Transcendence
After a quite long time, I read an interesting, thought provoking book. "Transcendence" - My Spiritual Experiences with Pramukh Swamiji by A.P.J. Abdul Kalam with Arun Tiwari.
This blog has many articles with label "Spiritual Science". This book is also about Spiritual Science. How a renown scientist looks at religion, philosophy, spirituality. I recommend, all people - with scientific temperament - must read:
(1) "Chapter 14. Walking Over the Waves" and
(2) "Part 3 Fusion of Science and Spirituality", particularly "Chapter 19 Mind Is the Matrix of All Matter" that talks about spirituality, quantum physics etc.
The entire book has diversified interesting topics. It talks about
- various philosopher, scientists, good people of different time and places.
- big bang, solar system, universe, galaxy etc.
- statistics about BAPS, and HDH Pramukh Swami Maharaj.
- India's space programme
- India's white revolution by Verghese Kurien
- Life of author A.P.J. Abdul Kalam. His native place. His teachers, relatives, other books. Also his role as president of India.
The last two pages of "chapter 20. Growing into Highly Evolved Physical and Spiritual Being" sheds light on how status quo of our own inner lives harms us: We denounce wisdom of others when it does not fit into our emotional framework. We choose to agree only with opinions of others who share our personal values and feelings...In this state of ignorance, we become subservient, we are at the mercy of the popular status quo.
It also reminds me, a story about bumblebee and an insect. A bumblebee offered ride to an insect across the beautiful garden. The insect took some of the bad smelling matter in his nose with him and could not understand, what the bumblebee was describing about different fragrance of different flowers. The bumblebee realized it and make the insects dawn into pond and take it out, so it can enjoy fragrance. Same way sometimes we are cut of – like a fortress. A Guru open a window in the fortress. Then also we need to put efforts to progress in this spiritual path. I was one of the fortunate persons, who listened to this story directly from HDH Pramukh Swami Maharaj. Prior to that I read it in some book by Swami Vivekanand or Ramkrishna Paramhansa.
You will like this book, regardless of you are bright atheist or committed religionists. Here is my favorite content from the book. You may also like it. It is in context of Galileo
People who are unable to understand perfectly both scripture and science far outnumber those who do understand them perfectly. The former glancing superficially through the scriptures, could easily arrogate to themselves the authority to decide upon every question of physics on the strength of some word which they have misunderstood, and which was consciously employed by the sacred authors for some different purpose. And the smaller number of understanding men could not dam up the furious torrent of such people. These people would gain the most followers, simply because it is much more pleasant to gain a reputation for wisdom without effort or study, than to consume oneself tirelessly in the most laborious disciplines.
We all have heard famous quote from Shrimad Bhagavad Gita:
Book: Transcendence
This blog has many articles with label "Spiritual Science". This book is also about Spiritual Science. How a renown scientist looks at religion, philosophy, spirituality. I recommend, all people - with scientific temperament - must read:
(1) "Chapter 14. Walking Over the Waves" and
(2) "Part 3 Fusion of Science and Spirituality", particularly "Chapter 19 Mind Is the Matrix of All Matter" that talks about spirituality, quantum physics etc.
The entire book has diversified interesting topics. It talks about
- various philosopher, scientists, good people of different time and places.
- big bang, solar system, universe, galaxy etc.
- statistics about BAPS, and HDH Pramukh Swami Maharaj.
- India's space programme
- India's white revolution by Verghese Kurien
- Life of author A.P.J. Abdul Kalam. His native place. His teachers, relatives, other books. Also his role as president of India.
The last two pages of "chapter 20. Growing into Highly Evolved Physical and Spiritual Being" sheds light on how status quo of our own inner lives harms us: We denounce wisdom of others when it does not fit into our emotional framework. We choose to agree only with opinions of others who share our personal values and feelings...In this state of ignorance, we become subservient, we are at the mercy of the popular status quo.
It also reminds me, a story about bumblebee and an insect. A bumblebee offered ride to an insect across the beautiful garden. The insect took some of the bad smelling matter in his nose with him and could not understand, what the bumblebee was describing about different fragrance of different flowers. The bumblebee realized it and make the insects dawn into pond and take it out, so it can enjoy fragrance. Same way sometimes we are cut of – like a fortress. A Guru open a window in the fortress. Then also we need to put efforts to progress in this spiritual path. I was one of the fortunate persons, who listened to this story directly from HDH Pramukh Swami Maharaj. Prior to that I read it in some book by Swami Vivekanand or Ramkrishna Paramhansa.
