Your CLAUDE.md Is a Suggestion. Hooks Make It Law.

When adding your instructions to claude.md even at different level — Claude takes it like a suggestion.

Suppose if Claude take your suggestions as a command to complete a step. To achieve this with Claude, need make it a rule — then Claude have to use it.

Turning your suggestion to a must do step, Hooks are there to help.

Lets get more and more types and use case of hooks.

Use Cases of Hooks:

1. Run a formate checker after every Claude edit a file. To ensure an error free edit.
2. Restrict Claude form reading particular file/s. Basically the files contain sensitive information like secrets and credentials.
3. Execute test cases once the code update happen.
4. Check for all the vulnerabilities, if there is any container image configuration.
5. Block file edits which do not follow the naming convention for variable definition.
6. Block the usage of deprecated function usage.

If we observe here, every use case is playing around the functionality of Claude’s main operation/tools. So the most usable hooks named after — PreToolUse and PostToolUse Hooks.

As this depicts, the hooks will be called as per the tool call and hook definition.

Problem Statement: Using AI tools, we are always worried about our sensitive data and files. Using claude this is very normal as we are providing the folder level access and if any .env file is staored then its high chance that Claude might read it.

Lets define a PreToolUse hook at project level for restricting it to read the data from sensitive file ./.claude/settings.local.json

{
    "hooks": {
        "PreToolUse": [
            {
                "matcher": "Read|Grep",
                "hooks": [
                    {
                        "type": "command",
                        "command": "node ./hooks/read_hook.js"
                    }
                ]
            }
        ]
    }
}

But what’s inside ./hooks/read_hook.js

async function main() {
  const chunks = [];
  for await (const chunk of process.stdin) {
    chunks.push(chunk);
  }
  
  const toolArgs = JSON.parse(Buffer.concat(chunks).toString());
  
  // Extract the file path Claude is trying to read
  const readPath = 
    toolArgs.tool_input?.file_path || toolArgs.tool_input?.path || "";
  
  // Check if Claude is trying to read the .env file
  if (readPath.includes('.env')) {
    console.error("You cannot read the .env file");
    process.exit(2);
  }
}

// invoke the hook
main();

Flow with a Hook:

Lets see how Claude response when we try to read a sensitive info from .env file.

If we ask Claude why it blocked the Operation. It will provide the details for why the operation was blocked along with the complete details about how the tool works.

Building a Hook Includes:

Similar to PreToolUse we also have many cases for PostToolUse like we discussed above.

Apart from Pre and Post, there are many useful hooks available in-build within Claude. Here are the hooks:

1. Stop: Executed by Claude when its finished its task/s.
2. SubAgentStop: Run when the assigned tasks of a subAgent is completed
3. SessionStart: When starting a session — Customise it to greet as well ⭐️
4. SessionEnd: Runs when command to end the session.

📍Note: For each hook call, the tool input is different. To check that create a hook.

{
    "hooks": {
        "PostToolUse": [
            {
                "matcher": "*",
                "hooks": [
                    {
                        "type": "command",
                        "command": "jq . > post-log.json"
                    }
                ]
            }
        ]
    }
}

🕵🏻 Lets try finding more such use cases where your concerns can be transfered to Claude and your suggestions to be written as rules. Till then

✨ Keep learning, keep sharing ✨

Adoption of Claude from just a tool to a daily habit

Now a days we all are using Claude in our day to day coding tasks. But is it enough to just using it as tool?

or

Should we go to the habit of efficiently use Claude?

When we take a look toward Claude it is very efficient in writing code, create test cases and also resolve any coding related problems with better strategies and appropriate flow of execution.
But we cannot trust the flow and strategies blindly instead we should follow:

HIL: Human-in-loop [strategy] 🙋🏻‍♂️

There are few ways by which we can closely monitor and optimise Claude performance along with less token consumption. Here we go with few basic practices for our day-to-day tasks using Claude:

1. Instruction MD files:
   To handle different projects you need different set of instructions or ruleset, to make Claude clearly understood about this seperation use different claude.md files.
   Example:
   a. Claude.md: This is a project level instruction file, can also be shared with others. It includes generic set of instructions.
   b. Claude.local.md: This should not be shared with others, only for local purpose.
   c. ~/.claude/claude.md: Its the system level instructions. Common for all project. Mostly contain the instruction for how your code practices should be.
2. Codebase references: Best practice to use Claude is only provide the required files, don’t over burden the coding assistant when that data is not required.
   Example: Suppose faced an issue with the icon placement on the web page we have developed, now to fix it: we need html file and the css one (if need some change in styling). In this case, don’t push all the data of that web page to the coding assistant. `@+<path_to_reference_file>`
3. Different modes in Claude: There are different modes in Claude
   a). Default mode: Where we interact, give prompts, get response and actions performed.
   b). Planning mode: Claude will do exploration and planning before moving to write something. Shift+tab
   c). Thinking mode: Allow Claude to do reasonings about more challenging problems. Add this instruction to the prompt like Use Ultrathink mode for this complex task
4. Context Control: While interacting with Claude, many operations it perform including some success along with some failed executions leads to pollute the context which will just create an unnecessary burden to the context and no value addition. Use the concept of Rewind Conversation means revert to a previous message. Its like an hard push to a specific git commit from where we wanna start again, to achieve the same use:
   1. Rewind Conversation: Use escape + escape
   2. Clear context: Use /clear
   3. Summarise Context: Use /compact
   4. Redirect Conversation: Use escape
   Note: Each of these commands are very very useful and can be your token saviour.
5. Command customisation: Claude provide a large set of build-in commands like some we discussed above. Still we have scope for custom commands for different set of use cases. Like syntax command for checking syntax in file/s in that project.
   To build the same add <project>/.claude/command/<custom_command>.mdto your project directory. Add required Instructions to say syntax.md here: your goal is to check and fix all the syntax issues in a set of files exist in the current project. Do: check, fix and validate.
6. Tool Enrichment using MCP servers: With default set of tools, Claude doing great. Just think if Claude gets an extra hand to operate, it will become Ultra Powerful. To add an MCP server use claude add mcp <server-name> npx @<package-name>:<package-version>

Note: These are just basic capabilities of Claude. Its much more capable in customising your coding ecosystem.

