aws komutu

Giriş

Aynı şeyi "AWS Management Console" kullanarak yapmak daha kolay. 

"https://foo.awsapps.com/start" adresine gidilir ve "Management Console" linkine tıklanır

Kurulum

Windows

Örnek

Şöyle yaparız

C:\> msiexec.exe /i https://awscli.amazonaws.com/AWSCLIV2.msi

configure seçeneği

aws configure seçeneği yazısına taşıdım

dynamodb seçeneği

Örnek

Şöyle yaparız

$ aws dynamodb scan    \
--table-name Devices   \
--endpoint-url http://localhost:4566

ec2 seçeneği

Örnek -describe-vpcs

Şöyle yaparız

$ aws ec2 describe-vpcs

Örnek - describe-instances

Şöyle yaparız

aws ec2 describe-instances --region us-east-1

ecr seçeneği - Container Publish Etmek İçindir

aws ecr seçeneği yazısına taşıdım

secretmanager seçeneği

Örnek

Şöyle yaparız

aaws secretsmanager create-secret 
  --name /secret/db-credential 
  --secret-string '{"dbuser": "user1", "dbpassword": "password"}'

İsmi /secret/db-credential olan ve içinde iki tane secret olan bir şey elde ederiz. Şeklen şöyle

s3 seçeneği

aws s3 seçeneği yazısına taşıdım

sqs seçeneği

Örnek - create-queue

Şöyle yaparız

aws --endpoint-url=http://127.0.0.1:4576 sqs create-queue --queue-name test-queue

Örnek - list-queues

Şöyle yaparız

aws --endpoint-url=http://127.0.0.1:4566 sqs list-queues

--version seçeneği

Örnek

Şöyle yaparız

C:\>aws --version
aws-cli/2.8.0 Python/3.9.11 Windows/10 exe/AMD64 prompt/off

Örnek

Şöyle yaparız

$ aws --version 
aws-cli/2.1.29 Python/3.7.4 Darwin/18.7.0 botocore/2.0.0

Amazon Web Service (AWS) - Elastic Kubernetes services(EKS)

Giriş

Açıklaması şöyle

Amazon EKS is a managed service that makes it easy for you to run Kubernetes on AWS without needing to install and operate your own Kubernetes control plane or worker nodes.

Açıklaması şöyle

Amazon EKS helps developers create, deploy and scale Kubernetes applications on-premises or in the AWS cloud. EKS automates tasks such as patching, updates and node provisioning, thereby helping organizations to ship reliable, secure and highly scalable clusters. While doing so, EKS takes away all the tedium and manual configuration tasks to manage Kubernetes clusters, helping to cut-down on efforts of performing repetitive tasks to run your applications.

Since EKS is an upstream offering of Kubernetes, you can use all existing Kubernetes plugins and tools for your application. This service automatically deploys Kubernetes with three master nodes across multiple availability zones for ultimate reliability and resilience. With Role Based Access Control (RBAC) and Amazon’s Identity and Access Management (IAM) entities, you can easily manage security in your AWS clusters using Kubernetes tools, such as kubectl. As one of its core features, EKS allows launching and managing Kubernetes clusters easy using a few easy steps.

AWS EKS vs AWS ECS

Açıklaması şöyle. Yani AWS EKS kullanmak daha mantıklı. 

We chose Kubernetes (EKS) over ECS for several reasons, but the main one was due to its ability to scale up and scale down faster, making it a very effective method. Based on the amount of documentation and actual development being done on the underlying systems; Kubernetes is much more recent and updated than ECS. In addition, it allows developers to have a far less complex infrastructure setup, along with much more complete tooling.

Kubernetes makes it easier to see and understand everything that’s going on with all your deployments. In ECS we had several different services running in different places, but there was no way to see an overview of everything that was running and what was being deployed.

In addition, Kubernetes has several third-party extensions you can add to further improve your experience. For example, our dev team is using Keel which watches for new versions of our services to be pushed and then deploys them automatically.

Another reason to use Kubernetes is because it’s a system made up of several standards that can “run anywhere”. This means if we ever had to do on-prem again it would be easy to port our infrastructure to an on-prem Kubernetes cluster because it speaks the same language. It’s also possible to run a Kubernetes cluster on your own laptop if you want to mirror what was deployed onto a local machine.

Finally, Kubernetes is a more industry-standard system than ECS that exists on every cloud provider, not just AWS. Plus, it’s easier these days to find developers who understand Kubernetes compared to ECS.