You will like this book, regardless of you are bright atheist or committed religionists. Here is my favorite content from the book. You may also like it. It is in context of Galileo
People who are unable to understand perfectly both scripture and science far outnumber those who do understand them perfectly. The former glancing superficially through the scriptures, could easily arrogate to themselves the authority to decide upon every question of physics on the strength of some word which they have misunderstood, and which was consciously employed by the sacred authors for some different purpose. And the smaller number of understanding men could not dam up the furious torrent of such people. These people would gain the most followers, simply because it is much more pleasant to gain a reputation for wisdom without effort or study, than to consume oneself tirelessly in the most laborious disciplines.
We all have heard famous quote from Shrimad Bhagavad Gita:
कर्मण्येवाधिकारस्ते मा फलेषु कदाचन ।
We have control/rights about our own actions only, not on its result / fruit / outcome. The same point when living Guru like HDH Praumkh Swami Maharaj explains with following words, it gives more insight understanding.
Do not confuse excellence with perfection. Excellence man can reach, but perfection is God's work.
- Pramukh Swami Maharaj
I have captured many such gems, thought provoking statements in my blog about this book. The book has four sections. So I wrote four blog posts covering pearls of wisdom from each section of the book. You may like to read:
Book: Transcendence
Transcendence - 4
---------------------------------------------------------------------------------------Let me share some pearls of wisdom from a book.
Transcendence
My Spiritual Experiences with Pramukh Swamiji
by A.P.J. Abdul Kalam
with Arun Tiwari.
This is not a book review.
This article is just like
'key take away points' for me.
The book is divided in 4 parts. This article covers 4th part of the book.
---------------------------------------------------------------------------------------
Part 4 Evolution of Creative Leadership
25
Let me not pray to be sheltered from dangers,
but to be fearless in facing them,
Let me not beg for the stilling of my pain, but
for the heart to conquer it.
Six basic fears in the order of their most common appearance :
1. fear of poverty
2. fear of criticism
3. fear of ill health
4. fear of loss of someone
5. fear of old age and
6. fear of death.
26
Moral excellence was more a matter of divine bequest
Body has five senses: touch, smell, taste, sight and hearing.
Soul has five qualities: intuition, peace, foresight, trust and empathy.
Self-giving to God's Will
Is without fail,
A slow-ripening
But most delicious fruit
27
The noble man, he says, will help others even with his bones, whereas the ignoble, governed by fear and greed, is completely worthless, and in a crisis will only sell himself
How could anyone wish to fatten himself by eating fat of other beings? Butchering is disgrace; and eating meat is senseless
Liquor does not differ from poison
Ethics, virtues, righteousness and purity indeed make a human different from the beast
We must be pure. I do not speak merely of the purity of senses. We must observe great purity in our wills, in our intentions - in all our actions.
The light of love, the purity of grace,
The mind, the Music breathing from (his) face,
The heart whose softness harmonized the whole -
And, oh! that eye was in itself a Soul !
Transcendence
My Spiritual Experiences with Pramukh Swamiji
by A.P.J. Abdul Kalam
with Arun Tiwari.
This is not a book review.
This article is just like
'key take away points' for me.
The book is divided in 4 parts. This article covers 4th part of the book.
---------------------------------------------------------------------------------------
Part 4 Evolution of Creative Leadership
25
Let me not pray to be sheltered from dangers,
but to be fearless in facing them,
Let me not beg for the stilling of my pain, but
for the heart to conquer it.
Six basic fears in the order of their most common appearance :
1. fear of poverty
2. fear of criticism
3. fear of ill health
4. fear of loss of someone
5. fear of old age and
6. fear of death.
- Napoleon Hill (from his classic book 'Think and Grow Rich' 1937)
Man can create nothing which he does not first conceive in the form of an impulse of thought.
Death is not extinguishing the light; it is only putting out the lamp because the dawn has come.
- Rabindranath Tagore
May we be fearless, from friends and enemies, from known and unknown.
From night and day, may all the direction be our allies.
- From Atharva Veda (XIX, 15:6)
26
Moral excellence was more a matter of divine bequest
- Socrates
Body has five senses: touch, smell, taste, sight and hearing.
Soul has five qualities: intuition, peace, foresight, trust and empathy.
Self-giving to God's Will
Is without fail,
A slow-ripening
But most delicious fruit
27
The noble man, he says, will help others even with his bones, whereas the ignoble, governed by fear and greed, is completely worthless, and in a crisis will only sell himself
- Thiruvalluvar - A Tamil poet and philosopher. From book Thirukkural 1080
How could anyone wish to fatten himself by eating fat of other beings? Butchering is disgrace; and eating meat is senseless
- Thiruvalluvar - A Tamil poet and philosopher. From book Thirukkural 254
Liquor does not differ from poison
- Thiruvalluvar - A Tamil poet and philosopher. From book Thirukkural 926
Ethics, virtues, righteousness and purity indeed make a human different from the beast
We must be pure. I do not speak merely of the purity of senses. We must observe great purity in our wills, in our intentions - in all our actions.