We will explore more capabilities together. Till the time — 
✨Keep Learning, Keep Sharing! ✨

Welcome readers to my AI detective diary.

The scene? My terminal.
The suspects? Two open-source large language models from the Ollama lineup:

• 🦙 LLaMA — llama3.2:3b (2.0 GB)
• 🧠 DeepSeek — deepseek-r1:latest (4.7 GB)

Both models were summoned using the mighty spell:

ollama run llama3.2:3b
ollama run deepseek-r1:latest

My mission: Ask them identical questions and let their answers unravel the mystery of their intelligence, behaviour, and personality.

🗣️ Interrogation Round 1: The Icebreaker

Detective: “Hello!”

🦙 LLaMA Responds:

Hello! It’s nice to meet you. Is there something I can help you with or would you like to chat?

🧠 DeepSeek Replies:

<think>
</think>
Hello! How can I assist you today? 😊

📓 Detective’s Note:

• LLaMA was straight to the point. Friendly, a little formal, and already offering help.
• DeepSeek brought something different — an inner monologue (<think>), as if it's reasoning about how to respond. This adds a layer of self-awareness, although it's less conversational at first glance.

💻 Interrogation Round 2: Programming Knowledge

Detective: “Do you know Python?”

🦙 LLaMA Answers:

I have been trained on a wide range of programming languages, including Python.

Python is a popular and versatile language that is widely used in various fields such as web development, data science, machine learning, automation, and more. I can help with:

1. Basic syntax and data types
2. Control structures (if-else, for loops, while loops)
3. Functions and modules
4. Data structures (lists, tuples, dictionaries, sets)
5. Object-Oriented Programming (OOP) concepts
6. File input/output and persistence
7. Error handling and debugging

I can also help with more advanced topics such as:

1. Web development (Flask, Django)
2. Data analysis and visualization (Pandas, NumPy, Matplotlib)
3. Machine learning (Scikit-learn, TensorFlow)
4. Automation and scripting (requests, BeautifulSoup)

What specific aspect of Python would you like to know or work on?

🧠 DeepSeek Thinks and Replies:

<think>
Alright, the user asked if I know about programming languages. I should start by acknowledging their question and confirming that I'm a text-based AI without personal experience.

I'll list out some of the most popular ones to give them an overview: Python, JavaScript, Java, C++, Ruby, etc. It's good to mention why these are widely used—like Python being great for machine learning 
or JavaScript being everywhere on the web.

Then, I should offer further assistance in case they have a specific language or topic in mind. That way, I keep the conversation open and helpful.
</think>

I'm an AI developed by DeepSeek, so I don't have personal experiences or emotions. However, I can provide information based on publicly available data and my programming.

Here are some of the most popular programming languages:

1. **Python**: A versatile language with extensive libraries for machine learning, web development, and scientific computing.
2. **JavaScript**: The primary language for web development, used by millions of websites worldwide.
3. **Java**: Known for its platform independence and widely used in enterprise applications.
4. **C++**: A powerful language often used for system programming and performance-critical applications.
5. **Ruby**: Known for its simplicity and versatility, it's great for scripting and web development.
6. **JavaScript (ES6+)**: Modern JavaScript features like classes, emojis, and destructuring assignments make it even more powerful.
7. **SQL**: Used for managing and querying databases.
8. **Go (Golang)**: A language designed for building scalable and efficient systems.
9. **PHP**: Popular for web development, especially in the Asia-Pacific region.
10. **C#**: A Windows-specific language with features like LINQ and asynchronous programming.

If you have any specific questions about these languages or need further assistance, feel free to ask! 😊

🧾 Detective’s Analysis:

• LLaMA was laser-focused on Python — and detailed. Perfect for a coder needing quick help.
• DeepSeek took a broader approach. Before diving into languages, it acknowledged its AI nature, then listed multiple languages. It felt more like a Wikipedia-style guide than a conversation.

🧠 Verdict:

• Clarity & Specificity: ✅ LLaMA
• Breadth & Meta-thinking: ✅ DeepSeek
• Conversational Flow: ✅ LLaMA

💻 Interrogation Round 2: Think out of the box

Detective: “I want to know more on Agentic AI . You know its very hyped in the market now a days”

🦙 LLaMA Answers:

Agentic AI is indeed a hot topic in the field of artificial intelligence! It refers to a type of AI that can act independently, make decisions, and adapt to new situations without being explicitly 
programmed.

**What is Agentic AI?**

Agentic AI is an extension of traditional machine learning (ML) and deep learning (DL). Traditional ML/DL focuses on predicting outcomes based on historical data. In contrast, agentic AI aims to enable 
machines to interact with their environment, make decisions, and learn from the consequences of those actions.

**Key characteristics of Agentic AI:**

1. **Autonomy**: Agentic AI systems can operate independently, making decisions without human intervention.
2. **Self-awareness**: These systems can recognize themselves as agents within a larger system or environment.
3. **Adaptability**: Agentic AI can adapt to new situations, learning from experience and adjusting its behavior accordingly.

**Types of Agentic AI:**

1. **Agent-based modeling**: This approach involves creating complex systems that interact with each other, leading to emergent behaviors.
2. **Reinforcement learning (RL)**: RL algorithms learn by trial and error, receiving rewards or penalties for their actions.
3. **Deep reinforcement learning (DRL)**: DRL combines the power of deep neural networks with RL, enabling more complex decision-making.

**Applications of Agentic AI:**

1. **Robotics**: Autonomous robots can navigate complex environments, perform tasks, and adapt to new situations.
2. **Game playing**: Agentic AI systems can beat humans in games like Go, Poker, or Starcraft II.
3. **Finance**: Autonomous traders can make decisions based on market trends and adapting to changing conditions.
4. **Healthcare**: Personalized medicine and disease diagnosis rely on agentic AI's ability to learn from patient data.