Ayrıca How To Migrate From ECS to EKS and the #1 Trick To Make EKS Easier yazısına da bakılabilir. Bu yazıda ECS proprietary (tescilli) teknoloji olduğu için uygulamayı başka bir bulut sağlayıcısına port etmek gerekirse zorluklar olabileceğinden bahsediliyor.

Şeklen şöyle

Bileşenler şöyle

An Amazon EKS cluster consists of the following core objects
- EKS control plane
- EKS nodes(Worker Nodes) that are registered with the control plane
- AWS Fargate Profiles
- VPC

Ekran görüntüsü şöyle. "Add cluster" düğmesi ile yeni cluster eklenir

Cluster'daki node'ların ekran görüntüsü şöyle

Cluster Büyüklüğü

EKS Design: Choosing the cluster and node size yazısına bakılabilir. Yazıdaki bir cümle şöyle

... you will need to decide on the initial cluster and node sizes, and then keep adjusting them until you reach the correct utilization level to achieve a balance between cost and reliability. You can target a utilisation level of between 70 and 80% unless you have a solid justification for using a different level.

eksctl komutu

EKS ile çalışmayı kolaylaştırır. eksctl komutu yazısına taşıdım

Amazon Web Service (AWS) App Runner

Giriş

Açıklaması şöyle

App Runner provides a layer of abstraction of top of Fargate, which lets you just pick an image to run and it does all the autoscaling, load balancing, and SSL configuration for you. 

Another really cool feature is that you can actually connect it to a GitHub project and it will automatically build & deploy when it detects changes (watch out for those build fees though!!). ...

The other option for using App Runner is to upload a container image, which will have everything that’s needed already built, packaged, and ready to go. 

VPC Connector ile container veri tabanına bağlanabilir.

Internet of Things - IoT Duyarga (Sensor) ve Actuator

Giriş

Sensor Türkçeye Duyarga, Actuator ise Eyleyici olarak çevriliyor

Duyargalar şeklen şöyle

Eyleyiciler şeklen şöyle

OpenVPN

Kullanılmayan VPN Bağlantısı

Artık kullanmadığımız bir bağlantıyı silmek için 

C:\Users\user\OpenVPN\config

dizinine gidip bağlantısı ismiyle aynı olan dizini silmek gerekir.

Google Cloud - Google Cloud Registry (GCR)

Giriş

Açıklaması şöyle

Most of the time, developers store their docker images in the Docker Hub. If you are working on a project and you have private images that need to be stored in a private place, most of the time developers configure a nexus server and store it there.

But Google Cloud’s GCR is a perfect solution to this problem. With GCR, you can store, manage, and secure your Docker container images easily. All you want is a service account with proper access permission. GCR is not just a docker repository. You can easily set up CI/CD pipelines with integration to Cloud Build or deploy directly to Google Kubernetes Engine, App Engine, Cloud Functions, or Firebase with GCR.

Sunucu İsimleri

Açıklaması şöyle

- gcr.io hosts images in data centers in the United States, but the location may change in the future

- us.gcr.io hosts images in data centers in the United States, in a separate storage bucket from images hosted by gcr.io

- eu.gcr.io hosts the images in the European Union

- asia.gcr.io hosts images in data centers in Asia

GCloud and configure

Önce şöyle yaparız

Go to Google Container Registry (GCR) and enable the Container Registry API.

Google hesabına giriş için şöyle yaparız

gcloud auth login

Daha sonra servise erişmek gerekir. Açıklaması şöyle

Then run the command to configure authentication with service account credentials. Replace the below variables.

- service_account_name — the name of the service account created in step 01.
- project_id — your project ID
- downloaded_key_file_name — the name of the downloaded key file in step 01.

Servise erişmek için şöyle yaparız

gcloud auth 
  activate-service-account  <SERVICE_ACCOUNT_NAME@PROJECT_ID.iam.gserviceaccount.com> 
  --key-file=<DOWNLOADED_KEY_FILE_NAME>.json

docker konfigürasyonuna GCR'yi eklemek için şöyle yaparız

gcloud auth configure-docker

Çıktısı şöyle

Adding credentials for all GCR repositories.
WARNING: A long list of credential helpers may cause delays running 'docker build'. 
We recommend passing the registry name to configure only the registry you are using.
After update, the following will be written to your Docker config file
located at [/Users/romina/.docker/config.json]:
{
 "credHelpers": {
   "gcr.io": "gcloud",
   "us.gcr.io": "gcloud",
   "eu.gcr.io": "gcloud",
   "asia.gcr.io": "gcloud",
   "staging-k8s.gcr.io": "gcloud",
   "marketplace.gcr.io": "gcloud"
 }
}
Do you want to continue (Y/n)?  Y
Docker configuration file updated.

