You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: README.md
-24
Original file line number
Diff line number
Diff line change
@@ -2520,30 +2520,6 @@ document_number: 2
2520
2520
[Wikipedia](https://en.wikipedia.org/wiki/Firmware): "In computing, firmware is a specific class of computer software that provides the low-level control for a device's specific hardware. Firmware, such as the BIOS of a personal computer, may contain basic functions of a device, and may provide hardware abstraction services to higher-level software such as operating systems."
2521
2521
</b></details>
2522
2522
2523
-
#### Customers and Service Providers
2524
-
2525
-
<details>
2526
-
<summary>What is SLO (service-level objective)?</summary><br><b>
2527
-
</b></details>
2528
-
2529
-
<details>
2530
-
<summary>What is SLA (service-level agreement)?</summary><br><b>
2531
-
</b></details>
2532
-
2533
-
## Jira
2534
-
2535
-
<details>
2536
-
<summary>Explain/Demonstrate the following types in Jira:
2537
-
2538
-
* Epic
2539
-
* Story
2540
-
* Task</summary><br><b>
2541
-
</b></details>
2542
-
2543
-
<details>
2544
-
<summary>What is a project in Jira?</summary><br><b>
@@ -148,6 +149,12 @@ Ella is right, ArgoCD is an extension of the cluster, that is very different fro
148
149
"Application"
149
150
</b></details>
150
151
152
+
<details>
153
+
<summary>Explain what is an "Application" in regards to ArgoCD</summary><br><b>
154
+
155
+
It's a custom resource definitions which responsible for the deployment and synchronization of application resources to a Kubernetes cluster.
156
+
</b></details>
157
+
151
158
<details>
152
159
<summary>How ArgoCD makes access management in the cluster easier?</summary><br><b>
153
160
@@ -206,6 +213,14 @@ False. ArgoCD sync period is 3 minutes as of today (and not hours).
206
213
2. If states are equal, the application marked as "synced"
207
214
</b></details>
208
215
216
+
<details>
217
+
<summary>You deployed a new application in a namespace called "yay" but when running <code>kubectl get ns yay</code> you see there is no such namespace. What happened?</summary><br><b>
218
+
219
+
Deploying applications in non-existing namespaces doesn't create the namespace. For that you have to explicitly mark "Auto-create namespace".
220
+
221
+
To fix it, you can simply run `kubectl create namespace NAMESPACE_NAME` but it's better of course to have it stored in Git rather than running kubectl commands.
222
+
</b></details>
223
+
209
224
#### CLI
210
225
211
226
<details>
@@ -241,6 +256,18 @@ argocd app create some-app \
241
256
`argocd app get some-app`
242
257
</b></details>
243
258
259
+
<details>
260
+
<summary>How to add an additional (external) cluster for ArgoCD to manage?</summary><br><b>
261
+
262
+
`argocd cluster add CLUSTER_ADDRESS/NAME`
263
+
</b></details>
264
+
265
+
<details>
266
+
<summary>How to list all the clusters ArgoCD manage?</summary><br><b>
267
+
268
+
`argocd cluster list`
269
+
</b></details>
270
+
244
271
### ArgoCD Configuration
245
272
246
273
<details>
@@ -262,7 +289,25 @@ The value can be any number of seconds you would like to set.
262
289
sync functionality will be disabled.
263
290
</b></details>
264
291
265
-
### Multi-Cluster Environment
292
+
### Advanced ArgoCD
293
+
294
+
<details>
295
+
<summary>What is the "App of Apps Patterns"?</summary><br><b>
296
+
297
+
A solution from Argo community in regards to managing multiple similar applications.
298
+
299
+
Basically a pattern where you have root application that consists of other child applications.
300
+
301
+
So instead of creating multiple separate applications, you have the root application pointing to a repository with additional applications.
302
+
</b></details>
303
+
304
+
<details>
305
+
<summary>Can you provide some use cases for using "App of Apps Patterns"?</summary><br><b>
306
+
307
+
* Cluster Preparation: You would like to deploy multiple applications at once to bootstrap a Kubernetes cluster
308
+
309
+
TODO: add more :)
310
+
</b></details>
266
311
267
312
<details>
268
313
<summary>True or False? If you have multiple Kubernetes clusters you want to manage sync applications to with ArgoCD then, you must have ArgoCD installed on each one of them</summary><br><b>
@@ -277,7 +322,7 @@ You don't usually want to go and update all of your clusters at once, especially
277
322
278
323
There are multiple ways to deal with it:
279
324
280
-
1. Branch Drived: Have branches for your GitOps repo where you push first to development, do some testing, merge it then to staging and if everything works fine in staging, you merge it to production.
325
+
1. Branch driven: Have branches for your GitOps repo where you push first to development, do some testing, merge it then to staging and if everything works fine in staging, you merge it to production.
281
326
282
327
2. Use overlays and Kustomize to control the context of where your changes synced based on the CI process/pipeline used.
283
328
</b></details>
@@ -370,7 +415,56 @@ In addition, it supports A/B tests, automatic rollbacks and integrated metric an
370
415
371
416
- Argo Rollouts creates a new replicaset (that is the new app version)
372
417
- Old version is still alive
373
-
- ArgoCD marks the app as out-ofsync
418
+
- ArgoCD marks the app as out-of-sync
419
+
</b></details>
420
+
421
+
<details>
422
+
<summary>True or False? You need to install ArgoCD in order to use Argo Rollouts</summary><br><b>
423
+
424
+
False. Quite common misconception today but both cab be used independency even though they work nicely together.