- HDH Pramukh Swami Maharaj
The light of love, the purity of grace,
The mind, the Music breathing from (his) face,
The heart whose softness harmonized the whole -
And, oh! that eye was in itself a Soul !
- Lord Byron (English Poet)
There is more than enough good to go around. There are more than enough create ideas. There is more than enough power, love, joy.
28
Access to higher consciousness is the purpose of human evolution, and non-violence is the means to access the higher consciousness.
Eight measures of self realization
1. Smyak gyan: Appropriate knowledge
2. Smyak darshan: Appropriate philosophy
3. Smyak charitra: Appropriate conduct
Five great vows for appropriate conduct
4. Ahimsa: non-violence
5. Satya: truthfulness
6. Asteya: not stealing
7. Bhramacharya: abstinence
8. Aprigriha: No possessions
Forgiveness is ultimately gift to ourselves. Only through forgiveness can wounds heal.
The truth is, unless you let go - unless you forgive yourself, unless you forgive the situation, unless you realize that the situation is over - you cannot move forwards
30
The purpose of human life is to serve, and to show compassion and the will to help others.
28
Access to higher consciousness is the purpose of human evolution, and non-violence is the means to access the higher consciousness.
Eight measures of self realization
1. Smyak gyan: Appropriate knowledge
2. Smyak darshan: Appropriate philosophy
3. Smyak charitra: Appropriate conduct
Five great vows for appropriate conduct
4. Ahimsa: non-violence
5. Satya: truthfulness
6. Asteya: not stealing
7. Bhramacharya: abstinence
8. Aprigriha: No possessions
- Vardhman Mahaveer (Jainism)
- English: One world family
- Sanskrit: Vasudhaiva Kutumbakam
- Tamil: Every country is my own and all the people are my kinsman. Purananuru Tamil poem in 300-100 BC
- Unity (tawhid) has 3 categories: Unity of God, Unity of religion and Unity of mankind, in Ahmadiya Muslim community
- "The earth is one country, and mankind its citizens" - Baha'ullah (founder og Bahai faith) in book "Tablet of Maqsud"
- Ubuntu - prominent philosophy of South Africa means 'humanness' 'humanity towards other' ' the belief in a universal bond of sharing that connects all humanity'
Everything is connected and non-violence is an expression of this interconnection.
29
As I walked out of the door towards the gate that would lead to my freedom, I know if I didn't leave my bitterness and hatred behind, I'd still be in prison.
- Dr. Nelson Mandela (while coming out prison after 27 years)
Great peacemakers are all people of integrity, of honesty, and of humility.
- Dr. Nelson Mandela
The weak can never forgive, Forgiveness is the attribute of the strong
- Mahatma Gandhi
Forgiveness is ultimately gift to ourselves. Only through forgiveness can wounds heal.
The truth is, unless you let go - unless you forgive yourself, unless you forgive the situation, unless you realize that the situation is over - you cannot move forwards
30
The purpose of human life is to serve, and to show compassion and the will to help others.
- Albert Schweitzer
If you are serious about your health, think and take most concern for your peace of mind.
- Dalai Lama
Compassion has three components
1. cognitive: I understand you
2. affective: I feel for you
3. motivational: I want to help you
- Thupten Jinpa (eminent Tibetan scholar and translator of Dalai Lama)
True renewal relies on three key elements
1. Mindfulness
2. Hope
3. Compassion
i have just three things to teach
1. simplicity
2. patience
3. compassion
These three are your greatest treasures.
1. Mindfulness
2. Hope
3. Compassion
i have just three things to teach
1. simplicity
2. patience
3. compassion
These three are your greatest treasures.
- HDH Pramukh Swami Maharaj
31
Never underestimate the power of dreams and the influence of the human spirit. We are all the same in this motion: the potential for greatness lives within each of us.
- Wilma Rudolph (African-American sprinter)
Vision without action is merely a dream
Action without vision just passes the time;
but vision with action can change the world.
32
We must reprogramme ourselves to understand that cooperation is a higher principle than competition.
The senses are not always reliable. Infinite intelligence does not err.
Quite time spent in reflection, a life of rigour and austerity; simple service does at any place to help the poor, the deprived, the disadvantaged and the disabled - and aiding animals and the environment - are method by which infinite intelligence may be most readily contacted.
Let us make our planet more liveable!
Epilogue
What a dream I had! I thought.
Or is this the dream into which I have not woken?
Spoken Sanskrit Workshops by me
Spoken Sanskrit Workshops: My students, are performing at last day closing ceremony. They learnt Sanskrit in just 10 days. Daily 2 hours. 10 x 2 = 20 hours. Feeling happy for my students, their fast progress and wishing all of them all the best for further Sanskrit study, good health, good wealth and happy life.
