gcloud container clusters delete seçeneği - Cluster Siler

Giriş

gcloud container clusters create ile yaratılan cluster silinir

Örnek

Şöyle yaparız

gcloud container clusters delete <my-cluster>

gcloud container clusters get-credentials seçeneği - Kubeconfig Entry yaratır

Giriş

Bu komutu çalıştırdıktan sonra yeni bir Kubeconfig yaratılır. Context listesini görmek için şöyle yaparız

kubectl config get-contexts
CURRENT   NAME                                        CLUSTER                                     AUTHINFO                                    NAMESPACE
          docker-desktop                              docker-desktop                              docker-desktop
*         gke_hazelcast-33_us-central1-c_orcun-test   gke_hazelcast-33_us-central1-c_orcun-test   gke_hazelcast-33_us-central1-c_orcun-test

Context değiştirmek için şöyle yaparız

kubectl config use-context my-context-name

Örnek

Şöyle yaparız

gcloud container clusters get-credentials <my-cluster>

-project seçeneği

Örnek

Şöyle yaparız

gcloud container clusters get-credentials orcun-test 
--zone us-central1-c 
--project hazelcast-33

--zone seçeneği

Örnek

cluster'a login olmak için şöyle yaparız

gcloud container clusters get-credentials mycluster --zone us-central1-a

Topological Sort - Which Tasks Should Be Executed First

Birbirine bağımlı olan işleri dikkate alacak şekilde graph'ı sıralar. Graph'ın directed olması gerekir. Açıklaması şöyle.

The minimum spanning tree ensures that your internet traffic gets delivered even when cables break.

Topological sort is used in project planning to decide which tasks should be executed first.

Disjoint sets help you efficiently calculate currency conversions between NxN currencies in linear time

Graph coloring can in theory be used to decide which seats in a cinema should remain free during a infectious disease outbreak.

Detecting strongly connected components helps uncover bot networks spreading misinformation on Facebook and Twitter.

DAGs are used to perform very large computations distributed over thousands of machines in software like Apache Spark and Tensorflow

Graph içinde cycle yani döngüler olmamalı. Yani Directed Acyclic olmalı. Açıklaması şöyle.

For instance, the vertices of the graph may represent tasks to be performed, and the edges may represent constraints that one task must be performed before another; in this application, a topological ordering is just a valid sequence for the tasks. A topological ordering is possible if and only if the graph has no directed cycles, that is, if it is a directed acyclic graph (DAG)

Graph Algoritmaları

Algoritmalar

Algoritmaları şeklen gösteren bir link burada

1. Breadth First Search. LeetCode Breadth First Search yazısına bakabilirsiniz

2. Depth First Search

3. Dijkstra's Shortest Path

4. Cycle Detection

5. Strongly Connected

6. Topological Sorting

7. Graph Coloring

8. Maximum Flow

9. Matching

10. Minimum Spanning Tree

11. B+ Tree

Tam olarak Graph Veri Yapısı sayılmasa da not almak istedim. Temel kural şöyle.

Root hariç her düğümde 3 pointer ve en az 1 leaf node olmalı.

Graph Nerede Kullanılır

1. Optimization Problems

Açıklaması şöyle.

Algorithms like Dijkstra's enable your navigation system / GPS to decide which roads you should drive on to reach a destination.

The Hungarian Algorithm can assign each Uber car to people looking for a ride (an assignment problem)

Chess, Checkers, Go and Tic-Tac-Toe are formulated as a game tree (a degenerate graph) and can be "solved" using brute-force depth or breadth first search, or using heuristics with minimax or A*

Flow networks and algorithms like maximum flow can be used in modelling utilities networks (water, gas, electricity), roads, flight scheduling, supply chains.

2. Specialized types of graphs
Açıklaması şöyle.

Bayesian networks were used by NASA to select an operating system for the space shuttle

Neural networks are used in language translation, image synthesis (such as fake face generation), color recovery of black-and-white images, speech synthesis

Graph İçin Temel Bilgiler

1. Düğüm

Vertex veya node olarak adlandırılır.

