Tag: DevOps
Trigger Azure DevOps Pipeline with a Python Script
We can use Azure DevOps API to trigger an ADO pipeline. In this quick start demo , we will go through how to trigger an Azure DevOps pipeline with a Python script. I have already created an ADO pipeline called demo-pipeline. we are going to trigger this pipeline by using below Python script. Following parameters…
Monitoring Alerts for GCP IAM Policy Changes
In this quick demo, we are going setup Monitoring Alerts for GCP IAM Policy changes, meaning we will get alerts for GCP IAM Role assignments and removals to users, service accounts and groups. To setup alerts for IAM changes first we need to create log based metric for logs which contains setIamPolicy method. I’m going…
Alertmanager Setup on Kubernetes for Prometheus Monitoring
In this quick start demo, we are going to do Alertmanager setup on Kubernetes cluster to handle Prometheus alerts. We will use slack as alert receiver. What is Alertmanager? The Alertmanager handles alerts sent by Prometheus server. It takes care of deduplicating, grouping, and routing them to the correct receiver integrations such as email, PagerDuty,…
Grafana Setup for Prometheus Server on Kubernetes
What is Grafana? Grafana open source software enable users to query, visualize, alert on, and explore metrics, logs, and traces wherever they are stored. Grafana provides tools to turn time-series database (TSDB) data collected by tools like Prometheus, into insightful graphs and visualizations. In this quick start demo, we are going to deploy Grafana application…
Prometheus Node Exporter Setup on Kubernetes
What is Node Exporter? A Prometheus Exporter is a small application that can fetch monitoring metrics from a target system and expose those metrics through a web URL to allow a Prometheus server to scrape those metrics. Node exporter exports hardware and OS metrics for *NIX kernels. By default, Kubernetes does not expose node level…
How to Deploy a GKE Cluster with Spot Instance Node Pool
Google Kubernetes Engine (GKE) GKE service allows users to provision Kubernetes clusters to host containerized applications on Google Cloud infrastructure. GKE cluster consists of one or more Compute Engine Instances. With GKE, users can gain benefit of advanced cluster management features like load-balancing, node pools, automatic scaling, automatic upgrades, auto-repair, logging and monitoring. GKE clusters…
Vulnerability Scanning in GitHub CI/CD Workflow using Grype
What is Grype? Grype is a vulnerability scanner for container images and filesystems. It’s processor is Anchore engine. Grype can scan a directory, container image or SBOM file. Grype can be used in a CI/CD workflow to find out security issues in git PRs or to check main/master branches with scheduled workflow runs. When using…
Security Scanning in GitHub CI/CD workflow using Trivy
What is Trivy? Trivy is an open-source security vulnerability and misconfiguration scanning tool. It can scan Container images, Filesystems, Git repos and Kubernetes Cluster/Resources. Trivy can be used in a CI/CD workflow to find out security issues in git PRs or to check main/master branch with scheduled workflow runs. It supports table, json, sarif output…
Security Scanning on GitHub code repo using CodeQL
What is CodeQL? CodeQL is a code analysis engine and query tool for running security vulnerability checks to find out vulnerabilities across a repository. CodeQL treats code like data. When we run CodeQL, it extracts a single relational representation of each file in the codebase to create CodeQL database. Then it runs queries against the…
Application Performance Profiling by using GCP Cloud Profiler
What is Profiling and GCP Cloud Profiler? Performance profiling allows to discover which unit of application, is misbehaving in terms of execution time and system resource usage. For example, if a function in an application takes 80% of time, it’s worth investigating and fixing it to improve overall app performance. Analysing performance of production application…