Secrets are essential for the operation of many production systems. Unintended secrets exposure is one of the top risks that should be properly addressed. Developers should do their best to protect application secrets. The problem becomes even harder, once a company moves to a microservice architecture and multiple services require…

Store API keys, passwords, certificates, and other sensitive data in cloud-native secret management services and access them from K8s clusters. — Introduction Secrets are essential for the operation of many production systems. Unintended secrets exposure is one of the top risks that should be properly addressed. Developers should do their best to protect application secrets. The problem becomes even harder, once a company moves to a microservice architecture and multiple services require…

Explore AWS spot Instances from the command line — TL;DR The spotinfo is a command-line tool you can use for exploring AWS Spot instances across multiple AWS regions. Introduction Using Amazon EC2 Spot instances is an excellent way to reduce EC2 on-demand instance cost, up to 90%. Whenever you have a workload that can survive VM interruption or be suspended and…

Throughout the lifecycle of your Kubernetes cluster, you may need to access a cluster worker node. This access could be for maintenance, configuration inspection, log collection, or other troubleshooting operations. …

Introduction If you ever tried to run a GPU workload on Kubernetes cluster, you know that this task requires a non-trivial configuration and comes with high cost tag (GPU instances are quite expensive). This post shows how to run a GPU workload on Kubernetes cluster in cost effective way, using Amazon…

A few weeks ago I presented, Chaos Testing for Docker Containers at ContainerCamp in London. You can find the original recording and slides at the end of this post and I’ve made some small edits to the text for readability and added some links for more context. Intro Software development is…

Suppose you want to debug a Node.js application already running on a remote machine inside Docker container. And would like to do it without modifying command arguments (enabling debug mode) and opening remote Node.js debugger agent port to the whole world. I bet you didn’t know that it’s possible and…

Starting from Docker 17.05+, you can create a single Dockerfile that can build multiple helper images with compilers, tools, and tests and use files from above images to produce the final Docker image. The “core principle” of Dockerfile Docker can build images by reading the instructions from a Dockerfile. A Dockerfile is a text file…

What is the bare minimum you need to build, test and run my Java application in Docker container? The recipe: Create a separate Docker image for each step and optimize the way you are running it. Introduction I started working with Java in 1998, and for a long time, it was…