Örnek

us-east1 için şöyle yaparız

gcloud auth configure-docker us-east1-docker.pkg.dev

GCR'ye Image Push

1. Yerel image retag'lenir

2. Sonra image push'laınr

Örnek

Yerel image'a retag atmak için şöyle yaparız

docker tag hello-world:latest gcr.io/PROJECT_ID/hello-world:v1

Kontrol etmek için şöyle yaparız

docker images

Push'lamak için şöyle yaparız

docker push gcr.io/PROJECT_ID/hello-world:v1

Kontrol etmek için şöyle yaparız

docker pull gcr.io/PROJECT_ID/hello-world:v1

Örnek

Şöyle yaparız

docker tag my-image us-east1-docker.pkg.dev/my-project/my-repo/test-image
docker push us-east1-docker.pkg.dev/PROJECT-ID/REPOSITORY/IMAGE:TAG

GCR'yi Başka Bir Kubernetes Ortamından Kullanmak - imagePullSecrets

Authentication

Herhangi bir GCR'ye erişmek için doğrulama gerekir. 

1. Create Credentials for GCR

Adımlar şöyle

1. Go to the GCP Console. Select “API & Services” > “Credentials”

2. Select “Create credentials” > “Services Account Key” > “Create New Services Account”.

3. And then, fill the service account name, and for the Role, select the Viewer

4. And click Create. After we create, the credential will automatically be downloaded in a JSON file.

2. Add a Kubernetes Secret in Kubernetes Cluster

Örnek

Şöyle yaparız. secret ismi gcr-json-key. Dosya ismi json-key-file-from-gcp.json

$ kubectl create secret docker-registry gcr-json-key \
 --docker-server=asia.gcr.io \
 --docker-username=_json_key \
 --docker-password="$(cat ~/json-key-file-from-gcp.json)" \
 --docker-email=any@valid.email

Secret'ı kontrol etmek için şöyle yaparız

$ kubectl get secret
NAME         TYPE                                  DATA   AGE
gcr-json-key kubernetes.io/dockerconfigjson        1      6s

3: Using the Secret for Deployment

Burada iki seçenek var. Bunlar şöyle

- Add the secret into ImagePullSecrets in default service account in a Kubernetes’s namespace.   With this  method, every pod that will be deployed will use the secret when pulling the images.

- The other way is, add the secret directly to deployment configuration to each pod who needs it.

kubetctl komutuna eklemek için şöyle yaparız

$ kubectl patch serviceaccount default \
-p '{"imagePullSecrets": [{"name": "gcr-json-key"}]}'

yaml dosyasına eklemek için şöyle yaparız. Burada image isminde "gcr.io/PROJECT_ID/hello-world" gibi bir şey kullanıldığını görebiliriz.

apiVersion: v1
kind: Pod
metadata:
  name: august
spec:
  containers:
  - name: august
    image: asia.gcr.io/personal-project/august:latest
  imagePullSecrets:
  - name: gcr-json-key

DO-330 Software Tool Qualification Considerations

Giriş

Açıklaması şöyle. Yani bir DO-178C hedefi için bir araç kullanıyorsak bu aracın qualify edilmesi gerekiyor.

Many verification activities can be performed either manually or by using automated tools to help run the analysis. When automated tools are used to achieve a DO-178C objective without their output being verified, those tools must be qualified for use following the DO-330 Guidelines.

Açıklaması şöyle. Toplam 5 Tool Qualification Level (TQL) seviyesi var. Bunlar da 3 gruba ayrılmışlar.

If you use any commercial verification tools to automate DO-178C verification processes and don’t plan on manually reviewing output from the tools, they will need to be qualified at the appropriate tool qualification level.

Ancak aracın nasıl qualify edilmesi gerektiği D0-178C belgesinde yok. Açıklaması şöyle

DO-178C itself describes when a tool must be qualified, but does not go into detail on how this should be done.

The ED-215/DO-330: Software Tool Qualification Considerations supplement to DO-178C expands on this guidance by defining corresponding objectives for the specification, development and verification of qualified tools.

DO-330 guidance can be applied to any tools, not just those used for software development or verification, for example systems design or hardware development tools, and acts more like a stand-alone guidance document.

Bunu açıklayan belge DO-330. Açıklaması şöyle

The ED-215/DO-330: Software Tool Qualification Considerations supplement to DO-178C expands on this guidance by defining corresponding objectives for the specification, development and verification of qualified tools.

DO-330 guidance can be applied to any tools, not just those used for software development or verification, for example systems design or hardware development tools, and acts more like a stand-alone guidance document.