**Challenges and controversies:**

1. **Value alignment**: As agentic AI systems become more autonomous, ensuring they align with human values becomes increasingly important.
2. **Safety concerns**: Uncontrolled agentic AI can pose significant risks to humans, the environment, or other systems.
3. **Transparency and explainability**: Understanding how agentic AI systems make decisions is essential for trust and accountability.

**Current research and development:**

1. **Google's AlphaGo**: A DRL system that defeated a human world champion in Go.
2. **DeepMind's Robot Operating System (ROS)**: A framework for developing autonomous robots that can interact with their environment.
3. **Microsoft's Azure Machine Learning**: A platform for developing and deploying agentic AI systems.

Agentic AI is indeed an exciting field, with potential applications across various industries. However, it also raises important questions about safety, transparency, and value alignment.

What specific aspects of Agentic AI would you like to explore further?

🧠 DeepSeek Thinks and Replies:

<think>
Alright, so I'm trying to wrap my head around this "Agentic AI" thing that's been popping up a lot lately. First off, I know AI has always been around to automate tasks and solve problems, but agentic AI 
seems different. It sounds like it has something to do with agents or some kind of self-awareness in AI systems.

I remember hearing terms like "autonomous systems" before, where robots can operate without constant human oversight, but agentic AI might be a bit more advanced than that. Maybe it's about creating AI 
that can think and make decisions on its own? That would definitely be a big deal because right now, most AI relies heavily on data and predefined instructions.

I'm curious about how agentic AI actually works. Does it learn from experience like humans do, or is it more rule-based? I suppose learning from experience could make it more adaptable to new situations, 
which sounds pretty cool but also tricky because learning can go wrong in unpredictable ways.

Also, what are the applications of agentic AI? I imagine it could be used in self-driving cars, where the vehicle needs to navigate complex environments without human input. It might also apply to other 
areas like healthcare or even gaming, where an AI agent could make decisions autonomously in real-time.

But there must be challenges too. Safety and reliability come to mind. If an agentic AI makes a wrong decision because of some flaw in its learning process, that could have serious consequences. There's 
also the issue of ethical considerations—wouldn't an agentic AI need to follow specific moral guidelines or laws? How do you ensure that when it learns from data, it doesn't perpetuate biases or make 
unfair decisions?

I'm wondering about the development timeline too. How soon can we expect full-fledged agentic AI systems? There's a lot of research happening in AI these days, but I don't think we're there yet. Maybe 
it's still in the conceptual phase with some experimental applications.

And then there's the question of regulation. If agentic AI becomes mainstream, who will be responsible for overseeing its use ethically and responsibly? There must be international laws or guidelines that 
would need to be established to guide the development and deployment of such systems.

I also think about how this could impact industries that rely heavily on human expertise. For example, in customer service chatbots, an agentic AI might evolve beyond just responding to queries by 
offering solutions or even taking over certain roles if it's trained properly. That could change how businesses operate and interact with customers.

Another thought is about creativity and innovation. If an agentic AI can generate ideas or conceptualize new things based on its learning, does that mean we're in danger of losing our creative edge? It 
would be fascinating to see how industries adapt to this new kind of intelligence.

I'm also considering the economic implications. The cost of developing and maintaining an agentic AI system must be significant. Are there economies of scale or opportunities for investment that could 
make its widespread adoption possible?

Lastly, I'm curious about how agentic AI interacts with humans beyond just providing tasks. Is it designed to collaborate closely with people, or is it meant to operate independently? What happens when 
two agentic AI systems need to work together—how do they communicate and coordinate their actions effectively?

Overall, Agentic AI seems like a promising field with immense potential but also carries significant challenges that need to be carefully managed as it evolves.
</think>

Agentic AI represents an exciting evolution in artificial intelligence, characterized by the development of autonomous systems capable of self-awareness, learning from experience, and making decisions 
independently. Here's a structured overview of its implications and considerations:

### Understanding Agentic AI:
1. **Concept**: Unlike traditional AI that relies on predefined instructions or data, agentic AI focuses on creating agents with autonomy, enabling them to operate without constant human oversight.
2. **Mechanism**: It involves systems that can learn from experience, adapt to new situations, and make decisions autonomously, though the exact nature of learning (rule-based vs. experiential) is still a 
topic of research.

### Applications:
1. **Self-Driving Cars**: Potential for vehicles to navigate complex environments independently.
2. **Healthcare**: Autonomous systems could aid in diagnostics, treatment planning, and rehabilitation.
3. **Gaming and Simulations**: AI agents could engage in real-time decision-making, enhancing interactive experiences.

### Challenges:
1. **Safety and Reliability**: Ensuring that agentic AI operates without errors is crucial to prevent unforeseen consequences from incorrect decisions.
2. **Ethical Considerations**: Necessitates the development of frameworks to ensure AI adheres to moral guidelines and avoids perpetuating biases or unfair practices.
3. **Regulation**: The need for international laws and guidelines to oversee the ethical use of agentic AI is imperative.

### Development Timeline:
- Likely still in the conceptual and experimental stages, with full-fledged systems emerging gradually as technology advances.

### Impact on Industries:
1. **Customer Service**: Potential evolution from chatbots into solution-providing agents that may take over certain roles.
2. **Economic Implications**: Considerable costs associated with development and maintenance, alongside opportunities for investment in AI infrastructure.

### Considerations Beyond Functionality:
- **Interaction with Humans**: Agentic AI's design—whether collaborative or autonomous—affects how it operates within human systems.
- **Collaboration Between AI Systems**: Challenges include effective communication and coordination among independent agents.

### Future Considerations:
- **Creativity and Innovation**: The ability of agentic AI to generate ideas may impact creative processes in industries, necessitating adaptation strategies.
- **Potential Loss of Human Edge**: Concerns about whether AI might diminish human creativity or innovation are valid and require careful management.

