29 Temmuz 2022 Cuma

aws komutu

Giriş
Aynı şeyi "AWS Management Console" kullanarak yapmak daha kolay. 

"https://foo.awsapps.com/start" adresine gidilir ve "Management Console" linkine tıklanır

Kurulum

Windows
Örnek
Şöyle yaparız
C:\> msiexec.exe /i https://awscli.amazonaws.com/AWSCLIV2.msi
configure seçeneği
aws configure seçeneği yazısına taşıdım

dynamodb seçeneği
Örnek
Şöyle yaparız
$ aws dynamodb scan    \
--table-name Devices   \
--endpoint-url http://localhost:4566
ec2 seçeneği
Örnek -describe-vpcs
Şöyle yaparız
$ aws ec2 describe-vpcs
Örnek - describe-instances
Şöyle yaparız
aws ec2 describe-instances --region us-east-1
ecr seçeneği - Container Publish Etmek İçindir
aws ecr seçeneği yazısına taşıdım

secretmanager seçeneği
Örnek
Şöyle yaparız
aaws secretsmanager create-secret 
  --name /secret/db-credential 
  --secret-string '{"dbuser": "user1", "dbpassword": "password"}'
İsmi /secret/db-credential olan ve içinde iki tane secret olan bir şey elde ederiz. Şeklen şöyle


s3 seçeneği
aws s3 seçeneği yazısına taşıdım

sqs seçeneği
Örnek - create-queue
Şöyle yaparız
aws --endpoint-url=http://127.0.0.1:4576 sqs create-queue --queue-name test-queue
Örnek - list-queues
Şöyle yaparız
aws --endpoint-url=http://127.0.0.1:4566 sqs list-queues

--version seçeneği
Örnek
Şöyle yaparız
C:\>aws --version
aws-cli/2.8.0 Python/3.9.11 Windows/10 exe/AMD64 prompt/off
Örnek
Şöyle yaparız
$ aws --version 
aws-cli/2.1.29 Python/3.7.4 Darwin/18.7.0 botocore/2.0.0



Amazon Web Service (AWS) - Elastic Kubernetes services(EKS)

Giriş
Açıklaması şöyle
Amazon EKS is a managed service that makes it easy for you to run Kubernetes on AWS without needing to install and operate your own Kubernetes control plane or worker nodes.
Açıklaması şöyle
Amazon EKS helps developers create, deploy and scale Kubernetes applications on-premises or in the AWS cloud. EKS automates tasks such as patching, updates and node provisioning, thereby helping organizations to ship reliable, secure and highly scalable clusters. While doing so, EKS takes away all the tedium and manual configuration tasks to manage Kubernetes clusters, helping to cut-down on efforts of performing repetitive tasks to run your applications.

Since EKS is an upstream offering of Kubernetes, you can use all existing Kubernetes plugins and tools for your application. This service automatically deploys Kubernetes with three master nodes across multiple availability zones for ultimate reliability and resilience. With Role Based Access Control (RBAC) and Amazon’s Identity and Access Management (IAM) entities, you can easily manage security in your AWS clusters using Kubernetes tools, such as kubectl. As one of its core features, EKS allows launching and managing Kubernetes clusters easy using a few easy steps.
AWS EKS vs AWS ECS
Açıklaması şöyle. Yani AWS EKS kullanmak daha mantıklı. 
We chose Kubernetes (EKS) over ECS for several reasons, but the main one was due to its ability to scale up and scale down faster, making it a very effective method. Based on the amount of documentation and actual development being done on the underlying systems; Kubernetes is much more recent and updated than ECS. In addition, it allows developers to have a far less complex infrastructure setup, along with much more complete tooling.

Kubernetes makes it easier to see and understand everything that’s going on with all your deployments. In ECS we had several different services running in different places, but there was no way to see an overview of everything that was running and what was being deployed.

In addition, Kubernetes has several third-party extensions you can add to further improve your experience. For example, our dev team is using Keel which watches for new versions of our services to be pushed and then deploys them automatically.

Another reason to use Kubernetes is because it’s a system made up of several standards that can “run anywhere”. This means if we ever had to do on-prem again it would be easy to port our infrastructure to an on-prem Kubernetes cluster because it speaks the same language. It’s also possible to run a Kubernetes cluster on your own laptop if you want to mirror what was deployed onto a local machine.

Finally, Kubernetes is a more industry-standard system than ECS that exists on every cloud provider, not just AWS. Plus, it’s easier these days to find developers who understand Kubernetes compared to ECS.
Ayrıca How To Migrate From ECS to EKS and the #1 Trick To Make EKS Easier yazısına da bakılabilir. Bu yazıda ECS proprietary (tescilli) teknoloji olduğu için uygulamayı başka bir bulut sağlayıcısına port etmek gerekirse zorluklar olabileceğinden bahsediliyor.