I will keep updating this list, in future.
1. Jun - July 2013 https://www.youtube.com/playlist?list=PL0faGNhyuhch7jrwVDwMAJexxgGbeQuFb
2. Sept - Oct 2013 https://www.youtube.com/playlist?list=PL0faGNhyuhcgle-nkBDCGVBWTxMjQlZpl
3. Feb 2014 https://www.youtube.com/playlist?list=PL0faGNhyuhciJj0IxPsZQe2_VYrlblLQp
4. Feb 2016 https://www.youtube.com/playlist?list=PL0faGNhyuhcivnD_xcfwIqooojUBto9l6
5. April 2017: https://www.youtube.com/playlist?list=PL0faGNhyuhciSRsxC1rm4qCYRSanDVI2h
6. Feb 2019: https://www.youtube.com/playlist?list=PL0faGNhyuhcgGDlwwyKmiL40XtK3VN8mR
I will keep updating this list, in future.
1. Jun - July 2013 https://www.youtube.com/playlist?list=PL0faGNhyuhch7jrwVDwMAJexxgGbeQuFb
2. Sept - Oct 2013 https://www.youtube.com/playlist?list=PL0faGNhyuhcgle-nkBDCGVBWTxMjQlZpl
3. Feb 2014 https://www.youtube.com/playlist?list=PL0faGNhyuhciJj0IxPsZQe2_VYrlblLQp
4. Feb 2016 https://www.youtube.com/playlist?list=PL0faGNhyuhcivnD_xcfwIqooojUBto9l6
5. April 2017: https://www.youtube.com/playlist?list=PL0faGNhyuhciSRsxC1rm4qCYRSanDVI2h
6. Feb 2019: https://www.youtube.com/playlist?list=PL0faGNhyuhcgGDlwwyKmiL40XtK3VN8mR
OSN Days 2019
Take Away points
- Hyperledger Telecom Special Interest Group (TCSIG) has released many white papers about usage of blockchain in telecom. https://wiki.hyperledger.org/display/TCSIG/Telecom+SIG+Reading+List
- Linux Foundation Edge is focusing on various verticals by diverse set of projects: https://www.lfedge.org/projects/
- O-RAN Software Community (SC) The first two release cover plumbing of different components. Subsequent releases will focus more on end to end cases.
- Linux Foundation has Acumos project to develop AI apps. It is a platform and open source framework.
- eBPF is promising technology. The speaker claimed, its performance is as good as DPDK. With DPDK, your code need to process all packets. With eBPF, you just check and if packet is irrelevant, you can pass it back to Linux Kernel to process it. Here are important github repo Click Here Click Here
- An introductory session on OVP (OPNFV Versification Program) certification. OVP verifies (1) VNF and (2) Infrastructure for VNF. It is an initiative to help operators. OVP certifies (1) compliance (2) validation and (3) performance.
Overview of sessions
1. ONAP
- At present, ONAP is mainly for VNF. There is only one sample CNF is available to run on ONAP.
- ONAP's Dublin release has initial user cases for 5G. ONAP's Frankfurt release will have features for 5G end-to-end network slicing.
- ONAP has two components: (1) Design framework generates VNFD, NSD (2) Run-time framework is about monitoring and service assurance. K8s and ONAP can have slight overlap of functionality. E.g. Horizontal scaler of K8s
- The ONAP Orange OpenLab can be accessed by any ONAP contributor for hands-on with ONAP.
2. "OVS HW offload engagement with Mellanox".
- One need to adjust BIOS settings, CPU clock, NIC card driver option, OS parameters etc to get maximum throughput.
- The counters for Bytes transmit/receive was resetting in just 3 miniutes.
- The PCIe was also bottleneck, to achieve 100 Gbps throughput.
- Here are important tools/utility/command for throughput measurement and optimisation:
- Traffic Control module of Linux Kernel.
- TRex Traffic Generator
- Testpmd
3. "Dynamic Orchestration for 5G Slicing"
- 3GPP TS 23.502, ETSI and GSMA defines network slicing.
- NEST is Network Slicing Task Force.
- 5G network slicing characteristics (1) End to end in nature, (2) Dynamic or runtime connections (3) Multi Domain (4) Shared Resources.
- 5G network slicing has three functions (1) Communication Service function is associated with BSS domain (2) Network slice management function (3) Network slice subnet management function.
- SDC (Service Design and Creation) of ONAP defines network slice template, network slice subnet template etc.
- NSI (Network Slice Instance) and ONAP service has one to one mapping.