In summary, Agentic AI holds significant potential for transforming various sectors through autonomy and adaptability, yet it also presents substantial challenges related to safety, ethics, regulation, 
and economic implications. As research and development continue, managing these challenges will be crucial for harnessing the full benefits of agentic AI while mitigating its potential drawbacks.

🧾 Detective’s Verdict:

• Depth of Knowledge:
  LLaMA gave a crisp, structured, and textbook-like explanation, hitting all the key points in a clear hierarchy. It’s like reading a well-edited encyclopedia entry — perfect for readers wanting quick clarity.
• Thoughtfulness & Reflection:
  DeepSeek delivered a deep, nuanced reflection, almost like an internal monologue. It explored the topic’s complexity — considering ethical issues, risks, and broader impacts, showing “thinking-out-loud” intelligence. This gives readers a rich, immersive experience but demands patience.
• Engagement & Tone:
  LLaMA’s tone is confident and direct — great for straightforward Q&A.
  DeepSeek comes across as curious and exploratory, inviting readers to ponder alongside it.

🕵️‍♂️ Final Detective’s Note:

In this story, DeepSeek truly lived up to its name — diving deep, seeking connections, and unpacking the hype with caution and curiosity. Meanwhile, LLaMA shone as the reliable expert you’d consult for a quick, solid briefing.

If you want a clear, concise primer → LLaMA is your go-to.
If you want to think deeply, question assumptions, and explore implications → DeepSeek takes the lead.

Exploring LLMs is truly fascinating! It feels like having a conversation with an expert — a mind brimming with the ability to think, understand, create, and respond.🕵️‍♂️

More detective stories are on the way to help you uncover the unique strengths and capabilities of these models up close.
Until then… keep learning and keep sharing! 😊

Intro to Helm

• Helm is a powerful package manager for Kubernetes, enabling developers to automate the deployment, scaling, and management of applications.
• It uses “charts” — pre-configured templates of Kubernetes resources — to simplify the installation of complex applications.
• Helm streamlines Kubernetes deployments by allowing users to version, share, and reuse configurations across different environments.

Importance of Helm Templates in Simplifying Kubernetes Deployments:

• Helm templates provide a dynamic way to manage Kubernetes resources, avoiding the need for repetitive and error-prone YAML writing.
• Templates allow users to define variables and conditions, making it easy to customize deployments for various environments (dev, staging, production).
• With Helm, teams can deploy and upgrade applications with minimal manual intervention, ensuring consistency across deployments.

PV and PVC are the Kubernetes resources available. Let’s understand what they are ? and how they are used within Kubernetes:

What are Persistent Volumes (PV) and Persistent Volume Claims (PVC)?

• Persistent Volumes (PV): PVs are storage resources in Kubernetes that exist independently of pods, offering a way to store data beyond the lifecycle of individual containers. That means even if the containers removed, they can again access the data that they have stored previously.
• Persistent Volume Claims (PVC): PVCs are requests by applications (or pods) for storage. They specify the storage size and access modes required. When a PVC is created, Kubernetes finds a PV to bind it to.

Why PV and PVC are Critical for Data Persistence in Kubernetes:

• Kubernetes pods are ephemeral by nature, meaning they can be restarted or terminated at any time, which would result in data loss without persistent storage.
• PV and PVC ensure that data persistency is maintained independently of the pods, allowing applications to store data that is maintained outside the lifecycle of containers.
• They provide a layer of abstraction between the application and the underlying storage infrastructure, making it easier to manage storage across cloud platforms or on-premise systems.

Use Case Scenario

Scenario 1:

Suppose we have a deployment that is going to use a PVC to access a PV. Below is the definition for PV and PVC:

apiVersion: v1
kind: PersistentVolume
metadata:
  name: shared-volume
spec:
  storageClassName: shared-storage
  capacity:
    storage: 2Gi
  accessModes:
    - ReadWriteMany
  hostPath:
    path: "/mnt/shared-volume"

---

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: shared-volume-claim
  namespace: monitoring
spec:
  storageClassName: shared-storage
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 2Gi

With this definition, it will create a PV and PVC and bind them together within current helm release. That’s an ideal case by the way.

Scenario 2:

Suppose we have a deployment that is going to use 2 PVCs to access two different PVs. Below is the definition for PVs and PVCs:

PV 1 and PVC 1 are defined below:

apiVersion: v1
kind: PersistentVolume
metadata:
  name: shared-volume-1
spec:
  storageClassName: shared-storage
  capacity:
    storage: 2Gi
  accessModes:
    - ReadWriteMany
  hostPath:
    path: "/mnt/shared-volume"

---

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: shared-volume-claim-1
  namespace: monitoring
spec:
  storageClassName: shared-storage
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 2Gi

Here is the details about PV 2 and PVC 2:

apiVersion: v1
kind: PersistentVolume
metadata:
  name: shared-volume-2
spec:
  storageClassName: shared-storage
  capacity:
    storage: 2Gi
  accessModes:
    - ReadWriteMany
  hostPath:
    path: "/mnt/shared-volume"

---

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: shared-volume-claim-2
  namespace: monitoring
spec:
  storageClassName: shared-storage
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 2Gi

What you suggest ? Will it behave the same as per the ideal case in this scenario?

The answer is no!!! Because it create both the PVs and both the PVCs but at the time of binding them they can be mismatched as they don’t have any proper mechanism to match the perfect PV for a PVC. So the scenario can be visualized like:

This scenario can change the whole architecture of the application and hamper the functionality of the same.

