Starting with Docker

Over the past years, Docker has become an essential technology used in software development. Developers, DevOps, Companies has adopted this new technology quite fast.

Nothing to be surprised about, its containerization concept has made it easy to set up, share and deploy software projects.

In this article we’ll what Docker is, what a container is and how to start playing with it.

Continue reading “Starting with Docker”

BitBucket Pipeline configuration for PHP, MongoDB and Symfony

Recently I’ve been playing around with BitBucket and their Pipelines. Just to let you know BitBucket Pipelines is an integrated CI/CD service built into Bitbucket. It basically means that on every commit you make your tests will be ran and your code will be deployed.

They say in their official website that it has a really basic and simple configuration and as far as I could experiment, it really is.

Continue reading “BitBucket Pipeline configuration for PHP, MongoDB and Symfony”

9 Kubernetes Security Best Practices

Today I was reading an interesting article about the 9 Kubernetes Security Best Practices everyone must follow.

In that article they basically enumerate and briefly describe how to follow and accomplish those 9 security recommendations. I’ve extracted them here for you to simply go quickly through them.

1. Upgrade to the Latest Version

In the article they don’t specify if the order of this list is important, but for me the most obvious things must come first.

Keeping your cluster upgraded is always the first thing you should do.

2. Enable Role-Based Access Control (RBAC)

RBAC is the new access control they introduced in Kubernetes 1.6 and basically allows you to control who can access your API in a more secure and improved way.

Specially after discovering the security issue CVE-2018-1002105

3. Use Namespaces to Establish Security Boundaries

I’ve been using namespaces from my first cluster setup and they’re great to isolate components and even the logic of your different cluster parts.

DevOps guys immediately understand the namespaces and when working with the cluster the can easily focus on the part they want to work with avoiding making mistakes in other namespaces. Deleting a pod for another system part could be a good example of this ūüėČ

Related to security it’s also really handy to be able to apply different security controls based on namespaces.

4. Separate Sensitive Workloads

Sensitive workloads should be ran in dedicated machines, this reduces the risk of an non authorised app accessing that sensitive info.

By using namespaces you can achieve this.

5. Secure Cloud Metadata Access

I thing this recommendation is more focused for GKE environments and any other cloud services, a recent Shopify bug bounty disclosure detailed how a user was able to escalate privileges by confusing a microservice into leaking information from the cloud provider’s metadata service.

They’re still working in a more robust & permanent solution for this.

6. Create and Define Cluster Network Policies

This is something that is purely related with cloud services that allows you to configure network policies for controlling network access into and out of your containerized applications.

However you can always apply same concept in your private cluster, by running them in isolated networks and stablish direct communications only when needed.

7. Run a Cluster-wide Pod Security Policy

A Pod Security Policy sets defaults for how workloads are allowed to run in your cluster. Consider defining a policy and enabling the Pod Security Policy admission controller ‚ÄĒ instructions vary depending on your cloud provider or deployment model. As a start, you could require that deployments drop the NET_RAW capability to defeat certain classes of network spoofing attacks.

8. Harden Node Security

They put this point at 8th position in their list. In my humble opinion should come at 1st position in this list.

At the end a cluster is a set of nodes orchestrated by Kubernetes, those nodes are just machines and they live in a network environment so hardening your machines should be the most important and the very first thing you must do.

  • Uninstall non required software that is included in the operating system
  • Keep all the software up to date
  • Disable root SSH connections
  • Reduce as much as possible sudo users
  • Install firewall
  • Only expose required ports, close the rest
  • Install tools to track unauthorised login attempts and block them immediately
  • logging, logging, logging ! You need to know what’s happening in your machines, logs all the actions to discover misconfiguration issues, security problems, etc.

Those are some personal recommendations I make for you, of course, depending on your needs, you need to apply more.
Please read this guide to understand server hardening.

9. Turn on Audit Logging

logging, logging, logging !

I told you ūüėČ the more you know about what’s happening under the hood, the more control you’ll have on your system.

Enable audit log to discover unauthorised API calls or any kind of authorization failures.

JavaScript things to learn for 2019

I was reading for new topics to learn in the JavaScript ecosystem or just things to keep in mind if you consider to start a new project.

I found this article Top JavaScript Frameworks and Topics to Learn in 2019 from Eric Elliot quite interesting.

In summary despite being a lot of articles and people talking about vue.js, is still in adoption phase, Angular and React are clearly dominating the market and jQuery is still also active, probably due legacy code and because is the first thing you start learning if you start in this world.

dec 2018 job board postings per framework

Dec 2018 Job Board Postings Per Framework

Happy coding in this new 2019!

How to create, publish and use private NPM packages

After a long time working with different package systems I decided to migrate all my packages and dependencies to NPM. And the result couldn’t have been better.