Şeklen şöyle

Bileşenler şöyle
An Amazon EKS cluster consists of the following core objects
- EKS control plane
- EKS nodes(Worker Nodes) that are registered with the control plane
- AWS Fargate Profiles
- VPC
Ekran görüntüsü şöyle. "Add cluster" düğmesi ile yeni cluster eklenir

Cluster'daki node'ların ekran görüntüsü şöyle

Cluster Büyüklüğü
EKS Design: Choosing the cluster and node size yazısına bakılabilir. Yazıdaki bir cümle şöyle
... you will need to decide on the initial cluster and node sizes, and then keep adjusting them until you reach the correct utilization level to achieve a balance between cost and reliability. You can target a utilisation level of between 70 and 80% unless you have a solid justification for using a different level.

eksctl komutu
EKS ile çalışmayı kolaylaştırır. eksctl komutu yazısına taşıdım

Amazon Web Service (AWS) App Runner

Giriş
Açıklaması şöyle
App Runner provides a layer of abstraction of top of Fargate, which lets you just pick an image to run and it does all the autoscaling, load balancing, and SSL configuration for you. 

Another really cool feature is that you can actually connect it to a GitHub project and it will automatically build & deploy when it detects changes (watch out for those build fees though!!). ...

The other option for using App Runner is to upload a container image, which will have everything that’s needed already built, packaged, and ready to go. 
VPC Connector ile container veri tabanına bağlanabilir.

Internet of Things - IoT Duyarga (Sensor) ve Actuator

Giriş
Sensor Türkçeye Duyarga, Actuator ise Eyleyici olarak çevriliyor

Duyargalar şeklen şöyle
Eyleyiciler şeklen şöyle





OpenVPN

Kullanılmayan VPN Bağlantısı
Artık kullanmadığımız bir bağlantıyı silmek için 
C:\Users\user\OpenVPN\config
dizinine gidip bağlantısı ismiyle aynı olan dizini silmek gerekir.


19 Temmuz 2022 Salı

Google Cloud - Google Cloud Registry (GCR)

Giriş
Açıklaması şöyle
Most of the time, developers store their docker images in the Docker Hub. If you are working on a project and you have private images that need to be stored in a private place, most of the time developers configure a nexus server and store it there.

But Google Cloud’s GCR is a perfect solution to this problem. With GCR, you can store, manage, and secure your Docker container images easily. All you want is a service account with proper access permission. GCR is not just a docker repository. You can easily set up CI/CD pipelines with integration to Cloud Build or deploy directly to Google Kubernetes Engine, App Engine, Cloud Functions, or Firebase with GCR.
Sunucu İsimleri
Açıklaması şöyle
gcr.io hosts images in data centers in the United States, but the location may change in the future
us.gcr.io hosts images in data centers in the United States, in a separate storage bucket from images hosted by gcr.io
eu.gcr.io hosts the images in the European Union
asia.gcr.io hosts images in data centers in Asia
GCloud and configure
Önce şöyle yaparız
Go to Google Container Registry (GCR) and enable the Container Registry API.
Google hesabına giriş için şöyle yaparız
gcloud auth login
Daha sonra servise erişmek gerekir. Açıklaması şöyle
Then run the command to configure authentication with service account credentials. Replace the below variables.
- service_account_name — the name of the service account created in step 01.
project_id — your project ID
downloaded_key_file_name — the name of the downloaded key file in step 01.
Servise erişmek için şöyle yaparız
gcloud auth 
  activate-service-account  <SERVICE_ACCOUNT_NAME@PROJECT_ID.iam.gserviceaccount.com> 
  --key-file=<DOWNLOADED_KEY_FILE_NAME>.json
docker konfigürasyonuna GCR'yi eklemek için şöyle yaparız
gcloud auth configure-docker
Çıktısı şöyle
Adding credentials for all GCR repositories.
WARNING: A long list of credential helpers may cause delays running 'docker build'. 
We recommend passing the registry name to configure only the registry you are using.
After update, the following will be written to your Docker config file
located at [/Users/romina/.docker/config.json]:
{
 "credHelpers": {
   "gcr.io": "gcloud",
   "us.gcr.io": "gcloud",
   "eu.gcr.io": "gcloud",
   "asia.gcr.io": "gcloud",
   "staging-k8s.gcr.io": "gcloud",
   "marketplace.gcr.io": "gcloud"
 }
}
Do you want to continue (Y/n)?  Y
Docker configuration file updated.
Örnek
us-east1 için şöyle yaparız
gcloud auth configure-docker us-east1-docker.pkg.dev
GCR'ye Image Push
1. Yerel image retag'lenir
2. Sonra image push'laınr
Örnek
Yerel image'a retag atmak için şöyle yaparız
docker tag hello-world:latest gcr.io/PROJECT_ID/hello-world:v1
Kontrol etmek için şöyle yaparız
docker images
Push'lamak için şöyle yaparız
docker push gcr.io/PROJECT_ID/hello-world:v1
Kontrol etmek için şöyle yaparız
docker pull gcr.io/PROJECT_ID/hello-world:v1
Örnek
Şöyle yaparız
docker tag my-image us-east1-docker.pkg.dev/my-project/my-repo/test-image
docker push us-east1-docker.pkg.dev/PROJECT-ID/REPOSITORY/IMAGE:TAG