- Orange has contributed with Service Resolver Click Here Click Here
4. "Tungsten Fabric"
- Service chaining in K8s
- Tungsten Fabric and Akraino based network edges
- Four modes of Tungsten Fabric.
- MSO API in ONAP
- Tungsten Fabric and NSM
- Tungsten Fabric can configure any router that supports BGP
General Comments:
- There
are plenty of open source projects for telecom. Mobile operators are willing
to go for the one which are “popular”. The “popular” can be the one which
are used by most of their competitors.
- Now, the traditional marketing people have less role to influence the customer in Telecom world. If a company has more participation and contribution to
open source projects then it results in more influence in purchasing
decision of customer. It results in more business. The engineers from R&D team participates and contribute to open source projects.
News:
- Tech Mahindra and Business Finland Sign MoU for Research and Development in 5G and 6G
- O-RAN Software Community (SC) has delivered its first release, just few weeks back.
- NSMCon 2019 was event about Network Service Mesh
- There is an event "Open Networking and Edge Summit", scheduled by Linux Foundation in April 2020 https://events.linuxfoundation.org/open-networking-edge-summit-north-america/
- Kubernetes Forum Bengaluru on 17th Feb https://events.linuxfoundation.org/kubernetes-forum-bengaluru/
IPTables Flow Chart
Another interesting flowchart about IPTables in general
Reference: https://stuffphilwrites.com/2014/09/iptables-processing-flowchart/
Reference: https://stuffphilwrites.com/2014/09/iptables-processing-flowchart/
KubeProxy IPTables
I found this flowchart about execution of different rule chains of IPTables firewall. It is based on various configurations and service types. So let me share it with readers of my blog. Express YourSelf !
Reference :
https://twitter.com/thockin/status/1191766983735296000?lang=en
https://docs.google.com/drawings/d/1MtWL8qRTs6PlnJrW4dh8135_S9e2SaawT410bJuoBPk/edit
Another relevant diagram:
Ref: https://www.stackrox.com/post/2020/01/kubernetes-networking-demystified/
Reference :
https://twitter.com/thockin/status/1191766983735296000?lang=en
https://docs.google.com/drawings/d/1MtWL8qRTs6PlnJrW4dh8135_S9e2SaawT410bJuoBPk/edit
Another relevant diagram:
K8s Security : References from Kubecon2019
Extended NodeRestrictions for Pods: https://bit.ly/2XdeWOF
Bounding Self-Labeling Kubelets: https://bit.ly/351BaFN
Choose a minimal base image https://bit.ly/37eTPzT
Run as non root! https://bit.ly/2qpUNJ7
Use resource limits https://bit.ly/37k48Tx
Use least privilege authorization https://bit.ly/2CV1INd
Restrict network access https://bit.ly/37cL9dv
Node Authorizer: https://bit.ly/33XRIPb
Node Restriction: https://bit.ly/2QkRqhk
Kubelet Static Pods: https://bit.ly/2Qj0DGL
Extended NodeRestrictions for Pods: https://bit.ly/2XdeWOF
Bounding Self-Labeling Kubelets: https://bit.ly/351BaFN
ReplicaSet deletion logic: https://bit.ly/2NQTL1O
Run as non-root using security context https://bit.ly/2qpUNJ7
Minimal base images: https://bit.ly/37eTPzT
Resource limits: https://bit.ly/37k48Tx
Least privilege: https://bit.ly/2CV1INd
GKE hardening guide: g.co/gke/hardening
GKE sandboxes: g.co/gke/sandbox
Kata containers: katacontainers.io
Bounding Self-Labeling Kubelets: https://bit.ly/351BaFN
Choose a minimal base image https://bit.ly/37eTPzT
Run as non root! https://bit.ly/2qpUNJ7
Use resource limits https://bit.ly/37k48Tx
Use least privilege authorization https://bit.ly/2CV1INd
Restrict network access https://bit.ly/37cL9dv
Node Authorizer: https://bit.ly/33XRIPb
Node Restriction: https://bit.ly/2QkRqhk
Kubelet Static Pods: https://bit.ly/2Qj0DGL
Extended NodeRestrictions for Pods: https://bit.ly/2XdeWOF
Bounding Self-Labeling Kubelets: https://bit.ly/351BaFN
ReplicaSet deletion logic: https://bit.ly/2NQTL1O
Run as non-root using security context https://bit.ly/2qpUNJ7
Minimal base images: https://bit.ly/37eTPzT
Resource limits: https://bit.ly/37k48Tx
Least privilege: https://bit.ly/2CV1INd
GKE hardening guide: g.co/gke/hardening
GKE sandboxes: g.co/gke/sandbox
Kata containers: katacontainers.io
State of Kubernetes Security https://bit.ly/2OdqgWC
“The Devil in the Details: Kubernetes’ First Security Assessment”
https://bit.ly/34VkAr2
Walls Within Walls: What If Your Attacker Knows Parkour?”