2. Directed Graph
Tek yönlüdür. Şöyledir.

A —> B —> <— C 
     |
     v
     E <— F —> D —> G

X -> <- Y

node : neighbors
  A  :  [B]
  B  :  [C, E]
  C  :  [B]
  D  :  [G]
  E  :  []
  F  :  [E, D]
  G  :  []
  X  :  [Y]
  Y  :  [X]

3. Undirected Graph
Düğümler arasında yön bilgisi yoktur. Çizgiler için genellikle bir ağırlık verilir.

A--5--B
|   /
2  3
| /
 C

4. Graph İçin Kullanılan Temel Veri Yapıları
Sparse olan graph'lar için adjacency list - komşuluk listesi - kullanılır. Dolu olan graph'larda ise adjaceny matrix kullanılır. Adjaceny list şuna benzer.

* 1   -> 2   4
* 2   -> 3   1
* 3   -> 2   4
* 4   -> 3   1

Düğümün komşularını saklamak için vector, list, hashmap gibi herhangi bir veri yapısı kullanılabilir. Basit bir Java örneği

public class SimpleAdjacencyList {
    private Map<Integer, List<Vertex>> adjacencyList = new HashMap<>();
}

Yukarıdaki kodda Map Value değeri için şöyle bir sınıf tanımlamak daha iyi olabilir.

public class DirectedGraphNode {
    String val;
    List<DirectedGraphNode> neighbors;
}

Session Fixation Nedir ?

Giriş

Açıklaması şöyle

What is Session Fixation?

In Session Fixation attacks, the attacker hijacks a valid user session. We said that we sign the cookie in order to be sure that no one can hijack another user's valid session. But what if the attacker has his own valid session and tries to associate it with another user? in this case he can perform actions on behalf of the victim.

The problems occur when we are not generating new sessionIds(unique identifier) on actions like Login.

How can the Attacker do this?

One of the cases is when attacker has physical access to the computer. As an attacker, I go to the university and I choose one of the shared computers, then I sign into my account on the vulnerablewebsite.com and then without doing the logout (which normally destroys the session in the server store), I leave an open login page on vulnerablewebsite.com and before that I have to copy my valid sessionId. Now the victim is using this computer and if the victim signs in, the attacker sessionId is associated with the victim's account. 

Yani A kişisi giriş (login) yaptıktan sonra çıkış (log out) yapmıyor. Daha B kişisi geliyor ve  giriş yapıyor. Sunucu ikinci kişi için yeni bir session id üretmek yerine A kişisine ait session id değerini kullanmaya devam ediyor. Böylece A kişisi B kişisinin bilgilerine erişebilir

Çözüm

Her giriş işleminde yeni bir session id üretmek

Server Side Public License (SSPL) Lisans

Giriş

Server Side Public License (SSPL) başarılı açık kaynak projeler tarafından kullanılıyor. Amaç bulut sağlayıcılarının açık kaynak projeyi yeniden paketleyerek gelir elde edip, açık kaynak projeye hiç bir katkıda bulunmamasını önlemek. 

Messagepack

Giriş

Açıklaması şöyle

MessagePack is a great choice when you need a balance between speed and cross-language compatibility. It’s suitable for real-time applications and situations where data size reduction is crucial.

Google Cloud - Google Kubernetes Engine (GKE)

Giriş

Açıklaması şöyle. İlk üçüne bakarsak gittikçe daha fazla Google tarafından yönetilen (managed) ortam sağlıyor

Google has five options for running containers which are:

1. GKE Standard

2. GKE Autopilot

3. Cloud Run

4. App Engine Flex : App Engine Flex has been more or less completely superseded by Cloud Run.

4. GCE with Containers : Only really appropriate for very small deployments.

GKE

Açıklaması şöyle

if you have an Azure-based deployment, you can assign specific zones to Azure Kubernetes Service (AKS). If you use Google Cloud, you can leverage Google Kubernetes Engine (GKE) to select multi-zone or region clusters (each option offers different benefits and drawbacks in terms of redundancy, cost, and proximity to the end-user).

GKE Standard vs Autopilot

Açıklaması şöyle

The main difference between these is that Autopilot applies a level of Google opinionation to the cluster and makes node management their responsibility.... Interestingly Google has recently made autopilot the default option when provisioning new clusters, recommending it for the majority of workloads with a potentially lower TCO as per the diagram below.

