Our Services-Atlassian Support and Application Operation Support

 

Application Operation Service Portfolio

Welcome to our Application Operation Service Portfolio! We offer a comprehensive suite of services designed to optimize your application performance, ensure uptime, and enhance user experience. From infrastructure management and monitoring to security and compliance, we provide tailored solutions that meet your specific needs and objectives. Our team of experienced professionals understands the intricacies of modern application ecosystems and leverages best-in-class technologies to deliver reliable and scalable solutions.

Service Offerings

Infrastructure Management

We handle your entire application infrastructure, from servers and databases to networking and storage. Our expertise ensures optimal resource utilization, high availability, and seamless scalability.

Security & Compliance

We safeguard your applications and data with robust security measures, including intrusion detection, firewalls, and access control. We also ensure compliance with industry standards and regulations.

Performance Monitoring & Optimization

We continuously monitor your applications for performance bottlenecks and proactively optimize them for optimal speed and efficiency. We provide detailed reports and insights to keep you informed.

DevOps & Automation

We leverage DevOps best practices and automation tools to streamline your development and deployment processes, enabling faster delivery and improved application quality.

Our Expertise

Deep Technical Knowledge

Our team possesses deep technical expertise in a wide range of technologies, including cloud platforms, databases, operating systems, and programming languages.

Industry Best Practices

We adhere to industry best practices and standards to ensure the quality, security, and reliability of our services. We continuously update our knowledge and skills to stay ahead of the curve.

Customer-Centric Approach

We prioritize customer satisfaction and strive to build long-term partnerships. We are committed to understanding your unique needs and providing tailored solutions that exceed expectations.

How you would automate security compliance checks for your AWS infrastructure.

 To automate security compliance checks for AWS infrastructure, I would use AWS Config, AWS CloudTrail, AWS Security Hub, and AWS IAM Access Analyzer.

1. Configuration Management: Use AWS Config to track configuration changes and evaluate resource configurations against compliance rules. Implement custom Config Rules or use managed rules to ensure resources comply with security policies.
2. Audit Trails: Enable AWS CloudTrail to capture all API activity and changes within the AWS account. Use CloudTrail logs to audit and review actions taken by users and services.
3. Security Hub: Enable AWS Security Hub to provide a comprehensive view of security alerts and compliance status. Integrate with other AWS security services like GuardDuty, Inspector, and Macie for continuous threat detection and vulnerability assessments.
4. Access Control: Use IAM Access Analyzer to identify and analyze the access provided by policies to ensure that resources are not overly permissive. Regularly review and refine IAM policies.
5. Automation: Use AWS Lambda functions triggered by Config or CloudTrail events to automatically remediate non-compliant resources. For example, automatically revoke public access to S3 buckets or enforce encryption on new resources.
6. Compliance Frameworks: Use AWS Artifact to access AWS compliance reports and align your infrastructure with industry standards like GDPR, HIPAA, and PCI DSS.

By automating these security and compliance checks, the infrastructure remains secure and compliant with industry standards and organizational policies.

process and AWS services used to perform a blue/green deployment for a web application hosted on AWS

 To perform a blue/green deployment for a web application on AWS, I would use the following process and services:

1. Setup Environment:
   • Blue Environment: This is the current production environment. It includes EC2 instances, load balancers, databases, and other necessary resources.
   • Green Environment: Create an identical environment (green) to the blue environment. This will be used for the new version of the application.
2. DNS Management:
   • Amazon Route 53: Use Route 53 for DNS management and traffic routing. Configure DNS records to point to the blue environment initially.
3. Deployment:
   • AWS CodeDeploy: Use CodeDeploy to automate the deployment process. Set up a blue/green deployment group. This allows CodeDeploy to deploy the new version of the application to the green environment.
4. Testing:
   • Smoke Tests: Perform smoke tests on the green environment to ensure the new version is working as expected.
   • Load Testing: Conduct load testing to ensure the green environment can handle production traffic.
5. Switch Traffic:
   • Route 53 Traffic Shift: Update Route 53 to shift traffic from the blue environment to the green environment. This can be done gradually to monitor the new environment's performance and detect any issues early.
   • Health Checks: Configure Route 53 health checks to automatically switch back to the blue environment if the green environment fails.
6. Monitoring:
   • AWS CloudWatch: Use CloudWatch to monitor metrics, logs, and alarms for both environments during the transition.
   • AWS X-Ray: Use X-Ray for tracing and debugging the application in the green environment.
7. Rollback:
   • Instant Rollback: If any issues are detected with the green environment, use Route 53 to instantly switch back to the blue environment.
   • CodeDeploy Rollback: Use CodeDeploy’s automatic rollback feature to revert to the previous version if deployment issues are detected.
8. Cleanup:
   • Terminate Blue Environment: Once the green environment is stable and confirmed to be working correctly, decommission the blue environment or repurpose it for future deployments.