https://bit.ly/33PZiLl
“Binary Authorization in Kubernetes” https://bit.ly/32L2yqj
“Piloting Around the Rocks: Avoiding Threats in Kubernetes”
https://bit.ly/36XLAbc
“Hello from the Other Side: Dispatches from a Kubernetes
Attacker” https://bit.ly/2NBpe7Y
“How Kubernetes Components Communicate Securely in Your
Cluster” https://bit.ly/2QrIzKP
“Sig-Auth Update” https://bit.ly/2Kk7kEQ
“Attacking and Defending Kubernetes Clusters: A Guided Tour”
https://bit.ly/36Xb0G0
kubectl productivity
Auto Complete
source <(kubectl completion bash) # setup autocomplete in bash into the current shell, bash-completion package should be installed first.
echo "source <(kubectl completion bash)" >> ~/.bashrc # add autocomplete permanently to your bash shell.
Context
kubectx helps you switch between clusters back and forth:kubens helps you switch between Kubernetes namespaces smoothly:
Explain
kubectl explain
command outputs the specification of the requested resource or field.
Alias
A script to generate hundreds of convenient kubectl aliases programmatically.
Syntax explanation
k=kubectlsys=--namespace kube-system
- commands:
g=getd=describerm=deletea:apply -fex:exec -i -tlo:logs -f
- resources:
po=pod,dep=deployment,ing=ingress,svc=service,cm=configmap,sec=secret,ns=namespace,no=node
- flags:
- output format:
oyaml,ojson,owide all:--allor--all-namespacesdepending on the commandsl:--show-labelsw=-w/--watch
- output format:
- value flags (should be at the end):
n=-n/--namespacef=-f/--filenamel=-l/--selector
Reference
eBPF, OPA, Blackbox exporter, ffwd, Heroic
eBPF can be used for
1. Map application and HA architecture
2. Detect network issues
3. Identify misbehaving svc
https://www.youtube.com/watch?v=thBCB7YeZ2g&list=PLj6h78yzYM2NDs-iu8WU5fMxINxHXlien&index=3
Open Policy Agent https://github.com/open-policy-agent/opa can be used to validate CRD
https://www.youtube.com/watch?v=DUe_8nf42Ik&list=PLj6h78yzYM2NDs-iu8WU5fMxINxHXlien&index=5
The blackbox exporter allows blackbox probing of endpoints over HTTP, HTTPS, DNS, TCP and ICMP. https://github.com/prometheus/blackbox_exporter
ffwd is a flexible metric forwarding agent. It is intended to run locally on the system and receive metrics through a wide set of protocols and then forward them to your TSDB. https://github.com/spotify/ffwd
Heroic A scalable time series database based on Bigtable, Cassandra, and Elasticsearch. https://github.com/spotify/heroic
https://www.youtube.com/watch?v=AA8e5v43AcU&list=PLj6h78yzYM2NDs-iu8WU5fMxINxHXlien&index=6
1. Map application and HA architecture
2. Detect network issues
3. Identify misbehaving svc
https://www.youtube.com/watch?v=thBCB7YeZ2g&list=PLj6h78yzYM2NDs-iu8WU5fMxINxHXlien&index=3
Open Policy Agent https://github.com/open-policy-agent/opa can be used to validate CRD
https://www.youtube.com/watch?v=DUe_8nf42Ik&list=PLj6h78yzYM2NDs-iu8WU5fMxINxHXlien&index=5
The blackbox exporter allows blackbox probing of endpoints over HTTP, HTTPS, DNS, TCP and ICMP. https://github.com/prometheus/blackbox_exporter
ffwd is a flexible metric forwarding agent. It is intended to run locally on the system and receive metrics through a wide set of protocols and then forward them to your TSDB. https://github.com/spotify/ffwd
Heroic A scalable time series database based on Bigtable, Cassandra, and Elasticsearch. https://github.com/spotify/heroic
https://www.youtube.com/watch?v=AA8e5v43AcU&list=PLj6h78yzYM2NDs-iu8WU5fMxINxHXlien&index=6
Easily Observing Operators
kube-state-metrics you can gather the following state about your cluster:
- Counts of each object type
- All of the Kubernetes labels and their values attached to each object
- The creation time (as an epoch) of each object
- Some generic, object specific “info”
- Other states specific to the object in question
kube-state-metrics can be deployed like a classic Kubernetes service with only one replica.
