How to backup and restore Prometheus?

This blog will show you how to take a backup from a running Prometheus and restore it in some other Prometheus instance. You might ask why would you even want to do something like that? Well, sometimes you want the Prometheus metrics because they were collected for some particular purpose and you want to do some analysis later. Prerequisites/Assumptions This blog assumes that you have a Prometheus running that is deployed using prometheus-operator in monitoring namespace. But even if you have deployed it in some other way modify the commands in few places. ...

July 31, 2020 路 2 min 路 Suraj Deshmukh

Book Review: Getting Things Done

Introduction Recently I completed the book called Getting Things Done: The Art of Stress-free Productivity by David Allen. I read the book on my kindle e-reader device, and as the name suggests, it is a self-help category book and about three hundred pages long. The book is an extraordinary walkthrough of how to set up a system that will help you navigate your daily tasks without missing any of them. This system then enables you to patch up the crevices of your memory from which day-to-day tasks fall through. ...

July 30, 2020 路 9 min 路 Suraj Deshmukh

Framework for managing random scripts and binaries

I always had a conundrum about how to manage the scripts and binaries downloaded randomly from the internet. One way is to put them in the global PATH directory like /usr/local/bin, but I am sceptical about it. There are a couple of things I wanted to solve. How do you update these scripts and binaries? How to do it consistently across all my machines? How to make it easier to have my setup available on any new Linux machine(or even container) I setup? How to do it without sudo? ...

July 18, 2020 路 5 min 路 Suraj Deshmukh

Opinion: Contemporary world vis-脿-vis 1984 by George Orwell

The book 1984 was written by Geroge Orwell in 1949 as an attempt to demonstrate how democraries can also fall into the trap of totalitarianism. The story in the book showcases a dystopian world in the year 1984, where there are only three countries聽in the world, and all of them are in a constant power struggle. All three countries have a totalitarian, oligarchic government of their own. But the story in the book is from a country called Oceania, which is ruled by a party called Ingsoc or English Socialism. This blog is about the similarities of the world in the book 1984 and today. There is no exact present-day equivalent of Ingsoc except, to certain extent, the Communist Party of China. ...

July 5, 2020 路 7 min 路 Suraj Deshmukh

Book Review of Einstein: His Life and Universe

I recently finished this book Einstein: His Life and Universe by Walter Isaacson. And here are my thoughts on the book. It鈥檚 a book that brings the image of Einstein to life. Although the book is a biography, it makes a reasonable effort in explaining the physics behind his theories of relativity, photoelectric effect and quantum physics. Physics in the book can be intimidating to someone coming from the non-Scientific background. Since it is in the early chapters, one might feel a compulsion to abandon the book. Still, I would urge you to persevere, and the story flows like any novel after that. ...

June 20, 2020 路 2 min 路 Suraj Deshmukh

Watch Container Traffic Without Exec

Introduction For the reasons of security, many container deployments nowadays run their workloads in a scratch based image. This form of implementation helps reduce the attack surface since there is no shell to gain access to, especially if someone were to break out of the application. But for the developers or operators of such applications, it is hard to debug. Since they lack essential tools or even bash for that matter, but the application鈥檚 debugging ability should not dictate its production deployment and compromise its security posture. ...

June 6, 2020 路 4 min 路 Suraj Deshmukh

Enabling Seccomp on your Prometheus Operator and related Pods

Seccomp helps us limit the system calls the process inside container can make. And PodSecurityPolicy is the way to enable it on pods in Kubernetes. Prometheus Operator Prometheus Operator makes it really easy to monitor your Kubernetes cluster. To deploy this behemoth, helm chart is the easiest way to do it. Almost all the pods that run as a part of Prometheus Operator viz. Prometheus Operator, Prometheus, Alertmanager, Grafana, Kube State Metrics don鈥檛 need to run with elevated privileges except Node Exporter. In your Kubernetes cluster if you are using PodSecurityPolicy to make sure that your cluster is secure, then you would want your Prometheus Operator pods to run securely as well. And the good news is, Prometheus Operator chart ships PodSecurityPolicy for each sub-component. We will look at how to enable seccomp for all the sub-components. ...

April 14, 2020 路 3 min 路 Suraj Deshmukh