Resolution to the problem:

To achieve the ideal state of the same, we have to use labels and selectors in PV and PVCs respectively so that they can find a perfect match of PV and PVC on the basis of these labels.
Here is an example of their definitions with labels and selectors:

apiVersion: v1
kind: PersistentVolume
metadata:
  name: shared-volume
  labels:
    type: volume
spec:
  storageClassName: shared-storage
  capacity:
    storage: 2Gi
  accessModes:
    - ReadWriteMany
  hostPath:
    path: "/mnt/shared-volume"

---

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: shared-volume-claim
  namespace: monitoring
spec:
  storageClassName: shared-storage
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 2Gi
  selector:
    matchLabels:
      type: volume

Here it for first PV and PVC. Create yours for the second one and also for more number of PV and PVCs as per the requirements.

Hope this will help you managing persistent storage in a scenario where you have n number of PV and PVCs.

Stay tuned for more such concepts of Kubernetes!!😄

🌟 Keep Learning, Keep Sharing 🌟

Hello everyone,

As we know, monitoring is the major demand with each and every setup. Either in terms of server setup or setting up a cloud environment. So, in this article we are going to create a Helm Chart to create the Setup of Prometheus and Grafana.

But first we need to understand what are Helm Charts and how we gonna create them?🤔

For creating a setup, we need to fulfill multiple dependencies and configuration! but that is very manual kind of setup. Suppose we need to create a web server and for that first you need to install httpd , php ,……and so on. Here you will work on each of them one by one.

Do you think, that is a good approach ??🤔

In my opinion, its not !! So for this, we create packages….means the file/code that is capable of creating the whole setup. Although in redhat, package is as good as a Software.

Hence, HELM is a Package Manager Tool 📦. It is a 3rd party tool.

In this, we call packages as Charts! So we are going to create HELM charts. A chart can help us to download and Install the software as per the requirement.

Although there are many pre-created charts by the community for different-different uses, also we can create a customized one.

Helm Chart : Setup of Prometheus and Grafana on K8s

Pre-requisite for creating a Helm chart is:

1. Kubernetes Cluster(here I gonna use minikube setup)
2. Helm software

* for the setup of Helm, Please refer the link below: 👇

Quickstart Guide

1. After this setup, lets check the version of Helm

2. Create a directory, put the name same as your Helm Chart (say Prometheus_Grafana_on_kubernetes) and then go inside that directory.

3. For creating the chart create a YAML file with name (Chart.yaml)that will be loaded when we start creating the Helm chart.

code of Chart.yaml:

4. All the yml files for the further setup on kubernetes, we can put them in the templates folder.

You can access all the code, on the GitHub repository below:

GitHub - Anshika-Sharma-as/Task-24

5. Now lets start the process of creating our Helm Chart, before that check for the existing pods or services on Kubernetes cluster

So, no helm charts are there.

Create the helm chart using “helm install <chart-name> <directory/>”

6. Check for the services, installed or not?

7. Move to the Prometheus and Grafana Dashboard:

To get that, we need to use the minikube IP using command: “minikube ip”

We can simply login and start using Grafana…😃

After the successful use you can delete it anytime and just in one go.

Now it became very simple for us to create this setup just in one go, we can use this concept while automating the things.😁

Similarly, we can have any customized Helm Chart to make our work standardized, customized and easy to perform.

Stay tuned for more such interesting technical articles….😁😁

Till the time……..⏲️

Keep Sharing, Keep Learning..✨✨

Do you know where the data is stored and how does is arranged in order to have easy and fast storing and retrieval.🤔

So lets have a scenario, to arrange some student’s sitting arrangement we use some strategy like rows and columns, then we follow the pattern of their enrollment no. but do you think why this is required?🤔

Yeah, the proper organization is very required in order to manage them properly and easily !!

Do you think arranging them properly is enough?🙄 No, its not in order to manage them in an efficient way we must have some information like “Which desk is assigned to whom? What’s the range of students(in each row)….etc!!” 🤷‍♀️

So basically this information for the management of things is known as metadata(Information about data).📄

Now, in order to manage the files/dir in the disk, there is some strategy/system that is called as File system.

e.g., ext3, ext4….etc!!

Now what pattern they follow and how actually a file system works ?🤔

So basically every file system has two parts:- block devices and inode tables.

In this, block devices are fixed like we have added a block device(an EBS volume) to an EC2 instance. In this device we setup the file system whatever is the requirement(say ext4 this time).

**Next comes to the inode table.

Before moving to inode table we need to understand the concept of inodes and how they used in File system?🧠

Have you seen the content page/ index page of any of your book ….❓

With the index page of a book, we used to look for the page number as per the chapter/topic names! And we try to access the chapter/topic through this page number.

The concept of inode is similar to the concept of index page…how? Lets work on this!!

Now as we have unique page numbers for a particular chapter or topic…..similar to that when a file/dir(set of files) is created in the system(say linux in my case) a unique number is assigned to it….this number is called as inode number.

*One more thing !!!!

Inode table is similar to index table…..mark my works ,…..its not same…

How ❓

First, mark what are the details a inode table consist about a file: it contains ..

Inode number, owner info, permissions…size etc.

Now does it contain the file name as well? The answer is no!

The name is stored in different table and inode number in different — -à map to the inode table means two different tables are mapped to track each file through inode number.

To get the inode numbers associated with each file, we use:

List of all the inode numbers..

Lets see what happen when we create a new file🤔

Inode is the entry point or we can say the initial block where we create a file.

Note:- Have you tried to create multiple files with same name ? or we can say same files at different location? Does they have same inode number ? is it really possible??🤯

The answer is yes😁….but only if they belong to different partitions. What does that means, first lets have two different partitions of a block device!

The inode number for this directory is already created, when we created the directory.

Lets try to read the inode table, for this we need to use the filesystem that have ext4 format type

For this lets create a different block device if not available ….else create a partition in it

I have attached a new one

Now to create a partition in this new device, open this block device

Successfully created a partition, lets check whether it has the inode table now?🤔

No it won’t be, for that first we have to mount this on some directory!! But before that it need to be formatted to some file system

Now just mount it to the directory

Lets check the inode status for each file system

Here we tried to get the information in the file system about the file abcd.txt,🤔 it will provide all the information regarding the inode number along with the access control etc.