Cloud Run

Açıklaması şöyle

Cloud Run is Google’s ‘serverless’ container offering where all you need to do is to deploy your container image to the service and Google takes care of everything else. 

aws s3 seçeneği

Giriş

Açıklaması şöyle

The main difference between aws s3 command and aws s3api command is that 

aws s3 command is a higher-level abstraction that provides a more simplified and easier-to-use interface, while the aws s3api command provides a more direct and granular interface to the underlying S3 API.

1. s3 komutu

s3 cp

cp

Söz dizimi şöyle

aws s3 cp <kaynak dosya veya dizin>  <s3://bucket ismi> [-- seçenekleri]

Örnek - cp ile kopyalama

Şöyle yaparız

aws --endpoint-url=http://localhost:4566 \
  s3 cp cafezin.png \
  s3://bucket-example

Örnek

Şöyle yaparız

aws s3api create-bucket --bucket your-unique-bucket-name --region us-east-1

echo "Hello, S3!" > hello.txt
aws s3 cp hello.txt s3://your-unique-bucket-name/

Örnek - cp ile recursive kopyalama

Şöyle yaparız

aws s3 cp /path/to/batch_input s3://my-bucket/batch-input/ --recursive

s3 ls - ls ile listeleme

Örnek

Şöyle yaparız

aws --endpoint-url=http://localhost:4566 \
 s3 ls \
 s3://bucket-example/

s3 mb

Örnek

s3 bucket yaratmak için şöyle yaparız

aws s3 mb s3://my.private.maven

s3 rb

Örnek

Şöyle yaparız

aws s3 rb s3://your-unique-bucket-name --force
aws iam delete-role --role-name CrossRegionReplicationRole

s3 presign - Shareable Link

Örnek

Şöyle yaparız

aws s3 presign s3://your-unique-bucket-name/hello.txt --expires-in 3600

s3 website

Örnek

bucket_policy.json içinde şöyle yaparız

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "PublicReadGetObject",
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::testbucket/*"
    }
  ]
}

Şöyle yaparız

# sync the website folder that contains our files to the S3 bucket 
aws --endpoint-url=http://localhost:4566 s3 sync .\website\ s3://testbucket

# enable static website hosting on the bucket and configure the index and error documents:
aws --endpoint-url=http://localhost:4566 s3 website s3://testbucket/ \
  --index-document index.html 
  --error-document error.html

2. s3api komutu

s3api create bucket

Örnek

Localstack kullanıyorsak onun üzerinde yaratmak için şöyle yaparız

aws --endpoint-url=http://127.0.0.1:4566 \
  s3api create-bucket \
  --bucket bucket-example

s3api list-objects

Örnek

Şöyle yaparız

# create s3 bucket
aws --endpoint-url=http://localhost:4566 s3api create-bucket --bucket testbucket

# list s3 buckets
aws --endpoint-url=http://localhost:4566 s3api list-buckets

# copy test file to the created bucket.
aws --endpoint-url=http://localhost:4566 s3 cp test.txt s3://testbucket

# check files
aws --endpoint-url=http://localhost:4566 s3api list-objects --bucket testbucket

3. s3api put-bucket-versioning

Örnek

Şöyle yaparız

aws s3api put-bucket-versioning --bucket your-unique-bucket-name
  --versioning-configuration Status=Enabled

Localstack awslocal komutu

Giriş

Açıklaması şöyle

When interacting with LocalStack to emulate AWS services it’s important to configure your AWS CLI or SDK to point to the LocalStack endpoint URL. This allows you to interact with LocalStack easily without having to specify the --endpoint-url option every time you run a command.

Another option is installing a tool called “awslocal” which is a wrapper around the AWS CLI for LocalStack. It automatically configures the CLI to use the LocalStack endpoint URL, saving you from the manual step of specifying the --endpoint-url option.

