event to a specific service. This reduces the developer’s workload of creating codes to establish the connection.

Some useful Kubernetes posts for reference

Conclusion: The future of Knative

Knative has changed the face of serverless computing by providing on-premise automatic scaling of event-based applications. Despite the new framework, it is making an impact on a more modular and interoperable system. It cannot be predicted that this solution will cover all the shortcomings and be the only option to run serverless architecture. But considering the benefits of Knative over other serverless alternatives make it more influential for the developers to implement it within their Kubernetes architecture.

Knative can help you save a great deal of time by eliminating the need to build and maintain your own Kubernetes extensions. Also it makes the developers’ lives easier and much better, because building custom extensions for Kubernetes is the type of task that is tedious and needs a lot of effort.

But with all that good things about Knative, you should also keep in mind that it is a relatively new tool which is still developing and evolving. So you should factor all aspects into mind and made a wise call, when adopting any new tool into your DevOps armoury.

The post What is Knative, and why should have a look at it in 2023 ! appeared first on DevopsCurry.

DevOps 2021: Kubernetes Cheatsheet for beginners

Mon, 09 Nov 2020 12:15:15 +0000

Kubernetes also known as K8s, is an open source container orchestrator. An orchestrator is a platform which helps in management, configuration, and deployment of containerized applications.

We can group together hosts running Linux containers and Kubernetes can effortlessly manage those clusters. Kubernetes automates essentially every process right from deployment, management and scaling of containerised applications.

Kubernetes was developed by Google. Google plays a big role in pioneering the Linux container technology. The main advantage of Kubernetes is that it provides a platform to optimize the clusters.

Things you can do with Kubernetes

* Container orchestration
* Automating the whole process hence reduces the error and time.
* Easy management of containers.
* Ideal for optimizing application for cloud based applications.

Now we have pretty much understood what and why is Kubernetes used. Now, let’s look at some of the commonly used terminology in Kubernetes.

Control Plane: Consider it as the starting point of all the assignments and tasks. It is essentially a group of processes that monitors the Kubernetes nodes.
Nodes: Node is also a machine which performs the tasks given by the control plane.
Pod: It is a group of containers which uses a single node. It is similar to how group of computers share the same network by group of computers. The machines connected to the same pod have the same IP address, hostname.
Kubelet: This is a service which runs on nodes. It takes care of the fact that containers are up and running.
Kubectl: This is a command line interface (CLI) configuration tool for Kubernetes. It communicates through Kubernetes API server. Kubectl facilitates to create, inspect, update, and delete Kubernetes objects.

Here we have a list of Kubernetes commands which comes in handy for any beginner. We have categorized the commands according to the components of Kubernetes architecture.

Cluster Management

kubectl version This command is used to display the current version running on the client and server.

kubectl config view This command is used to display the configuration of the cluster.

kubectl api-resources This command is used to display the list of the available API resources.

kubectl cluster-info This command provides the information about the master and services in the cluster.

Deployments

kubectl get deployment This command is used to get the information about all the deployments.

kubectl describe deployment This command provides the detailed state of deployment.

kubectl edit deployment This command is used to edit and update the definition of one or more deployment on the server.

kubectl create deployment This command is used to create a new deployment.

kubectl delete deployment This command is used to delete deployments

Nodes

kubectl get node This command is used to get the list of one or more nodes.

kubectl delete node This command is used to get delete nodes.

kubectl top node This command is used to get usage by CPU/Storage for nodes.

Kubectl get pods –o wide| grep This command is used to get a list of pods running on a node.

Pods

kubectl get pod This command is used to list one or more pods.

kubectl delete pod This command is used to delete a pod.

kubectl describe pod This command is used to display the detailed state of pods.

kubectl create pod This command is used to create a pod.

kubectl top pod This command is used to get the usage by CPU/storage for pods.

kubectl label pod This command is used to add or update the label of pod.

Replication Controllers

kubectl get rc This command is used to get the list of replication controllers.

kubectl get rc –namespace=”” This command is used to get the list of replication controllers by namespace.

Service Accounts

kubectl get serviceaccounts This command is used to display the detailed state of one or more service accounts
kubectl delete serviceaccount This command is used to delete a service account.

Logs

kubectl logs This command is used to get the logs for a pod.

kubectl logs –since=1h This command is used to get the logs for the last hour for a pod

kubectl logs –tail=20 This command is used to get the most recent 20 lines of logs

kubectl logs -f This command is used to print the logs for a pod and follow new logs

kubectl logs -c This command is used to print the logs for a container in a pod

kubectl logs pod.log This command is used to get the output of the logs for a pod into a file named ‘pod.log’

kubectl logs –previous This command is used to view the logs for a previously failed pod.

kubetail -s 5m This command is used to include the most recent 5 minutes of logs

Events

kubectl get events This command is used to list recent events for all resources in the system

kubectl get events –field-selector type=Warning This command is used to list Warnings only

kubectl get events –field-selector involvedObject.kind!=Pod This command is used to list events but exclude Pod events

Manifest Files

kubectl apply -f manifest_file.yaml This command is used to apply a configuration to an object by filename.

kubectl create -f manifest_file.yaml This command is used to create objects.

kubectl create -f ./dir This command is used to create objects in all manifest files in a directory.

kubectl create -f ‘url’ This command is used to create objects from a URL.

kubectl delete -f manifest_file.yaml This command is used to delete an object.