List of metrics
Metrics about your CRD
Kustomize plugins
This is the third article out of three articles on Kubernetes tool : Kustomize. This article covers the plugins.
kustomize plugins
Kustomize offers a plugin framework allowing people to write their own resource generators and transformers.
kustomization.yaml
generators:
- gen_file.yaml
transformers:
- trans_file.yaml
Let's focus on gen_file. Trans_file will be similar.
gen_file.yaml
apiVersion: "apiVersion"
kind: Gen_File
metadata:
name: "some name"
Now the file name "Gen_File" will be searched at path
XDG_CONFIG_HOME = $HOME/.config = /home/manish.config
/home/manish/.config/kustomize/plugin/${apiVersion}/LOWERCASE(${kind})
Possible value for apiVersion = someteam.example.com/v1
If failed then "Gen_File.so" will be searched at same path
This file will be invoked with gen_file.yaml
Reference : https://github.com/kubernetes-sigs/kustomize/tree/master/docs/plugins
Built-in plugins : https://github.com/kubernetes-sigs/kustomize/tree/master/plugin/builtin
https://github.com/kubernetes-sigs/kustomize/blob/master/examples/chart.md
https://github.com/kubernetes-sigs/kustomize/blob/master/examples/secretGeneratorPlugin.md
https://github.com/kubernetes-sigs/kustomize/blob/master/examples/goGetterGeneratorPlugin.md
https://github.com/kubernetes-sigs/kustomize/blob/master/examples/validationTransformer/README.md
https://github.com/kubernetes-sigs/kustomize/blob/master/examples/transformerconfigs/README.md
Plugin Development
https://github.com/kubernetes-sigs/kustomize/blob/master/docs/plugins/execPluginGuidedExample.md
https://github.com/kubernetes-sigs/kustomize/blob/master/docs/plugins/goPluginGuidedExample.md
kustomize plugins
Kustomize offers a plugin framework allowing people to write their own resource generators and transformers.
kustomization.yaml
generators:
- gen_file.yaml
transformers:
- trans_file.yaml
Let's focus on gen_file. Trans_file will be similar.
gen_file.yaml
apiVersion: "apiVersion"
kind: Gen_File
metadata:
name: "some name"
Now the file name "Gen_File" will be searched at path
XDG_CONFIG_HOME = $HOME/.config = /home/manish.config
/home/manish/.config/kustomize/plugin/${apiVersion}/LOWERCASE(${kind})
Possible value for apiVersion = someteam.example.com/v1
If failed then "Gen_File.so" will be searched at same path
This file will be invoked with gen_file.yaml
Reference : https://github.com/kubernetes-sigs/kustomize/tree/master/docs/plugins
Built-in plugins : https://github.com/kubernetes-sigs/kustomize/tree/master/plugin/builtin
https://github.com/kubernetes-sigs/kustomize/blob/master/examples/chart.md
https://github.com/kubernetes-sigs/kustomize/blob/master/examples/secretGeneratorPlugin.md
https://github.com/kubernetes-sigs/kustomize/blob/master/examples/goGetterGeneratorPlugin.md
https://github.com/kubernetes-sigs/kustomize/blob/master/examples/validationTransformer/README.md
https://github.com/kubernetes-sigs/kustomize/blob/master/examples/transformerconfigs/README.md
Plugin Development
https://github.com/kubernetes-sigs/kustomize/blob/master/docs/plugins/execPluginGuidedExample.md
https://github.com/kubernetes-sigs/kustomize/blob/master/docs/plugins/goPluginGuidedExample.md
UseCases of Kustomize
This is the second article out of three articles on Kubernetes tool : Kustomize. This article covers the usecases.
==============================
UseCase 1 : Config map generation and secreat generation
secretGenerator:
- name: myregistrykey
type: docker-registry
literals:
- docker-server=DOCKER_REGISTRY_SERVER
- docker-username=DOCKER_USER
- docker-password=DOCKER_PASSWORD
- docker-email=DOCKER_EMAIL
This is same as:
kubectl create secret docker-registry myregistrykey --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL
Same as above configMapGenerator
configMapGenerator
- name: profile
files:
- hello.config
We can also merge two configmaps
configMapGenerator:
- name: my-configmap
behavior: merge
files:
- plumbing.properties
- secret.properties
Configmap from literals
configMapGenerator:
- name: my-configmap
literals:
- foo=bar
- baz=qux
==============================
UseCase 2 : Creating multiple variants using overlays.
Edit attributes as per specific file. Here localserv.yaml . Keyword is patchesStrategicMerge
kustomize edit add patch ocalserv.yaml
bases:
- ../../base
patchesStrategicMerge:
- localserv.yaml
Multi Variant Examples:
https://github.com/kubernetes-sigs/kustomize/blob/master/examples/helloWorld/README.md
https://github.com/kubernetes-sigs/kustomize/blob/master/examples/breakfast.md
we can use "kustomize diff base/variant1/variant2" command to see the difference.
