Nguyen Thi Kim Tuyen tuyen03a128

Commit Message Conventions

These rules are adopted from the AngularJS commit conventions.

Kubernetes Commands

Helper setup to edit .yaml files with Vim:

VIM Setup for Yaml files

List of general purpose commands for Kubernetes management:

Amazon Web Services (AWS) & Google Cloud Platform (GCP) explained in simple English

This guide is only representative from my point of view and it may not be accurate and you should go on the official AWS & GCP websites for accurate and detailed information. It's initially inspired by AWS in simple English and GCP for AWS professionals. The idea is to compare both services, give simple one-line explanation and examples with other software that might have similiar capabilities. Comment below for suggestions.

Category	Service	AWS	GCP	Description	It's like
Compute	IaaS	Amazon Elastic Compute Cloud (EC2)	Google Compute Engine	Type-1 virtual servers	VMware ESXi, Citrix XenServer
	PaaS	AWS Elastic Beanstalk	Google App Engine	Running your app on a platform

Build docker image

$ cd /path/to/Dockerfile
$ sudo docker build .

View running processes

Đọc bài này Secure your containers one weird trick của một bác bên Redhat thấy hay nên mình tạm dịch ở đây. Ý của bác này là nên bỏ các Linux capability khỏi container, cần dùng capability nào thì thêm vào. Một kiểu như là quản lý không xuể thì nên cấm ngay từ đầu.

Bạn có biết có một tùy chọn có thể tắt Linux capabilities trong Docker? Sử dụng docker run --cap-drop bạn có thể khóa root trong container để nó có quyền truy cập giới hạn trong container.

[[images/docker_option_cap.png]]

Đáng buồn là hầu hết không ai từng thắt chặt security cho một container.

Trong bài này mình để nguyên từ "capability" trong "Linux capability" mà không dịch là "khả năng" để bạn biết đó là một khái niệm của Linux.

	#!/bin/sh

	################################################################################
	## ##
	## The Art of Computer Programming by Donald E. Knuth. ##
	## ##
	################################################################################


	## Volume 1 - Fundamental Algorithms, 3rd Edition

	#!/bin/sh
	set -e

	# This script is meant for quick & easy install via:
	# $ curl -fsSL https://get.docker.com -o get-docker.sh
	# $ sh get-docker.sh
	#
	# For test builds (ie. release candidates):
	# $ curl -fsSL https://test.docker.com -o test-docker.sh
	# $ sh test-docker.sh

	#!/usr/bin/env bash

	# Invoke this script: arglist.sh one two three
	E_BADARGS=85

	if [ ! -n "$1" ]; then
	echo "Usage: `basename $0` argument1 argument2 etc. "
	exit $E_BADARGS
	else
	echo "`basename $0` and argument lists: $*"

	string1 has not been initialized, it has no defined value

	1. Non-quote string in test brackets. Wrong results !
	> [ -n $string1 ] && echo "String1 is not null"
	-> Show "String1 is not null" --> Wrong results.
	2. Quote string within test brackets.
	> [ -n "$string1"] && echo "String1 is not null"
	-> --> This works fines
	3. string1 stands naked. Must quoting. See the following examples
	3.1 Unquoted

	tuyenntk@tuyenntk-HP:~$ docker run -d ubuntu sleep 5 >/dev/null; pscap \| grep sleep
	9002 9018 root sleep chown, dac_override, fowner, fsetid, kill, setgid, setuid, setpcap, net_bind_service, net_raw, sys_chroot, mknod, audit_write, setfcap