Açıklaması şöyle

awslocal is a thin wrapper and a drop-in replacement for the aws command that runs commands directly against LocalStack

1. awslocal Olmadan

Örnek

Şöyle yaparız

# create s3 bucket
aws --endpoint-url=http://localhost:4566 s3api create-bucket --bucket testbucket

# list s3 buckets
aws --endpoint-url=http://localhost:4566 s3api list-buckets

# copy test file to the created bucket.
aws --endpoint-url=http://localhost:4566 s3 cp test.txt s3://testbucket

# check files
aws --endpoint-url=http://localhost:4566 s3api list-objects --bucket testbucket

Örnek

bucket_policy.json içinde şöyle yaparız

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "PublicReadGetObject",
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::testbucket/*"
    }
  ]
}

Şöyle yaparız

# sync the website folder that contains our files to the S3 bucket 
aws --endpoint-url=http://localhost:4566 s3 sync .\website\ s3://testbucket

# enable static website hosting on the bucket and configure the index and error documents:
aws --endpoint-url=http://localhost:4566 s3 website s3://testbucket/ \
  --index-document index.html 
  --error-document error.html

2. Bash Başlatmak

Localstack içinden awslocal çıkıyor. Container'a bash açmak yeterli. Şöyle yaparız

docker exec -it <container_id> /bin/bash

sqs seçeneği

Örnek

Şöyle yaparız

$awslocal sqs create-queue --queue-name test-queue

$awslocal sqs list-queues

{
  "QueueUrls" : [
    http:/localhost:4566:/000000/test-queue"
  ]
}

s3 seçeneği

Örnek - High Level Command

Şöyle yaparız. Yeni bir bucket yaratır

awslocal s3 mb s3://my-test-bucket

Örnek -  - Low Level Command

Şöyle yaparız. Yeni bir bucket yaratır

awslocal s3api create-bucket \
--bucket mybucket \
--create-bucket-configuration LocationConstraint=eu-central-1

Localstack Nedir

Giriş

Açıklaması şöyle. Yani AWS servisleri için bir  emülatör

LocalStack is a cloud service emulator that runs in a single container on your laptop or in your CI environment. With LocalStack, you can run your AWS applications or Lambdas entirely on your local machine without connecting to a remote cloud provider! Whether you are testing complex CDK applications or Terraform configurations, or just beginning to learn about AWS services, LocalStack helps speed up and simplify your testing and development workflow.

Açıklaması şöyle

LocalStack is a cloud service emulator that runs AWS services solely on your laptop without connecting to a remote cloud provider .

Kurulum

Açıklaması şöyle

There are several ways to install LocalStack (LocalStack CLI, LocalStack Cockpit, Docker, Docker-Compose, Helm).

Docker

Örnek

Şöyle yaparız

docker run --rm -it 
  -p 4566:4566 
  -p 4510-4559:4510-4559 
 localstack/localstack

Radix Tree

Giriş

Açıklaması şöyle

Radix Tree is a compressed prefix trees (trie) that work really well for fast lookups.

Trie yazısına bakabilirsiniz

Örnek

Elimizde şu kelimeler olsun

romane

romanus

romulus

rubens

ruber

rubicon

rubicundus

Trie hali şöyledir

Radix Tree hali şöyledir

SQL Bomb

Örnek

Şöyle yaparız

SELECT a || a || a || a as a from (SELECT 'aaaa' || rand() as a) t
SELECT a || a || a || a as a from ("SELECT 'aaaa' as a) t

GoF - Abstract Factory Örüntüsü

Örnek

Elimizde şöyle bir hiyerarşi olsun

// Abstract Product - Button
public interface Button {
  void render();
}

// Concrete Product - WindowsButton
public class WindowsButton implements Button {
  @Override
  public void render() {
    System.out.println("Rendering a Windows button");
  }
}

// Concrete Product - MacButton
public class MacButton implements Button {
  @Override
  public void render() {
    System.out.println("Rendering a Mac button");
  }
}

Şöyle yaparız

// Abstract Factory
public interface GUIFactory {
  Button createButton();
}

// Concrete Factory - WindowsFactory
public class WindowsFactory implements GUIFactory {
  @Override
  public Button createButton() {
    return new WindowsButton();
  }
}

// Concrete Factory - MacFactory
public class MacFactory implements GUIFactory {
  @Override
  public Button createButton() {
    return new MacButton();
  }
}

Amazon Web Service EC2 Instance Çeşitleri

Hazır Tanımlanmış EC2'ler şöyle.

They are grouped into families that emphasize some possibilities for your workloads:

General Purpose (Genel Amaçlı) – also known as balanced instances, best for web servers, microservices, small and medium databases, development environments, and code repositories.