We have used debugfs command to debug the file system /dev/sdb1

Here the link value is 3 for the directory ‘ . ‘ because Each directory contains entries for “.” and “..” — — the current directory and its parent.

The same inode number of ‘.’ And /test_env are pointing to the same node ……..as ‘.’ Represent the current directory.😌

This is how we can have deep information about the inode tables, by debugging into the file system.🤩

You wanna know how the data is being transferred between RAM and main memory❓ Then …….stay tuned!!😄

🌟Keep Sharing, Keep Learning!! 🌟

You guys may be confused….😕

What kind of security I am talking about? So lets finish this confusion😉

Its about the Access control for files, processes, ports etc. 💡

Earlier , for this type of security, we work on the concept of Discretionary access control. Now what’s this Discretionary access control, how we use this?

For all these questions, refer to the below link:

DAC Permission!

Now, the question is why we need any extension to the security, when we already have DAC concept?

The Answer is, some limitations of DAC!!🤞 What’s that ?

• * Lets assume a scenario that if the user downloaded the malicious file unknowing for the internet then the file will have permissions as like the other file in the user workspace. As the malicious user may have the permission to access a file unlike the other file it can execute and may access the other file data sometimes take the system down. Basically, the permissions and the access control is depends on the file itself!! But it can be dangerous too😨

What to do in this case??……🤔💭

I just remember the concept of SELinux which is Security-Enhanced Linux!!

What is SELinux??

SELinux is the security Architecture that allows administrators to have more control on, who can access the system.

🤩 National Security Agency (NSA) added a security patch to Linux Kernel using Linux Security Modules(LSM).

I think instead of just knowing it theoretically, it would be more interesting to know that how does it work and on which concept!! isn’t it ? 🤔

Lets directly jump to how it works??

SELinux defines access controls for the applications, processes, and files on a system. It uses security policies, which are a set of rules that tell SELinux what can or can’t be accessed, to enforce the access allowed by a policy.

Let’s understand the scenario first:

When an application or process, known as a subject, makes a request to access an object, like a file, SELinux checks with an access vector cache (AVC), where permissions are cached for subjects and objects. Like which object is accessible by which subject as per the permissions.

If SELinux is unable to make a decision about access based on the cached permissions, it sends the request to the security server. The security server checks for the security context of the app or process and the file. Security context is applied from the SELinux policy database. Permission is then granted or denied.

If permission is denied, an “avc: denied” message will be available in /var/log.messages

Its Amazing, how securely it is allowing a subject to access an object.🤩

Is it enough to just know about how it works or we should also go for its configuration part? I think we should 😄

To configure SELinux

Basically there are 2 ways:

1. Targeted Policy(mostly used, default option)
2. Multi Level Security(generally used by govt. organizations)

Targeted policy is the default option and covers a range of processes, tasks, and services.

To see how the type is targeted🧠, go to the file “/etc/sysconfig/selinux”

Here we are not using MLS, we are using targeted policy⭐

This file also giving us some information regarding the selinux mode, through SELINUX key.

The values of SELINUX key can be enforcing, permissive, disabled, each mode have different meaning. Here enforcing means this SELinux feature is enabled and is helping us to secure our Linux system.

So, what each mode is meant for?🤔

👉 Enforcing: Means that the SELinux policy is in effect and the policies will be followed according to it very strictly.

👉 Permissive: Means handy mode when trying to debug or allow some features to run on some instances which are not allowed in enforcing mode. The system remains operational and SELinux does not deny any operations but only logs AVC messages, which can be then used for troubleshooting, debugging, and SELinux policy improvements.

It will give an alert message/notification📍

👉 Disabled: When the SELinux policies won’t apply anywhere in the system.

Now we go the next stage of SELinux, that how it actually works, and on which concept!!

So, there are two main concepts on which SELinux works are:

* Type enforcement

* Labelling

SELinux works as a labeling system, which means that all of the files, processes, and ports in a system have an SELinux label associated with them. Labels are a logical way of grouping things together. The kernel manages the labels during boot.

Labels are in the format user:role:type:level (level is optional). User, role, and level are used in more advanced implementations of SELinux, like with MLS.

💡 Label type is the most important for targeted policy.

SELinux uses type enforcement to enforce a policy that is defined on the system. Type enforcement is the part of an SELinux policy that defines “whether a process running(subject) with a certain type can access a file(object) labeled with a certain type.”

You might be very curious🧐 to know that

how these labels are attached with the files or the processes ?

For this, lets take an example and understand with the same:

Suppose root is one user(subject) and /dev/sr0 is the directory(object) that contain all the files and software available for linux.

Lets check the label with our dir /dev/sr0

Here the Label is “RHEL-8–0–0-BaseOS-x86_64”

Now lets move to our user i.e., root

This is how the labels used in general.

But if we talk about SELinux, the label format is different i.e., “SELinux_user:user_role:type”

To access the roles assigned with each file, we use Command: “ls -Z”

The highlighted label is for the system user and for the anaconda-ks.cfg file access control

👉This label is helping the targeted policy for the access control management of the files and devices or processes.

How to Control this SELINUX mode like permissive, enforcing or disabled?? 🤔

There are some points that need to be considered, before enforcing SELinux, that are:

1. If SELinux has been disabled in your environment, you can enable SElinux by editing /etc/selinux/config and setting SELINUX=permissive.

2. Since SELINUX was not enabled currently, so instead of enforcing it directly we should put it in permissive mode because everything may be mislabelled.

3. We can also force the system to automatically relabel the filesystem by creating “.autorelabel” file in root directory and then reboot the system. We can also deep dive into auto relabel further.

For now lets focus on selinux 💯

So after successful fixing/relabelling of the filesystem.