425
+
</b></details>
426
+
427
+
### Argo Advanced Rollouts
428
+
429
+
<details>
430
+
<summary>Scott, an engineer in your team, executes manually some smoke tests and monitors rollouts every time a new version is deployed. This way, if there is an issue he detects, he performs a rollback. What better approach you might suggest him to take?</summary><br><b>
431
+
432
+
Shift towards fully automated rollbacks. Argo Rollouts supports multiple metric providers (Datadog, NewRelic, etc.) so you can use data and metrics for automating the rollbacks based on different conditions
433
+
434
+
</b></details>
435
+
436
+
<details>
437
+
<summary>Explain the concept of "Analysis" in regards to Argo Rollouts</summary><br><b>
438
+
439
+
Analysis is a resource deployed along a Rollout resources and defines the conditions and metrics threshols for performing a rollback
It's an Analysis resource that fetches response status from Prometheus (monitoring instance). If it's more than 0.90 the rollout will continue, if it's less than 0.90 a rollback will be performed meaning the canary deployment failed.
Copy file name to clipboardexpand all lines: topics/security/README.md
+39-3
Original file line number
Diff line number
Diff line change
@@ -1,4 +1,4 @@
1
-
##Security
1
+
# Security
2
2
3
3
<details>
4
4
<summary>What is DevSecOps? What its core principals?</summary><br><b>
@@ -18,6 +18,10 @@ A couple of quotations from chosen companies:
18
18
[Codefresh definition](https://codefresh.io/security-testing/codefresh-runner-overview): "Zero trust is a security concept that is centered around the idea that organizations should never trust anyone or anything that does not originate from their domains. Organizations seeking zero trust automatically assume that any external services it commissions have security breaches and may leak sensitive information"
19
19
</b></details>
20
20
21
+
<details>
22
+
<summary>Explain the principle of least privilege</summary><br><b>
23
+
</b></details>
24
+
21
25
<details>
22
26
<summary>What it means to be "FIPS compliant"?</summary><br><b>
23
27
</b></details>
@@ -517,7 +521,7 @@ An application usually has different dependencies. Typically, not all of them ar
517
521
</b></details>
518
522
519
523
<details>
520
-
<summary> What solutions are there for managing project dependencies?
524
+
<summary> What solutions are there for managing project dependencies?
521
525
</summary><br><b>
522
526
523
527
[Npm.js documentation](https://docs.npmjs.com/cli/v8/commands/npm-prune): Use clean-up commands that are usually provided by the package manager authors. For instance, npm prune will remove any extraneous package. Another command is npm audit which will scan your repository and report any vulnerable dependencies found.
@@ -548,4 +552,36 @@ You can’t. You will always be exposed to security risk once you start using op
548
552
</summary><br><b>
549
553
550
554
[Fred Cohen (permission needed)](https://reader.elsevier.com/reader/sd/pii/0167404887900319?token=D5339ABC064AD9A2B50B74D8CE890B0E22A302A0BC461A50078D407BEA01052737DC6AAEF95A854E72A73B6D0C67E260&originRegion=eu-west-1&originCreation=20220502180611): Checksum is a way to verify the integrity of information in systems with no built-in protection. In other words, it provides a way of validating that the content of a file or a package / library is intact. This is useful since attacks or errors may occur during transmission of files. However, it requires that the package author has run a checksum function for the file / package which creates a specific hash for that version of the file. A minor change of the file content will result in a different checksum. If you have access to the original checksum of the file, you may run checksum on your own. In case the resulting checksum matches the original one, no changes have been made in the file. You can now conclude that no error or malicious injection was done during transmission of the file.
551
-
</b></details>
555
+
</b></details>
556
+
557
+
## Microsegmentation
558
+
559
+
<details>
560
+
<summary>What is Microsegmentation?</summary><br><b>
561
+
562
+
- Security method
563
+
- Managing network access between endpoints (processes, devices, instances)
564
+
- A method in which security policies are applied to limit traffic
565
+
- based on concepts such as "Zero Trust" and "Least Privileged"
566
+
- The result of Microsegmentation should be:
567
+
- Reduced attack ability
568
+
- Better breach containment
569
+
</b></details>
570
+
571
+
<details>
572
+
<summary>Why do we need Microsegmentation solutions? Why using something such as firewalls isn't enough?</summary><br><b>
573
+
574
+
- Firewalls focused on north-south traffic. Basically traffic that is outside of the company perimeter
575
+
- Traffic that is considered west-east, internal workflows and communication, is usually left untreated
576
+
</b></details>
577
+
578
+
<details>
579
+
<summary>How Microsegmentation is applied?</summary><br><b>
580
+
581
+
There are different ways to apply Microsegmentation:
582
+
583
+
- Cloud Native: Using cloud embedded capabilities such as security groups, firewalls, etc.
584
+
- Agent: Agents running on the different endpoints (instances, services, etc.)
585
+
- Network: Modify network devices and their configuration to create microsegmentation
0 commit comments