Documentation tooling

October 1, 2018 - 5 mins read

documentation

Requirements for tools and documentation Open source tooling Editable with vim, emacs, etc Suitable for version control Suitable for scripting Types of documentation Component diagrams Preferred tool : PlantUML Note PlantUML requires graphviz to be installed to generate component diagrams. # Command line PLANTUML=~/Downloads/plantuml.jar java -jar $PLANTUML -v -tpng src/k8s-runtime.uml -o ../out/ @startuml title Kubernetes skinparam componentStyle uml2 package "Development" { component Developer component [Code\nVCS] as VCS component CI component CD } package "External Services" { component MQ component DB } package "Kubernetes Cluster" { component "Nodes/Pods/Containers" as Service component [Controller] as Controller } package Artifacts { component [Container Registry] as Registry component [Config VCS] as Config } package "External Network" { component [User] as WebBrowser } Developer -l-> VCS : commit VCS -d-> CI : test & build CI -r-> CD CI -d-> Registry : upload image CD -r-> Controller : deploy WebBrowser -u-> Service Service -u-> MQ Service -u-> DB Controller -r-> Registry : fetch Controller -d-> Config : fetch Controller -l-> Service : deploy @enduml Useful parameters for Component Diagrams

Project : Kubernetes log shipping to Splunk

June 1, 2018 - 1 min read

Overview Requirements Platform-wide deployment Self-service event to index routing Self-service sourcetype definition Version 1.0.0 - Event shipping using S2S Notable features, Client-side load-balancing with Splunk https://github.com/michiel/docker-compose-splunk-fluentbit/tree/v1.0.0 Version 1.1.0 - Observability Notable features, Add heartbeat function Read out fluentbit Prometheus metrics Generate Splunk Forwarder metrics with mtail https://github.com/michiel/docker-compose-splunk-fluentbit/tree/v1.1.0 Version 1.2.0 - Shipping over HTTP Notable features, Remove Splunk Forwarder from integration Client-side load-balancing with envoy proxy https://github.com/michiel/docker-compose-splunk-fluentbit/tree/v1.2.0 Resources and references This implementation was originally presented at the Splunk Melbourne meetup 2018-04.

CSSLP Study Notes

May 15, 2018 - 1 min read

csslp

These are my study notes from the CSSLP - Secure Software Lifecycle Professional exam. They cover the main areas of , Security and Risk Management Asset Security Security Architecture and Engineering Communication and Network Security Identity and Access Management Security Assessment and Testing Security Operations Software Development Security No guarantees about accuracy, etc. Downloads, Notes in PDF Notes in EPUB

Project : Implementation fluent-bit filters

March 1, 2018 - 2 mins read

Overview As a light-weight, efficient replacement for fluentd, fluent-bit met almost all the requirements for lifting Kubernetes logs, transforming them to Splunk HEC format and forwarding them to a Splunk HEC instance. This solution gives us, Resource efficiency No further processing before index storage required by Splunk Self-service index routing and sourcetype specification via Pod labels At this point, fluent-bit is missing two key pieces required to complete the transformation to HEC format.