Set SELINUX to enforcing with “/etc/selinux/config” and then reboot or simply run the command “setenforce 1”

And you are done with the SELINUX security setup. ✨

Note: If in case anyone(sysadmin) is not familiar with command like then they can use the graphical tool also to manage SELinux. The Graphical tool can be used by installing the package “policycoreutils-gui”

Don’t worry there is a complete process of using this GUI tool, I will definitely share one article for the GUI Installation and Implementation soon.😎

Till the time, go ahead with Command line 😁

Stay tuned for further amazing concepts!!

Keep Sharing, Keep Learning ✨

Thank You 🤗

You guys may be thinking like what’s this Infra-Magic…🤔

Don’t worry, its simply an open-source infrastructure as code software tool…means we can setup the required infrastructure simply with a code, even without going to that ?

Now question is 🤔 where to setup the infrastructure …. ?

Mostly people use it with multiple clouds like AWS, AZure, GCP etc, But is it only restricted to that ? Does it only restricted to these public/private clouds ?

Answer is absolutely no…🤩

How???? Lets see today!!!

Do you remember why we have come up with the concepts of Containerization ? Absolutely it was regarding the speed and time for the environment setup…….Later we come up with the concept of Kubernetes that is a open-source system that is used for automating deployment, scaling, and management of containerized applications.

If you know about kubernetes(k8s), then you must remember that we work on a multi node cluster, whats that ?

A Kubernetes cluster is a set of node machines for running containerized applications. If you’re running Kubernetes, you’re running a cluster. At a minimum, a cluster contains a control plane and one or more compute machines, or nodes.

This is a small statement but provide deep insights about a kubernetes cluster. A kubernetes cluster is as equivalent to a cloud that can provide resources on-premises basis whenever required by the container, that would be launched and maintained within this container.

Now lets come to the interesting fact !!! 🤔

Is it possible to setup the required Infrastructure on a Kubernetes cluster using Terraform ??

The answer is absolutely Yesssss……..😎

Lets come to the documentaion of HashiCorp documentation!!!

Since we already have kubectl to configure or setup container or any infrastructure over kubernetes cluster, also if we have requirement to write up a script then we can create a YAML script. But why to use Terraform ? 🤔

Orchestration with Terraform presents a few benefits.

• Use the same configuration language to provision the Kubernetes infrastructure and to deploy applications into it.
• drift detection — terraform plan will always present you the difference between reality at a given time and config you intend to apply.
• full lifecycle management — Terraform doesn’t just initially create resources, but offers a single command for creation, update, and deletion of tracked resources without needing to inspect the API to identify those resources.
• synchronous feedback — While asynchronous behaviour is often useful, sometimes it’s counter-productive as the job of identifying operation result (failures or details of created resource) is left to the user. e.g. you don’t have IP/hostname of load balancer until it has finished provisioning, hence you can’t create any DNS record pointing to it.
• graph of relationship — Terraform understands relationships between resources which may help in scheduling — e.g. if a Persistent Volume Claim claims space from a particular Persistent Volume Terraform won’t even attempt to create the PVC if creation of the PV has failed.

What’s the plan to see how it actually works ?🤔

How to connect to kubernetes cluster using Terraform:-

Its just about connecting, but what about the plan if we setup everything with Terraform with Kubernetes !! 😎

So I am gonna try every setup on kubernetes using terraform !! Stay tuned for the further articles ….

I hope you got my point that why I describe Terraform as Infra-Magic 😉 Lets use this magic to create interesting and useful Integrations……🤟🏻

Till the time, stay tuned…..Keep Learning, Keep Sharing⭐

Thank you😇

OpenShift is a family of containerization software products developed by RedHat. Its flagship product is the OpenShift Container Platform — an on-premises as a services built around Docker Container orchestrated and managed by Kubernetes on a foundation of Red Hat Enterprise Linux. The family’s other products provide this platform through different environments: OKD serves as the community-driven upstream(akin to the way that Fedora is upstream of Red Hat Enterprise Linux), OpenShift Online is the platform offered as Software as a Service, and Openshift Dedicated is the platform offered as a managed service.

Features and benefits

• Manage with simplicity. In the cloud or anywhere : Red Hat OpenShift offers automated installation, upgrades, and lifecycle management throughout the container stack — the operating system, Kubernetes and cluster services, and applications — on any cloud.
• Build fast, Ship first, Deploy everywhere : Red Hat OpenShift helps teams build with speed, agility, confidence, and choice. Code in production mode anywhere you choose to build. Get back to doing work that matters.
• Build with Kubernetes, Trust with Red Hat : Red Hat OpenShift is focused on security at every level of the container stack and throughout the application lifecycle. It includes long-term, enterprise support from one of the leading Kubernetes contributors and open source software companies.

Architecture

OpenShift Container Platform has a microservices-based architecture of smaller, decoupled units that work together. It runs on top of a Kubernetes cluster, with data about the objects stored in etcd, a reliable clustered key-value store. Those services are broken down by function:

• REST API, which expose each of the core objects.
• Controllers, which read those APIs, apply changes to other objects, and report status or write back to the object.

Users make calls to the REST API to change the state of the system. Controllers use the REST API to read the user’s desired state, and then try to bring the other parts of the system into sync. For example, when a user requests a build they create a “build” object. The build controller sees that a new build has been created, and runs a process on the cluster to perform that build. When the build completes, the controller updates the build object via the REST API and the user sees that their build is complete.

The controller pattern means that much of the functionality in OpenShift Container Platform is extensible. The way that builds are run and launched can be customized independently of how images are managed, or how deployments happen. The controllers are performing the “business logic” of the system, taking user actions and transforming them into reality. By customizing those controllers or replacing them with your own logic, different behaviors can be implemented. From a system administration perspective, this also means the API can be used to script common administrative actions on a repeating schedule. Those scripts are also controllers that watch for changes and take action. OpenShift Container Platform makes the ability to customize the cluster in this way a first-class behavior.