Compute Optimized (İşlem İçin Optimize Edilmiş) – designed for compute-intensive workloads, like batch processing, data analytics, scientific modeling, dedicated gaming servers, machine learning, and high-performance computing.

Memory-Optimized (Bellek İçin Optimize Edilmiş) – memory-intensive applications that process large data sets in memory, such as databases and real-time streaming.

Accelerated Computing (Hızlandırılmış Bilişim) – used for graphics processing, machine learning, data pattern matching, and other numerically intensive workloads.

Storage Optimized (Depolama İçin Optimize Edilmiş) – designed for high, sequential read and write access to very large data sets on local storage. Best for NoSQL databases, in-memory databases, data warehousing, Elasticsearch, analytics workloads.

General Purpose  - Burstable Instances

Açıklaması şöyle

In AWS, there are many Instance Families. One of them is burstable general-purpose instances, which are basically T Instance Family.

The T Instance Family offers a baseline CPU performance but it also has the ability to burst above the baseline at any time as logs as required. Which is essential for business-critical or unknown behavior of the workloads.

Burstable Olması Ne Demek

Açıklaması şöyle

Burstable Instances earn CPU credits while running below the baseline and spending them when bursting.

Bazı kavramlar şöyle

Earned Credits: The amount of credits an instance earns while running

Used Credits: When a burstable instance is in the running state, it will continuously use CPU credits. 

Accrued Credits: Difference between the earned credits and used credits is called accrued credits.

Örnek - General Purpose T2.medium

Açıklaması şöyle

For a typical, simple microservice application, a minimum configuration of t2.medium instance type should do the work. T2 instances are the lowest-cost general purpose instance type. You can easily change your instance types if after a while your needs change.

Yazılım Mimarisi - Event Driven Architecture (EDA) - Claim Check

Giriş

Açıklaması şöyle

This pattern could be used whenever a message cannot fit the supported message limit of the chosen message bus technology. 

Açıklaması şöyle

For example, a message may contain a set of data items that may be needed later in the message flow, but that are not necessary for all intermediate processing steps. We may not want to carry all this information through each processing step because it may cause performance degradation and makes debugging harder.

Sending such large messages to the message bus directly is not recommended, because they require more resources and bandwidth to be consumed. Also, most messaging platforms have limits on message size, so you may need to work around these limits for large messages.

Çözüm

Açıklaması şöyle. Yani veri tabanı gibi bir yere kaydedip ID değerini gönderiyoruz

Store the entire message payload into an external service, such as a database. Get the reference to the stored payload and send just that reference to the message bus. The reference acts like a claim check used to retrieve a piece of luggage, hence the name of the pattern. Clients interested in processing that specific message can use the obtained reference to retrieve the payload, if needed.

Mesaj işlendikten sonra veri tabanından silinebilir

Mutual TLS - mTLS

Giriş

Açıklaması şöyle

mTLS helps ensure that the traffic is secure and trusted in both directions between a client and server. This provides an additional layer of security for users who log in to an organization’s network or applications. It also verifies connections with client devices that do not follow a login process, such as Internet of Things (IoT) devices.

Nowadays, mTLS is commonly used by microservices or distributed systems in a zero trust security model to verify each other.

Yani TLS client authentication veya istemcinin kendi sertifikasını sunması demek. Açıklaması şöyle. Eskiden genellikle VPN gibi kapalı ağlarda kullanılıyordu.

TLS client authentication (requiring clients to present certs) is something you usually see on VPN servers, enterprise WPA2 WiFi access points, and corporate intranets. These are all closed systems where the sysadmin has full control over issuing certs to users, and they use this to control which users have access to which resources. This makes no sense in a public website setting, and is definitely a non-standard config for an HTTPS webserver.

İstemci Sertifikası Şifreleme İçin Kullanılmaz

Açıklaması şöyle

The certificate of the client is only used to authenticate the client. It is not used in key exchange which happens before the client even sends the certificate and proves ownership of the private key. The client certificates is thus neither directly nor indirectly included in the traffic encryption or MAC

Pagination Yöntemleri

1. Offset pagination

Açıklaması şöyle

In this type of pagination, the client sends a request specifying the page number and the number of items per page. Ultimately, this translates into an SQL query using limit and offset.