Qualification Seviyeler Nasıldır?

Açıklaması şöyle. Toplam 5 Tool Qualification Level (TQL) seviyesi var. Bunlar da 3 gruba ayrılmışlar.

DO-178C defines 3 sets of tool assessment criteria which, when combined with the DAL level of your software, are used to classify tool at one of 5 different Tool Qualification Levels (TQLs) as shown in table image attached to the post.

Şeklen şöyle

TQL seviyelerinin açıklaması şöyle.  Yani TLQ1 araçlar çok daha sıkı test edilmeli.

Tools with a lower numbered TQL (e.g. 1) must be tested more rigorously than those with a higher numbered TQL (e.g. 5), and the rigor of testing needed for tools with lower numbered TQLs approaches the rigor needed for testing DAL A software.

Bazı örneklerin açıklaması şöyle. Code Generator araçlar Criteria 1, doğrulama araçları da Criteria 3 olabiliyor.

For example, a code generator tool that converts an architectural description of the software into package or class structures fulfils criteria 1.

Verification tools typically fall into Criteria 3 (and are thus classified at TQL-5) as they neither create airborne software nor eliminate or reduce any processes other than the ones for which they are intended.

Criteria 2 typically applies in cases such as model-based testing with a qualified code generator. In this case, the task of verifying the generated code is eliminated or reduced in favor of testing the model, and so the model-based testing tool meets criteria 2.

Open standard for Authorization - OAuth2 Scopes Nedir

OAuth 2.0 Scopes Nedir
Açıklaması şöyle. Resource Server üzerinde farklı scope'lar için farklı endpoint'ler bulunabilir.

OAuth 2.0 scopes is a feature that lets users decide if the application will be authorized to make something restricted. For example, you could have “read” and “write” scopes. If an application needs the write scope, it should ask the user this specific scope.

Role İçin Scope - Kullanmayın

Açıklaması şöyle

The very first authorization pattern developers implement involves differentiating “normal users” and “admins.” It’s very easy to create an OAuth2 scope to represent the “admin” permission. When a user that is determined to be an admin that logs in, developers rely on the authentication system to place this admin scope into the JSON Web Token (JWT) that is minted for that user. Every call to a protected resource checks the JWT for this “admin” scope, and life appears to be good. Except life is rarely that simple and any serious application quickly runs into four problems.

Bunun sebeplerinden birisi şöyle

Applications grow to have many types of resources, and each of these resources (documents, reports, projects, repositories) support a few different operations (create, read, update, delete, list). A fine-grained permission system often creates a cartesian product of these resource/operation tuples, resulting in dozens (or hundreds) of scopes. Injecting all of these scopes into a JWT isn’t possible, since the HTTP authorization header will eventually exceed size limits.

Jira Dashboard

Giriş

Benim bildiğim yöntem şöyle. Başka ve daha kolay bir yolu var mı bilmiyorum.

1. Filters/Advanced Issue Search menüsünü kullanarak bir filtre yarat ve bunu "Save as" ile isim vererek kaydet

2. Dashboard / Create Dashboard menüsünü kullanarak boş bir dashboard yarata. 

Boş dashboard'daki "Add a new gadget" linkini tıkla

"Filter Results" gadget'ı seç ve yeni eklenen filtreyi bu gadget içinde kullan.

Google Cloud - gsutil komutu

cp seçeneği

Örnek

Şöyle yaparız

gsutil cp rlwy04-1657028737.tar.gz gs://product-oce-private-okd4-cluster/rlwy04.tar.gz

iam seçeneği

Örnek

Şöyle yaparız

Şöyle yaparız

#Storage bucket in GCS
# Select GCP project
$  gcloud config set project [project-name]

# Create a GCS bucket
$  gsutil mb -l us-central1 -b on gs://my-vitess-operator-backup-bucket
Creating gs://my-vitess-operator-backup-bucket/...

# Create a GCP service account
$ gcloud iam service-accounts create my-backup-service-account
Created service account [my-backup-service-account].

# Grant the service account access to the bucket gsutil iam ch
$ gsutil iam ch serviceAccount:my-backup-service-account@planetscale-dev.iam.gserviceaccount.com:objectViewer,objectCreator,objectAdmin \
gs://my-vitess-operator-backup-bucket

mb seçeneği

Örnek

Şöyle yaparız

#Storage bucket in GCS
# Select GCP project
$  gcloud config set project [project-name]

# Create a GCS bucket
$  gsutil mb -l us-central1 -b on gs://my-vitess-operator-backup-bucket
Creating gs://my-vitess-operator-backup-bucket/...