- What is Kubernetes and how should you monitor it? - A monitoring strategy that takes advantage of Kubernetes will give you a bird's eye view of your entire application’s performance, even if containers running your applications are continuously moving between hosts or being scaled up and down.
- How to optimize Kubernetes resource configurations for cost and performance - in part two of this Kubernetes guide, you'll get help balancing appropriate parameter configuration for any cluster you are working with now or in the future. You'll learn about requests and limits, measuring CPU utilization, and how to optimize Kubernetes resource allocation.
- Best way to install and use kubernetes for learning - reddit
- Kubernetes The Hard Way - This tutorial walks you through setting up Kubernetes the hard way. This guide is not for people looking for a fully automated command to bring up a Kubernetes cluster. Kubernetes The Hard Way is optimized for learning, which means taking the long route to ensure you understand each task required to bootstrap a Kubernetes cluster.
- Deploying a Kubernetes Cluster within Proxmox using Ansible
Saturday, November 12. 2022
Kubernetes Links
Sunday, November 6. 2022
Principles of Secure System Design
- A capable attacker will look for plaintext
- red/black separation
- Schneiers's principle
- Zooko's tradeoff
- Kerckhoffs's Principle
- Corollary to Metcalfe's principle [2]
- It is easier for insiders to steal information - also janitors, cleaners
- Design for known threats
- Design for future threats
- Design for unknown threats as far as possible
- existing systems persist
- defence in depth
- monoculture -> target more attractive, usually more brittle
- the capital and operating costs of well-designed secure systems are about the same as those of insecure ones until the insecure ones fail
- keep intrusion records
- keep i/o records
- cheap and effective security needs good system design.
- if it's expensive, it probably won't be effective.
- Unless it is for your use alone you do not control what a system is to be used for
- Even if it is for your use alone you do not control the resources which will be pitted against your system
- cryptanalysis is difficult - but people can do difficult things
- people offering the impossible are lying
- in code, nothing ever really goes away
The principles can sometimes be broken or wrong, unlike the laws.
[2] the security of a secret is inversely proportional to the square of the number of people who know it
- Peter Fairbrother
Laws of Secure System Design
- It's all about who is in control
- Someone else is after the things you have
- An attacker can't steal things which aren't there to steal
- Everywhere can be attacked
- More complex systems provide more places to attack
- Attack methods are many, varied, ever-changing and eternal
- Only those you trust can betray you
- Holes for good guys are holes for bad guys too
- A system which is hard to use will be misused, abused and underused
- Security is a Boolean. [1]
- Items of data once publicly linked cannot be reliably unlinked
[1] Looking back in time from the future - did it work? Then it was secure enough. Can be hard to see that from the present though, and even from the future not all harmful breaches can be seen.
- Peter Fairbrother
(Page 1 of 1, totaling 3 entries)