Örnek

Şöyle bir istek gönderilir

GET /api/v1/bookings?page=1&size=3

2. Token pagination

Açıklaması şöyle

Token pagination can be implemented in different ways. I’ll show you one of them.

In the initial request, we send a typical search query. The response contains the token to retrieve the next portion of data.

In following requests, we send only the next token.

To avoid storing unnecessary states on the backend, we can embed the search query and the ID of the last returned item into a token. We can then compress the data using gzip or snappy and convert it, for instance, to base62.

Örnek

İlk istek ve cevabı şöyledir

/api/v1/logs?categories=bookings,orders&size=100&sort=createdAt:desc

Response
{ 
  data: [...], 
  next: "2H83GdysPu"
}

İkinci istek ve cevabı şöyledir

Request
/api/v1/logs?next=2H83GdysPu

Response
{ 
  data: [...], 
  next: "v95Gdkta3d"
}

Örnek - Token pagination from different sources

Açıklaması şöyle. Yani booking_logs ve  order_logs kayıtlarından kaldığı yerden 3 tane daha alırız ve toplam 6 kayıt göndeririz. Son gönderdiğimiz kayıtların ID'lerini de cevaba ilave ederiz.

Let’s say we have multiple sources: booking_logs and order_logs, and we need to return combined data from both sources.

With token pagination, we can embed the last returned ID from each source into the token. When executing a request for 3 items, we select 3 items from each source, and then sort them on the backend to determine which specific items to return.

OAuth2 Refresh Token Grant

Giriş

Eğer Expired 401 hatası alıyorsak bu grant tipi ile token'ın yenilenmesi istenir. Açıklaması şöyle.

The authorization server will respond with a JSON object containing the following properties:

- token_type with the value Bearer
- expires_in with an integer representing the TTL of the access token
- access_token the access token itself
- refresh_token a refresh token that can be used to acquire a new access token when the original expires

Şeklen şöyle

OAuth2 Client Credentials Grant - Sunucular Arasında Kullanılır

Giriş

Açıklaması şöyle.

Intended for the server-to-server authentication, this flow describes an approach when the client application acts on its own behalf rather than on behalf of any individual user. In most scenarios, this flow provides the means to allow users to specify their credentials in the client application, so it can access the resources under the client’s control.

Açıklaması şöyle. İnsan müdahalesi olmadan bilgisayarlar arasında kullanılır.

The OAuth 2.0 Client Credentials Grant type is exclusively used for scenarios in which no user exists (CRON jobs, scheduled tasks, other data workloads, etc.).
...
The goal of the Client Credentials Grant is to allow two machines to communicate securely. In this grant type, you have a client (think of this as your application) making API requests to another service (this is your resource server).

Bundan önce Basic Authentication vardı. Açıklaması şöyle.

Before OAuth 2.0, the way developers handled server-to-server authentication was with HTTP Basic Auth. Essentially, this boiled down to a developer that would send over a server’s unique username and password (often referred to as an ID and secret) on each request. The API service would then validate this username and password on every request by connecting to a user store (database, LDAP, etc.) in order to validate the credentials.

Akış şöyle

     +---------+                                  +---------------+
     |         |                                  |               |
     |         |>--(A)- Client Authentication --->| Authorization |
     | Client  |                                  |     Server    |
     |         |<--(B)---- Access Token ---------<|               |
     |         |                                  |               |
     +---------+                                  +---------------+

Örnek

URL'ye şöyle yazarız. Yani Client Credentials gönderiyoruz

localhost:8080/oauth/token?grant_type=client_credentials&scope=any

Diğer parametreleri de eklemek gerekir. Açıklaması şöyle

Please make sure you've added your clientId and client secret in the basic auth header of the authorization tab in postman and you get a successful response like this.

Yani Authorization sekmesinde Basic Auth seçilir. Username Password alanları doldurulur

Cevap olarak şuna benzer bir şey alırız. Yani Access Token alıyruz

{
  "access_token": "qbE0ipKzzX5FNj3OVe8LWu40T_s",
  "token_type": "bearer",
  "expires_in": 43199,
  "scope": "any"
}