V!kash Gautam, Author at DEVOPS DONE RIGHT

Dependency Management with Renovate: Beyond the Limits of Dependabot

While mature CI pipelines often incorporate security scanner tools like Trivy and Clair. But these tools primarily identify vulnerabilities and to fix those vulnerabilities, developers manually upgrade versions of those dependencies like packages, libraries, etc.

Manually managing dependencies in software development can be a time-consuming and error-prone process, leading to several challenges. What if we use a tool that scans the entire repo and detects if updates/patches are available or not and raises PR to upgrade dependency automatically, allowing developers to review and merge them as needed. This proactive approach helps prevent the introduction of vulnerabilities in the first place by ensuring dependencies are kept up-to-date until it is zero-day vulnerabilities.

This blog introduces you to Renovate, a powerful open-source tool that automates dependency management. As an open-source, it offers various ways of installing and configuring it. We will specifically focus on installation using the command-line interface (CLI), in this blog.

Continue reading “Dependency Management with Renovate: Beyond the Limits of Dependabot”

Kubernetes CRI — Container Runtime Interface

Kubernetes is one of the most popular projects around container orchestration but it’s quite interesting that Kubernetes itself has no code to run or manage Linux/windows containers. So, what is running the containers within your Kubernetes pods?

Yes… Kubernetes doesn’t run your containers

It’s just an orchestration platform sitting above container runtimes. No code to run a container and to manage the container’s lifecycle on its own, instead, dockershim was implemented (in kubelet ) for talking to Docker as container runtime. I will talk about dockershim in the later section of the blog.

Also, docker has grown and matured over the last few years and has gained a stack of components like runc (open container initiative), containerd (CNCF project). OCI (est. in June,2015) splits docker into two parts:

1) to handle docker cli & processing requests and
2) to handle container running functions i.e runC.

High Level Overview — Before OCI standards

How to fix error “[SSL: CERTIFICATE_ VERIFY_FAILED] certificate verify failed” (_ssl.c:727)

While working with one of our banking sector clients (hybrid cloud ), we encountered the error:

fatal error: SSL validation failed for https://bucket_name.s3.ap-south-1.amazonaws.com/file_name “[SSL: CERTIFICATE_ VERIFY_FAILED] certificate verify failed” (_ssl.c:727)

Scenario:

I was copying one file from s3 bucket to one of the newly launched servers x.x.x.x via AWS cli with below mentioned command.

Enable Support to Provision GP3 Volumes in Storage Class

No matter where organizations are in their cloud journey, cloud cost optimization remains an essential and top-priority concern. As organizations align increasing workloads to the cloud in terms of size there is a high possibility to lose sight of the overall cloud environment and the costs associated with it. Therefore, it’s essential to optimize cloud costs so as to maximise return over investment (ROI). With the same concern we were working towards reducing the cost of provisioned storage for one our clients. This post covers a particularly interesting issue around the same.

A Closer Look at coreDNS

Introduction:

The purpose of this blog is not to go deep into coreDNS rather explain how DNS works in kubernetes, what coreDNS contains and how the corefile uses plugins. So let’s get started.

Continue reading “A Closer Look at coreDNS”