Security Group Strategy for AWS

Fig .1

Grenadier Guards are an elite British Army infantry regiment. People say they are strong as a mountain and ruthless as hell. They protect the doors of Buckingham Palace which are the world’s most valuable residence. No one dares to enter. Likewise, our hosted resources in the cloud are of utmost important and valuable to us. We need some method to protect it and restrict the initial point of contact from the attacker an unwanted audience. Let’s discuss it further on how we can use the security group in the best way to secure our EC2 instances.

AWS is a cloud provider which means the services which we use are hosted at AWS data center. EC2 (Elastic Cloud Compute ), which we use to create instances, is one of many services provided by AWS.

Continue reading “Security Group Strategy for AWS”

Kubernetes Diary – Software LoadBalancer

Problem Statement..?

Most of us, who have used Kubernetes with a public cloud, have created a cloud loadbalancer as well. Ever thought about how can this be achieved in a Private Data Center. The easiest way would be to use the concept of Node Port and expose our services with it. In this blog, however, we won’t take the easy way out. Well, at least not the easiest way. We are going to talk about ways to achieve the same goal of Software LoadBalancer in a Private Data Center with some interesting tools.

Kubernetes Cluster on Bare Metal System Made Possible using MetalLB

Continue reading “Kubernetes Diary – Software LoadBalancer”

Elasticsearch Cluster Monitoring

Elasticsearch is a scalable, full-text search and analytics engine based on Apache Lucene. It is Java-based and allows you to store, search, and analyze big volumes of data quickly in near real-time. It can search and index the document files in diverse formats. Lucene is the underlying technology that Elasticsearch uses for extremely fast data retrieval.

As flexible, scalable, and useful as Elasticsearch is, monitoring your cluster can help you ensure that the cluster is appropriately sized and handles all operations efficiently.

Continue reading “Elasticsearch Cluster Monitoring”

Opstree’s Logging (EFK) Operator

Logging is a critical part of monitoring and there are a lot of tools for logs monitoring like Splunk, Sumologic, and Elasticsearch, etc. Since Kubernetes is becoming so much popular now, and running multiple applications and services on a Kubernetes cluster requires a centralized, cluster-level stack to analyze the logs created by pods.
One of the well-liked centralized logging solutions is the combination of multiple opensource tools i.e. Elasticsearch, Fluentd, and Kibana. In this blog, we will talk about setting up the logging stack on the Kubernetes cluster with our newly developed operator named “Logging Operator”.

Continue reading “Opstree’s Logging (EFK) Operator”

Stop Wasting Money, Start Cost Optimization for AWS!

Generally, organizations move towards AWS to furnish their foundation with the capacity to develop and extend their abilities and because they can only pay for the resources they use. An unfortunate side effect of this methodology is that little costs regularly go unnoticed and can add up over time, prompting high monthly bills. The monetary effect of the current pandemic is forcing the world to adjust spending within their organizations. Everybody is turning over every rock to discover approaches to cut waste without impacting business. One way to get fast cost savings is to eliminate wasted spend on cloud services.

Continue reading “Stop Wasting Money, Start Cost Optimization for AWS!”

That’s Why Iptable Is Not A Good Fit For Domain Name?

Law And Order Svu Nbc GIF by SVU - Find & Share on GIPHY

Context

Let’s first talk about how it all started with and what we achieved.

It’s all started with a healthy discussion with a team where our team members were discussing many aspects of different fields of technology. So, one of our colleagues mentioned OpenVPN. So, we discussed the different working field, architecture, workflow of OpenVPN, in which role of iptables comes into the picture because for Linux architecture, OpenVPN support iptables as it’s primary firewall utility or can say OpenVPN support iptables as it’s a firewall for filtering workflow.

So in-between discussion, I mentioned that I am using iptables in OpenVPN to block traffic for the domain name and it is working fine. So, my colleague asked me about how you implemented & how is it possible to use iptables for domain and they discussed multiple logical explanations like OSI layer support and many other things. So, we decided to do POC of this discussion and try to write-up some blog or points to make clear that is it possible use iptables for the domain name and if not, what are the area that we can cover with iptables for the domain name and try to cover up flaws of this. Continue reading “That’s Why Iptable Is Not A Good Fit For Domain Name?”

Why APM is Extremely Significant!

We all have faced the problem when the system gets too slow. Have you wondered why this problem occurs? Well, there could be several reasons but one of them is application performance. In today’s time, the term application has become very large and complex. Users using these applications often choose different mediums, as they have separate goals and requirements as per their needs.

This diversity in consumption medium brings complexity in a configuration which is only increasing in today’s time. Application performance means how available your application is for this real-world which brings us to APM. In this blog, first of all, we will discuss, what is APM, why it is needed, and what are the APM tools, which can help us obtain the information and health of the system.

Continue reading “Why APM is Extremely Significant!”

Why We Should Use Transit & Direct Connect Gateways!

A BIG THANK YOU TO TRANSIT AND DIRECT CONNECT GATEWAYS

In everyone’s career path, this particular situation always comes when we think that everything will work out fine when, suddenly, out of the blue, we realize that a big issue is waiting to happen. We freak out about what are we gonna do before this issue knocks at your door ..Right? 

Something similar happened to me some time ago, so let me cut to the chase. 🙂

I will explain why there is benefit in using transit and direct connect gateways by telling you what issues we faced without it.

Continue reading “Why We Should Use Transit & Direct Connect Gateways!”

How to Setup Jenkins in a few minutes!

Have you ever gone through the situation when your Jenkins goes down without any backup of your jobs and then you have to waste a lot of time and effort to re-create all your resources from scratch? We had also faced the same problem, but now We are free from it We have found a solution.

You might really want to know, how. What if, I say you can create a Jenkins server with the same configuration without any efforts and most importantly without wasting months, days, or even hours. Yes, you can set up your Jenkins in just 30 mins as we did.

Continue reading “How to Setup Jenkins in a few minutes!”

HAProxy Hurdles Walkthrough

HAProxy is one of the most frequently used and efficient tools out there for load-balancing. It is highly configurable and can handle almost all of one’s needs to set up a HA, scalable infrastructure in both, HTTP and TCP. Its clientele is a testament to that as it is used and recommended by various heavy-hitters in the industry like Airbnb, Github, instagram, reddit, etc. 

Continue reading “HAProxy Hurdles Walkthrough”