GCR'yi Başka Bir Kubernetes Ortamından Kullanmak - imagePullSecrets

Authentication
Herhangi bir GCR'ye erişmek için doğrulama gerekir. 

1. Create Credentials for GCR
Adımlar şöyle
1. Go to the GCP Console. Select “API & Services” > “Credentials”
2. Select “Create credentials” > “Services Account Key” > “Create New Services Account”.
3. And then, fill the service account name, and for the Role, select the Viewer
4. And click Create. After we create, the credential will automatically be downloaded in a JSON file.
2. Add a Kubernetes Secret in Kubernetes Cluster
Örnek
Şöyle yaparız. secret ismi gcr-json-key. Dosya ismi json-key-file-from-gcp.json
$ kubectl create secret docker-registry gcr-json-key \
--docker-server=asia.gcr.io \
--docker-username=_json_key \
--docker-password="$(cat ~/json-key-file-from-gcp.json)" \
--docker-email=any@valid.email
Secret'ı kontrol etmek için şöyle yaparız
$ kubectl get secret
NAME         TYPE                                  DATA   AGE
gcr-json-key kubernetes.io/dockerconfigjson        1      6s
3: Using the Secret for Deployment
Burada iki seçenek var. Bunlar şöyle
- Add the secret into ImagePullSecrets in default service account in a Kubernetes’s namespace.   With this  method, every pod that will be deployed will use the secret when pulling the images.

- The other way is, add the secret directly to deployment configuration to each pod who needs it.
kubetctl komutuna eklemek için şöyle yaparız
$ kubectl patch serviceaccount default \
-p '{"imagePullSecrets": [{"name": "gcr-json-key"}]}'
yaml dosyasına eklemek için şöyle yaparız. Burada image isminde "gcr.io/PROJECT_ID/hello-world" gibi bir şey kullanıldığını görebiliriz.
apiVersion: v1
kind: Pod
metadata:
  name: august
spec:
  containers:
  - name: august
    image: asia.gcr.io/personal-project/august:latest
  imagePullSecrets:
  - name: gcr-json-key


18 Temmuz 2022 Pazartesi

DO-330 Software Tool Qualification Considerations

Giriş
Açıklaması şöyle. Yani bir DO-178C hedefi için bir araç kullanıyorsak bu aracın qualify edilmesi gerekiyor.
Many verification activities can be performed either manually or by using automated tools to help run the analysis. When automated tools are used to achieve a DO-178C objective without their output being verified, those tools must be qualified for use following the DO-330 Guidelines.
Açıklaması şöyle. Toplam 5 Tool Qualification Level (TQL) seviyesi var. Bunlar da 3 gruba ayrılmışlar.
If you use any commercial verification tools to automate DO-178C verification processes and don’t plan on manually reviewing output from the tools, they will need to be qualified at the appropriate tool qualification level.
Ancak aracın nasıl qualify edilmesi gerektiği D0-178C belgesinde yok. Açıklaması şöyle
DO-178C itself describes when a tool must be qualified, but does not go into detail on how this should be done.

The ED-215/DO-330: Software Tool Qualification Considerations supplement to DO-178C expands on this guidance by defining corresponding objectives for the specification, development and verification of qualified tools.

DO-330 guidance can be applied to any tools, not just those used for software development or verification, for example systems design or hardware development tools, and acts more like a stand-alone guidance document.
Bunu açıklayan belge DO-330. Açıklaması şöyle
The ED-215/DO-330: Software Tool Qualification Considerations supplement to DO-178C expands on this guidance by defining corresponding objectives for the specification, development and verification of qualified tools.