==============================
UseCase 3 : edit container image and tag
kustomize edit set image busybox=alpine:3.6
images:
- name: busybox
newName: alpine
newTag: 3.6
==============================
UseCase 4 : Remote Target
kustomize build can be run on a URL.
The effect is the same as cloning the repo, checking out a particular ref (commit hash, branch name, release tag, etc.), then running kustomize build against the desired directory in the local copy.
==============================
UseCase 5 : applying a JSON patch. Replace and add
cat <$DEMO_HOME/ingress_patch.json
[
{"op": "replace", "path": "/spec/rules/0/host", "value": "foo.bar.io"},
{"op": "replace", "path": "/spec/rules/0/http/paths/0/backend/servicePort", "value": 8080}
]
EOF
You can also write the patch in YAML format. This example also shows the "add" operation:
cat <$DEMO_HOME/ingress_patch.yaml
- op: replace
path: /spec/rules/0/host
value: foo.bar.io
- op: add
path: /spec/rules/0/http/paths/-
value:
path: '/test'
backend:
serviceName: my-test
servicePort: 8081
EOF
patchesJson6902:
- target:
group: apps
version: v1
kind: Deployment
name: my-nginx
path: patch.yaml
==============================
UseCase 6 : Patch on multiple objects
JSON patch and strategic merge patch can be applied to selected resources
patches:
- path: "PatchFile"
target:
group: "Group"
version: "Version"
kind: "Kind"
name: "Name"
namespace: "Namespace"
labelSelector: "LabelSelector"
annotationSelector: "AnnotationSelector"
==============================
UseCase 7 : Injecting k8s runtime data into containers
https://github.com/kubernetes-sigs/kustomize/blob/master/examples/wordpress/README.md
==============================
UseCase 1 : Config map generation and secreat generation
secretGenerator:
- name: myregistrykey
type: docker-registry
literals:
- docker-server=DOCKER_REGISTRY_SERVER
- docker-username=DOCKER_USER
- docker-password=DOCKER_PASSWORD
- docker-email=DOCKER_EMAIL
This is same as:
kubectl create secret docker-registry myregistrykey --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL
Same as above configMapGenerator
configMapGenerator
- name: profile
files:
- hello.config
We can also merge two configmaps
configMapGenerator:
- name: my-configmap
behavior: merge
files:
- plumbing.properties
- secret.properties
Configmap from literals
configMapGenerator:
- name: my-configmap
literals:
- foo=bar
- baz=qux
==============================
UseCase 2 : Creating multiple variants using overlays.
Edit attributes as per specific file. Here localserv.yaml . Keyword is patchesStrategicMerge
kustomize edit add patch ocalserv.yaml
bases:
- ../../base
patchesStrategicMerge:
- localserv.yaml
Multi Variant Examples:
https://github.com/kubernetes-sigs/kustomize/blob/master/examples/helloWorld/README.md
https://github.com/kubernetes-sigs/kustomize/blob/master/examples/breakfast.md
we can use "kustomize diff base/variant1/variant2" command to see the difference.
==============================
UseCase 3 : edit container image and tag
kustomize edit set image busybox=alpine:3.6
images:
- name: busybox
newName: alpine
newTag: 3.6
==============================
UseCase 4 : Remote Target
kustomize build can be run on a URL.
The effect is the same as cloning the repo, checking out a particular ref (commit hash, branch name, release tag, etc.), then running kustomize build against the desired directory in the local copy.
==============================
UseCase 5 : applying a JSON patch. Replace and add
cat <
[
{"op": "replace", "path": "/spec/rules/0/host", "value": "foo.bar.io"},
{"op": "replace", "path": "/spec/rules/0/http/paths/0/backend/servicePort", "value": 8080}
]
EOF
You can also write the patch in YAML format. This example also shows the "add" operation:
cat <
- op: replace
path: /spec/rules/0/host
value: foo.bar.io
- op: add
path: /spec/rules/0/http/paths/-
value:
path: '/test'
backend:
serviceName: my-test
servicePort: 8081
EOF
patchesJson6902:
- target:
group: apps
version: v1
kind: Deployment
name: my-nginx
path: patch.yaml
==============================
UseCase 6 : Patch on multiple objects
JSON patch and strategic merge patch can be applied to selected resources
patches:
- path: "PatchFile"
target:
group: "Group"
version: "Version"
kind: "Kind"
name: "Name"
namespace: "Namespace"
labelSelector: "LabelSelector"
annotationSelector: "AnnotationSelector"
==============================
UseCase 7 : Injecting k8s runtime data into containers
https://github.com/kubernetes-sigs/kustomize/blob/master/examples/wordpress/README.md