So in case you are a beginner and trying to learn Kubernetes, these kubectl or (kube-kutl) as we call them will definitely come handy for you during your initial phases. We will also share our next series of Kubernetes cheatsheet for intermediate & advanced level of users.

The post DevOps 2021: Kubernetes Cheatsheet for beginners appeared first on DevopsCurry.

Docker Cheatsheet for Beginners

Fri, 06 Nov 2020 14:20:16 +0000

Docker CheatSheet for Beginners

Imagine you are working on a critical project, it’s almost complete and you ask your manager to have a look at the status. He goes through the project and a few days later come up to you asking to accommodate some last minute changes and updates. This request itself sounds like a nightmare for any software developer and can give sleepless nights to many. Now you are thinking of all the components you need to install and update like the OS, dependencies, version you used previously on the server, several packages that are required, etc. The process is quite tedious and requires keeping several factors to keep in mind.

To help you overcome such situations, Docker comes to your rescue.

What is Docker?

Docker is a platform that helps in building a container for the applications. A container packages the code in such a way that all the application dependencies are easily managed and are taken care of. This helps in running the applications on any machine irrespective of the server infrastructure. We can run the same code on a Linux server or a Windows without much hassle.

How does Docker works?

In the above scenario to make our job easy, we can create a Docker container in the machine. We can have many Docker images inside a container; the image contains several parameters related to set java path, Ubuntu, apache version, etc. These parameters might be specific for an application but we can create multiple docker images inside a container. There might be another application that requires a similar configuration but with slight differences. In such cases docker comes very handily we can create the image from any existing docker images that can slightly modify some parameters as per requirement.

Setting up Docker locally on the machine

Download Docker from here once the setup is done, follow these steps. Like discussed above Docker creates images which can be reused later as and when required. ‘libcontainer’ is used to create docker container.

To create a Docker container, download the ‘hello world’ image, use the command–

$ docker run hello world

For checking the number of images on your system, use this command –

$ docker images

These are some of the basic commands to setup the docker container. Now in this post we are trying to share a list of docker commands which may come in handy for beginners.

List of Common Docker commands

$ docker run This command is used to run a command in a new container.

$ docker start This command is used to start one or more stopped containers.

$ docker stop This command is used to stop one or more running containers.

$ docker build This command is used to build an image form a Docker file.

$ docker push This command is used push an image or a repository to a registry.

$ docker pull This command is used pull an image or a repository from a registry.

$ docker export This command is used export a container’s file system as a tar archive

$ docker exec This command is used to run a command in a run-time container

$ docker search This command is used to search the Docker Hub for images

$ docker attach This command is used attach to a running container

$ docker commit This command is used create a new image from a container’s changes

$ docker –version This command is used to extract docker version information.

$ docker ps This command is used to fetch all the running containers.

$ docker kill This command forcefully terminates the container execution.

$ docker cp This command is used to copy files/folders between a container and the local machine.

$ docker events This command is used to fetch the real time events from the server.

$ docker plugin This command is used to manage the Plugins.

$ docker rename This command is used to rename a container.

$ docker container This command is used to manage the containers.

$ docker history. This command is used to show the history of an image.

$ docker restart This command is used to restart one or more containers.

$ docker rm This command is used to remove one or more docker containers.

$ docker rmi This command is used to remove one or more images.

$ docker login This command is used to log in to a Docker registry.

$ docker logout This command is used to log out from a Docker registry.

$ docker logs This command is used to fetch the logs of a container.

$ docker config This command is used to manage Docker configuration.

The post Docker Cheatsheet for Beginners appeared first on DevopsCurry.

Container – DevopsCurry

Container Security Scanning

An Brief Introduction On Container Security Scanning & Their Tools

What is Docker Security Scanning?

Container/ Docker Security Scanning Tools

Docker Bench

Clair

Anchore

OpenSCAP

Dagda

Black Duck OpsSight

Sysdig Falco

Dockle

Trivia

Hadolint

Conclusion

Platform Engineer VS DevOps Vs SRE : Understanding the difference

What is Platform Engineer?

What is DevOps Engineer?

What is an SRE? (Site Reliability Engineering)

Main differences Between Platform Engineer, DevOps & SRE

Conclusion:

Top 25 Docker Advanced Interview Questions in 2021

Docker Interview Questions with Answers (Intermediate/Advanced)

DevOps 2021 : A Docker Container Tutorial for Beginners

A look at Docker in 2021: The most preferred Container technology

What is Docker?

Docker architecture

Why is Docker so popular?

You can also read about our old posts on reasons to adopt Containers in 2021 and Docker Command Cheatsheet:

Advantages of Docker

Conclusion

What is Knative, and why should have a look at it in 2023 !

Understanding Knative: a Container-based Serverless tool

What is Knative?

Benefits of Knative

Knative Architecture (Three core components of Knative)

Conclusion: The future of Knative

DevOps 2021: Kubernetes Cheatsheet for beginners

Things you can do with Kubernetes

Cluster Management

Deployments

Nodes

Pods

Replication Controllers

Service Accounts

Logs

Events

Manifest Files

Docker Cheatsheet for Beginners

Docker CheatSheet for Beginners

What is Docker?

How does Docker works?

Setting up Docker locally on the machine

List of Common Docker commands