DO-330 guidance can be applied to any tools, not just those used for software development or verification, for example systems design or hardware development tools, and acts more like a stand-alone guidance document.
Qualification Seviyeler Nasıldır?
Açıklaması şöyle. Toplam 5 Tool Qualification Level (TQL) seviyesi var. Bunlar da 3 gruba ayrılmışlar.
DO-178C defines 3 sets of tool assessment criteria which, when combined with the DAL level of your software, are used to classify tool at one of 5 different Tool Qualification Levels (TQLs) as shown in table image attached to the post.
Şeklen şöyle

TQL seviyelerinin açıklaması şöyle.  Yani TLQ1 araçlar çok daha sıkı test edilmeli.
Tools with a lower numbered TQL (e.g. 1) must be tested more rigorously than those with a higher numbered TQL (e.g. 5), and the rigor of testing needed for tools with lower numbered TQLs approaches the rigor needed for testing DAL A software.
Bazı örneklerin açıklaması şöyle. Code Generator araçlar Criteria 1, doğrulama araçları da Criteria 3 olabiliyor.
For example, a code generator tool that converts an architectural description of the software into package or class structures fulfils criteria 1.

Verification tools typically fall into Criteria 3 (and are thus classified at TQL-5) as they neither create airborne software nor eliminate or reduce any processes other than the ones for which they are intended.

Criteria 2 typically applies in cases such as model-based testing with a qualified code generator. In this case, the task of verifying the generated code is eliminated or reduced in favor of testing the model, and so the model-based testing tool meets criteria 2.

14 Temmuz 2022 Perşembe

Open standard for Authorization - OAuth2 Scopes Nedir

OAuth 2.0 Scopes Nedir
Açıklaması şöyle. Resource Server üzerinde farklı scope'lar için farklı endpoint'ler bulunabilir.
OAuth 2.0 scopes is a feature that lets users decide if the application will be authorized to make something restricted. For example, you could have “read” and “write” scopes. If an application needs the write scope, it should ask the user this specific scope.
Role İçin Scope - Kullanmayın
Açıklaması şöyle
The very first authorization pattern developers implement involves differentiating “normal users” and “admins.” It’s very easy to create an OAuth2 scope to represent the “admin” permission. When a user that is determined to be an admin that logs in, developers rely on the authentication system to place this admin scope into the JSON Web Token (JWT) that is minted for that user. Every call to a protected resource checks the JWT for this “admin” scope, and life appears to be good. Except life is rarely that simple and any serious application quickly runs into four problems.
Bunun sebeplerinden birisi şöyle
Applications grow to have many types of resources, and each of these resources (documents, reports, projects, repositories) support a few different operations (create, read, update, delete, list). A fine-grained permission system often creates a cartesian product of these resource/operation tuples, resulting in dozens (or hundreds) of scopes. Injecting all of these scopes into a JWT isn’t possible, since the HTTP authorization header will eventually exceed size limits.

6 Temmuz 2022 Çarşamba

Jira Dashboard

Giriş
Benim bildiğim yöntem şöyle. Başka ve daha kolay bir yolu var mı bilmiyorum.
1. Filters/Advanced Issue Search menüsünü kullanarak bir filtre yarat ve bunu "Save as" ile isim vererek kaydet

2. Dashboard / Create Dashboard menüsünü kullanarak boş bir dashboard yarata. 
Boş dashboard'daki "Add a new gadget" linkini tıkla
"Filter Results" gadget'ı seç ve yeni eklenen filtreyi bu gadget içinde kullan.

Google Cloud - gsutil komutu

cp seçeneği
Örnek
Şöyle yaparız
gsutil cp rlwy04-1657028737.tar.gz gs://product-oce-private-okd4-cluster/rlwy04.tar.gz
iam seçeneği
Örnek
Şöyle yaparız
Şöyle yaparız
#Storage bucket in GCS
# Select GCP project
$  gcloud config set project [project-name]

# Create a GCS bucket
$  gsutil mb -l us-central1 -b on gs://my-vitess-operator-backup-bucket
Creating gs://my-vitess-operator-backup-bucket/...

# Create a GCP service account
$ gcloud iam service-accounts create my-backup-service-account
Created service account [my-backup-service-account].

# Grant the service account access to the bucket gsutil iam ch
$ gsutil iam ch serviceAccount:my-backup-service-account@planetscale-dev.iam.gserviceaccount.com:objectViewer,objectCreator,objectAdmin \
gs://my-vitess-operator-backup-bucket

mb seçeneği
Örnek
Şöyle yaparız
#Storage bucket in GCS
# Select GCP project
$  gcloud config set project [project-name]

# Create a GCS bucket
$  gsutil mb -l us-central1 -b on gs://my-vitess-operator-backup-bucket
Creating gs://my-vitess-operator-backup-bucket/...