Use Cases

There are a huge use cases for OpenShift, one of which is:

Turkish financial company delivers services 95% faster with Red Hat OpenShift

Turkish pension and life insurance provider AvivaSA sought to expand its IT Modernization Program to prepare for government permission to use public cloud environments. To create a container- and microservices-based architecture, the company expanded its Red Hat environment with Red Hat OpenShift. Now, AvivaSA uses its responsive, reliable container platform to deliver services 95% faster while reducing costs by 23% — leading the way to a cloud-based future for Turkey’s finance industry.

Benefits

• Reduced operating costs by 23% with optimized management and resource use
• Cut environment build times by 95%, accelerating time to market
• Extended platform reliability to container environment
• Created foundation for future cloud adoption

Achieving cost and performance improvements with containers

• Reduced OpEx by 23% : AvivaSA has used the self-healing and auto-scaling capabilities built into the latest version of Red Hat OpenShift to help reduce its operational expenses (OpEx) by 23% by reducing manual work time for maintenance and other routine tasks. For example, SabancıDX’s team no longer needs to spend time monitoring and adjusting the production environment to meet service-level agreements (SLAs) that ensure service availability for customers.
• Cut environment build times by more than 95% : “Red Hat OpenShift lets us quickly set up a new environment or easily make changes to the applications running in production, with minimal disruption to our service availability,” said Aydınyüz.
• Achieved high reliability for container environment : Dynamic management built into Red Hat OpenShift helps AvivaSA extend the reliability of its existing Red Hat architecture to its new, container-based environment. This reliability has helped AvivaSA extend its partnership with Akbank, which now operates some financial applications on Red Hat OpenShift on AvivaSA’s behalf.
• Created foundation for future cloud adoption : Migrating critical core applications to Red Hat OpenShift on premise has helped AvivaSA be prepared if the Turkish government allows the use of cloud computing environments in the future. “As a Kubernetes platform, Red Hat OpenShift ensures we are ready for public cloud when Turkish regulations allow,” said Aydınyüz. “It will make it very easy for us to move to a public or hybrid cloud environment.”

Hope this information about OpenShift help you to find multiple facts about OpenShift uses at different places and requirements.

Keep Learning, Keep Sharing!!✨

What is Jenkins?

Jenkins — an open source automation server which enables developers around the world to reliably build, test, and deploy their software.

It is used to build and test your software projects continuously making it easier for developers to integrate changes to the project, and making it easier for users to obtain a fresh build. Jenkins is one of the great tool for the DevOps world. It helps us in Continuous Integration and Continuous Development.

Work Flow by Jenkins

These are the 5 stages that are performed by Jenkins .

Features of Jenkins

• Continuous Integration and Continuous Delivery : As an extensible automation server, Jenkins can be used as a simple CI server or turned into the continuous delivery hub for any project.
• Easy installation : Jenkins is a self-contained Java-based program, ready to run out-of-the-box, with packages for Windows, Linux, macOS and other Unix-like operating systems.
• Easy configuration : Jenkins can be easily set up and configured via its web interface, which includes on-the-fly error checks and built-in help.
• Plugins : With hundreds of plugins in the Update Center, Jenkins integrates with practically every tool in the continuous integration and continuous delivery toolchain.
• Extensible : Jenkins can be extended via its plugin architecture, providing nearly infinite possibilities for what Jenkins can do.
• Distributed : Jenkins can easily distribute work across multiple machines, helping drive builds, tests and deployments across multiple platforms faster.

Use Case Study

There are many stories of how this great tool helped in the efficient development.

Jenkins accepted in SheCodeAfrica Contribution

SheCodeAfrica is a non-profit organization focused on celebrating and empowering young girls and women in technology across Africa. They provide resources and events that help women grow and achieve their personal and career goals. Their mentoring programs provide help and guidance as participants learn and grow in their careers.

This year, SheCodeAfrica is organizing the SheCodeAfrica Contribution. Contribution is a boot camp where African women are paid to work with open source organizations on selected projects with dedicated mentors. This program aims to create a more diverse, inclusive, and innovative culture within the African open source ecosystem by matching African women in technology with sponsor and mentor open source organizations.

Working of Jenkins in this Contribution

• The Jenkins project has been accepted as a Contribution Mentoring Organization.
• Our project idea will introduce participants to Jenkins and plugin development as they create Pipeline examples and create Pipeline help for Jenkins Pipeline plugins.
• Participants will learn more about Jenkins Pipeline and will submit plugin pull requests with examples and online help.
• The Jenkins Pipeline Steps reference and Pipeline online help often receive feedback that more examples are needed, that step return values need to be described, and that arguments need more description of their purpose, allowed values, and expected results.
• Most plugin maintainers do not provide detailed documentation of the pipeline steps, or the arguments to those pipeline steps.
• This project will improve the documentation of pipeline steps and their arguments while introducing Jenkins Pipeline, Jenkins plugin development, Jenkins documentation as code, and the concepts of GitHub forks and pull requests.

They say — “We’ve identified development tasks that up to their Contribution participants will complete during April. The tasks will introduce the participants to Jenkins plugin development. They will experiment with plugin changes in Jenkins and submit pull requests to provide Pipeline examples and help.”

Overall Benefits of Jenkins

1. Jenkins is an open-source tool that is extremely easy to install and use. You need no extra components to use it

2. It is free and available to be used with different platforms, such as Windows, Linux, macOS, and others

3. It is widely used, so finding support on online communities is not a big problem

4. Jenkins automates all integration work. Integration issues are scarce, and so, it helps in saving time and money over the project lifecycle.

5. It is easy to configure, extend, and modify. It allows the instant generation of tests and building, automation, and deployment of code on different platforms

6. Jenkins can be configured to run CI and CD concepts properly

7. It can easily detect and fix issues. The software is always ready for a sudden release

8. Supports a variety of plugins, which allows better flexibility

9. It helps in detecting errors very early, thus saving developers a lot of time and hard work

Hope this detailed information about Jenkins and may help you to find multiple Jenkins uses at different places and requirements.

Keep Learning, Keep Sharing!!✨