Backup Before Modifying a Production AWS RDS Database Managed by Terraform

Periodic changes to production cloud resources should be expected as the cloud offers elasticity to scale in/out with demands. Although some changes are riskier than others, the AWS RDS processes for applying (and rolling back) these changes have been battle-tested. Despite this, it is always good for organizations to have their own backup and restore strategies before riskier changes are applied - after all, the data does belong to them. In this post, I'll propose several methods to backup production AWS RDS databases that are managed via Terraform, as well as their considerations.

Post Certified Kubernetes Application Developer (CKAD) Exam Thoughts

After 4 months of preparation, I passed the CKAD exam earlier this week. The aim of this post is not to be another "how I passed" or "exam taking tips" - there's plenty of them available. Rather, I'll share my thoughts about the exam format, and how to bring one's individual competency to the next level.

Prometheus Operator – Interactions Between the kube-prometheus-stack Kubernetes Resources

The aim of Prometheus Operator is to provide Kubernetes native deployment and management of Prometheus and related monitoring components. The kube-prometheus-stack helm chart (formerly named prometheus-operator) contains just one helm command to set everything up. However, it leaves out specific details about the underlying implementation. In this post, I'll take a deeper look what happens under the hood when the kube-prometheus-stack helm chart is installed in a Kubernetes cluster.

Kubernetes Default RBAC ClusterRole Resource Permissions

Kubernetes has several methods to authorize requests to the API server, namely Node, Attribute-based access control (ABAC), Role-based access control (RBAC), and Webhook. While reading the RBAC documentation on Default ClusterRoles, I found the descriptions vague - probably generalized by the author(s) so as to remain relevant across the various Kuberenetes versions. However, I wanted a quick reference guide on the exact resources and permissions each of them had (e.g. for "pod" resource, the "edit" ClusterRole has X, Y and Z permissions). Hopefully the following list helps others who are looking for something similar.

How to ssh into Containers in AWS EKS

I was experimenting how I could expose applications in AWS Elastic Kubernetes Service (EKS) via Kubernetes Service resources and AWS load balancers. Out of curiosity, I also wanted to know if I could ssh into containers in EKS without using "kubectl exec" or any container runtime commands (e.g. "docker attach"). One scenario would be when I need to access the container's filesystem to extract a log/config file, but 1) I do not have EKS cluster admin role for more permissive actions, and 2) the kubectl environment is exposed via a structured CI/CD pipeline and is non-interactive. As I could not find any concrete examples/tutorials, here are my implementation setup and steps.

LPI DevOps Tools Engineer Certification Exam 701-100

The LPI DevOps Tools Engineer Certification, launched in October 2017, has a very broad scope that includes several commonly used DevOps tools in the market. The exam "covers the intersection between development and operations, making it relevant for all IT professionals working in the field of DevOps." In this post, I share my thoughts and opinions on this certification exam that I took and passed in January 2020.

Updating the Firmware of Aztech DSL1015EW(S) Wireless Router

While searching for its user manual, I discovered that Aztech has a similar retail model called DSL1015EN(L), whose latest firmware on their site is compatible with the DSL1015EW(S) router. The former's firmware, though of smaller major version, is less restrictive and has more generic settings - like having the factory default SSID prefixed with "Aztech". This post talks about how to go about updating the firmware and logging in.

Setting up a JFrog Artifactory 7 and Xray 3 Sandbox in AWS Using minikube and Helm Charts

The JFrog Artifactory and its complementary suite of tools is well known across the industry. As part of a certification preparation, I wanted to find out more about how it is administered. This post is how to install JFrog Artifactory 7 and Xray 3 using Helm Charts in an AWS EC2 instance.