A good recipe for OCI OKE

A few weeks back I have read that OCI OKE will now support Kubernetes 1.14.8. That is really great news and I have decided to refresh my GitHub repo, which I had created some time ago. It was also a perfect opportunity to record a small how-to vlog, just for you! 🙂 Kubernetes is a huge topic and for sure it is worth to invest time to explore this platform. Many of us believe containers are the future of IT despite the fact … that many think differently, so to speak, in the completely opposite directions. One extreme wing of believers believes in old good virtual machines when the others use to call VMs “just a legacy”, showcasing a bright future based on Functions as Service. Frankly speaking, I am not sure about any direction as the best one for everything. I am rational and I don’t want to be kinda “believer-guy”. Ok, maybe I will put it another way … I believe in a diverse world. During the last HashiConf 2019, Armon Dadgar in his keynote has called that “Multi-Everything“. In this diverse world, legacy stuff will coexist with many brand new cutting edge technologies. Kubernetes for sure lays somewhere in this broad landscape. In OCI for sure, it is and it will be one of the fundamental elements for current and future IT deployments. What do you think about it? Please, share your thoughts on that topic below if you think it is interesting. I am really open to discussion. Really, I am very curious… But meanwhile, I am encouraging you to watch my how2 video below 🙂 And one thing more! Many thanks for the honest feedback about this blog website and your subscription to our YouTube channel.

Bon Appetit!

Martin, The Cook.

How to create Web Application Firewall in OCI with Terraform

Security is the primary concern for every enterprise today, as traditional firewalls monitoring ports are not sufficient to keep up the pace with the advanced hackers. To protect from intelligent and malicious threats, we need modern and advanced tools to protect web applications. In this video, we will explore Oracle cloud infrastructure’s Web Application Firewall (WAF), how it can protect the web applications from Cross-Site Scripting(XSS), SQL injection and other OWASP-defined vulnerabilities. Then, we will see how WAF can be created using Terraform scripts available from the Github.

Terraform Module: https://github.com/terraform-providers/terraform-provider-oci/tree/master/examples/waas

 

OCI NSGs – an add-on to Terraform+OCI course

Yes, OCI is changing very quickly! 🙂 Everyone, who follows OCI release notes, knows that. Oracle Cloud Gen2 is updated with new features even a couple of times every single month.  It shouldn’t surprise you. That is how the modern cloud world works now. 🙂 In my Terraform+OCI short course, I was using security lists, but last summer in July 2019, in OCI new security feature, has been released – it has been called Network Security Groups (NSG). This new feature seems to be very popular in other cloud vendors configuration, so frankly speaking, it was rather obvious for me that OCI should embrace NSG, sooner or later. And now it is there in OCI and NSG concept is supported by Terraform OCI Provider (version >= 3.33.0) as well. NSG concept is more advanced and more elastic then Security Lists, mostly because it can be implemented on the VNIC level. It means you can still use Security List on the subnet level and then create some specific NSG for particular machines nested in this subnet. Security Lists and Network Security Groups work together as an union, is that right? 🙂 I guess you should check it up as fast as possible. 🙂 Here is a brand new video I have recorded for you. 🙂

Bon Appetit,

Martin, The Cook.

NewStuff series – dynamic VM shape resize in OCI with Terraform

I am trying to follow constantly updated release notes of OCI. Nearly every single day we have something new there, so sometimes it really hard to follow all of the news there. To read some theory is great, but test it is even greater… and harder, to be honest. So I was thinking it would be great to have a chance to watch this kind of testing on YouTube, especially with Terraform OCI Provider usage. To be sure Provider has been updated and it follows OCI’s Rest API changes. And you know what? I haven’t found such videos on YT! So…? So I have decided to record my own one. Pretty short in form. Just 3-5 minutes long. And here is the first one. It is about a new compute instance feature – dynamic VM shape resize. No more compute instance migration, no more compute instance re-provisioning. Just a couple of minutes to restart. And that is all! This elasticity is great!

Bon Appetit,

Martin, The Cook.

How to create shared block volume in OCI with Terraform

Yeah! That is the feature which I really like. Shared block volume attached to more than one compute instances. This feature has been announced in OCI in the middle of December 2019. One month later I have decided to test it with Terraform. I was hoping it would work not only in the OCI Console but also with my favorite automation runtime. So I have written this simple repo in GitHub. Worth to add I am not finishing the code at the moment of attachment between compute instances and volume block resource. I am including Terraform files that execute null_resources which are building OCFS2 on top of the volume which is visible as a device via iSCSI protocol. Most of the knowledge of how to do it have incorporated from this blog post. I think you can find my dish tasty and you can somehow reutilize this code in the future 🙂

Bon Appetit,

Martin, The Cook.

Building community …

I guess everybody knows it is important, but it is really difficult to start. I mean to share knowledge, then receive feedback from the followers, and ultimately stay there blogging with further efforts long term. That is the way to build a community and it is for sure hard. My idea was simple… to build the geeks community focused on Infrastructure as Code (IaC) paradigm. During the last few days, I have received a lot of positive feedback about my course and generally about this site. So it looks like my idea is valid and relevant. Now I am thinking about the future. And I am sure about one important thing. Writing alone, being a singleton, will not work efficiently. So what? So I am looking for the others, ready to join and collab here. For all IaC fans ready to join this site I have stickers! :-))) … If interested somehow, please drop me an e-mail at martin.linxfeld@foggykitchen.com. 🙂

Martin, The Cook.