When NPM reached the 5.x version they included a lot of things that improved the performance, speed and security of the packages.

There’re two commands that I specially like a lot.

npm outdated
npm audit

Continue reading “How to create, publish and use private NPM packages”

Exploring ES6 – From jQuery to ES6 #1

Recently I started to migrate all my code from ES5+jQuery to ES6 for different projects. I discovered a lot of cool things. Of course, I also faced some issues and I thought would be great to share all the stuff I’m learning and fixing with the rest of the people planning to migrate to ES6 as well.

I’m gonna write a serie of small articles covering all the new ES6 features and how to migrate your code from previous ECMAScript versions or from jQuery code.

Continue reading “Exploring ES6 – From jQuery to ES6 #1”

Kubernetes with Fluent Bit to send logs to Loggly

I’m going to show you how easy is to deploy Fluent Bit into your Kubernetes cluster. I’ll configure Fluent Bit to work together with Loggly, an external logging tool to manage all your cluster logs.

But first, some quick concepts about the tools we’re going to use.

Kubernetes, in short, is a tool that allows you to manage, in a better organized and simpler way, your containerized applications.

Continue reading “Kubernetes with Fluent Bit to send logs to Loggly”

Software libre para predecir la producci√≥n energ√©tica de sistemas fotovoltaicos

Un equipo de investigadores del Instituto de Energía Solar de la Universidad Politécnica de Madrid ha desarrollado un modelo para predecir la producción de energía de un sistema fotovoltaico partiendo de una mínima información meteorológica.

El modelo permite predecir la producción de energía de un sistema fotovoltaico disponiendo solamente de los doce valores mensuales de la radiación solar, la turbidez de Linke (transparencia de la atmósfera), y la temperatura ambiente.

Continue reading “Software libre para predecir la producci√≥n energ√©tica de sistemas fotovoltaicos”

Nuevo libro sobre Dart: Web programming with Dart – Moises Belchin & Patricia Juberias – Apress

 

web_programming_with_dart_moises_belchin_patricia_juberias_apress

Después de unos meses de mucho trabajo, Patricia y yo estamos muy orgullosos y contentos de anunciar nuestro nuevo libro: Web programming with Dart.

Ya ha sido publicado y est√° disponible para que lo pod√°is disfrutar en los siguientes enlaces.

http://www.apress.com/web-programming-with-dart

http://www.amazon.com/Web-Programming-Dart-Moises-Belchin/dp/148420557X

Queremos agradecer a todas las personas de Apress involucradas en el proyecto y muy especialmente a Matthew, Ben y Melissa por su ayuda y apoyo durante todo el proceso.

Gracias.

Web programming with Dart

web programming with dart by Moises Belchin and Patricia Juberias - Apress

Estamos super contentos, ya tenemos portada para nuestro nuevo libro, que os parece? 

El proceso est√° siendo genial y el resultado estamos seguros de que tambi√©n lo ser√°. Con mucho trabajo todav√≠a por hacer, pero muchas ganas de verlo ya en las librer√≠as y en vuestras manos ūüėČ

Est√° siendo posible gracias al esfuerzo de muchas personas: Ben, Mathew, Melissa, Dhaneesh, Lori, James y todo el equipo de Apress, muchas gracias!

Esperamos que dentro de poquito podáis disfrutarlo, de momento si queréis echar un vistazo a la tabla de contenidos, podéis verlo en este enlace http://www.apress.com/web-programming-with-dart

Gracias a todos por el apoyo y los comentarios!

Un abrazo.

Moises y Patricia.

Aprende Dart, primer libro sobre Dart en Castellano

Libro Aprende Dart, Moisés Belchín & Patricia Juberías

Despu√©s de muchos meses madurando la idea y trabajando muy duro en ella, podemos decir con gran satisfacci√≥n que ya se encuentra disponible el primer libro sobre Dart en Espa√Īol.

Gracias a todos los que a trav√©s del email y de este blog hab√©is inspirado la creaci√≥n de este libro. Hemos creado el libro con la intenci√≥n de presentar y dar a conocer Dart a toda la comunidad de programadores de habla hispana, pero no s√≥lo a programadores sino tambi√©n a dise√Īadores web cansados de pelear con toda la amalgama de lenguajes y frameworks presentes hoy en d√≠a en Internet.

Estamos seguros que el libro os encantar√°, es muy directo y cubre todo el SDK de Dart hasta su √ļltima versi√≥n. Lo hemos llenado de ejemplos de c√≥digo sencillos que ejemplifican perfectamente cada una de sus funciones. Esperamos que los disfrut√©is.

Continue reading “Aprende Dart, primer libro sobre Dart en Castellano”

Create a website or blog at WordPress.com

Up ↑