This process ensures minimal downtime and reduces the risk associated with application updates by allowing a smooth transition between environments.

Platform Engineering Team -DevOps

 

Platform Engineering team involves integrating various practices, tools, and cultural shifts to foster collaboration and efficiency between development and operations.

Some key steps and considerations typically involved:

Cultural Alignment, Automation, IaC, CI/CD, Monitoring and Logging, Containerization and Orchestration, Security, Collaborative Tools, Feedback Loops, Education and Training, Scalability and Resilience, Compliance and Governance.

By integrating these practices and cultural shifts, a Platform Engineering team can effectively implement DevOps principles to deliver value to customers faster and more reliably while improving overall operational efficiency and collaboration.

Devops interview

 Q. How you automate the whole build and release process?

Q. I have 50 jobs in the Jenkins dash board , I want to build at a time all the jobs
Q. DO you know how to install Jenkins via Docker ?
Q. My application is not coming up for some reason? How can you bring it up?
Q. How can you avoid the waiting time for the triggered jobs in Jenkins.
Q. How you handle the merge conflicts in git?
Q. I want to delete 10 days older log files. How can I?
Q. What is the job Of HTTP REST API in DevOps?
Q. Can we copy Jenkins job from one server to other server?
Q. syntax for building docker image
Q. What Are the Benefits Of Nosql?
Q. Provide few differences between DevOps and Agile

codeql-vulnerabilities across a codebase with CodeQL

Refer -CodeQL (github.com)

CodeQL Action

This action runs GitHub's industry-leading semantic code analysis engine, CodeQL, against a repository's source code to find security vulnerabilities. It then automatically uploads the results to GitHub so they can be displayed on pull requests and in the repository's security tab. CodeQL runs an extensible set of queries, which have been developed by the community and the GitHub Security Lab to find common vulnerabilities in your code.

For a list of recent changes, see the CodeQL Action's changelog.

RFP vs. RFQ vs. RFI

 https://www.procore.com/library/rfp-construction#construction-rfps-the-basics

Steps in the RFP Process

1. The owner defines the project details.

2. The owner writes and issues the RFP.

3. The owner publishes and distributes the RFP.

4. Contractors prepare their bids.

5. Contractors submit proposals.

6. The owner evaluates proposals and selects a contractor.

7. The owner and contractor negotiate the contract.

RFPs afford contractors the chance to demonstrate their qualifications and capabilities and articulate how they would deliver the highest and best value for the project.

An RFP typically consists of a project overview encompassing the scope, technical specifications, timeline and budget. It also includes submission guidelines, evaluation criteria and contractual terms. Together, these components offer vital information and guidelines that enable potential bidders to understand the project requirements, craft their proposals and effectively participate in the procurement process.

kubernetes Interview Questions

 

Kubernetes Interview Question 

Docker Kubernetes Interview Questions For Experienced

5) What is orchestration in software?

A) Application Orchestration. Application or service orchestration is the process of integrating two or more applications and/or services together to automate a process, or synchronize data in real-time. Often, point-to-point integration may be used as the path of least resistance.

6) What is a cluster in Kubernetes?

A) These master and node machines run the Kubernetes cluster orchestration system. A container cluster is the foundation of Container Engine: the Kubernetesobjects that represent your containerized applications all run on top of a cluster.

 

8) What is Openshift?

A) OpenShift Online is Red Hat’s public cloud application development and hosting platform that automates the provisioning, management and scaling of applications so that you can focus on writing the code for your business, startup, or big idea.

9) What is a namespace in Kubernetes?

A) Namespaces are intended for use in environments with many users spread across multiple teams, or projects. Namespaces are a way to divide cluster resources between multiple uses (via resource quota). In future versions of Kubernetes, objects in the same namespace will have the same access control policies by default.

10) What is a node in Kubernetes?

A) A node is a worker machine in Kubernetes, previously known as a minion. A nodemay be a VM or physical machine, depending on the cluster. Each node has the services necessary to run pods and is managed by the master components. The services on a node include Docker, kubelet and kube-proxy.

 

12) What is a Heapster?

A) Heapster is a cluster-wide aggregator of monitoring and event data. It supports Kubernetes natively and works on all Kubernetes setups, including our Deis Workflow setup.

16) What is the Kubelet?

A) Kubelets run pods. The unit of execution that Kubernetes works with is the pod. A pod is a collection of containers that share some resources: they have a single IP, and can share volumes.

17) What is Minikube?

A) Minikube is a tool that makes it easy to run Kubernetes locally. Minikube runs a single-node Kubernetes cluster inside a VM on your laptop for users looking to try out Kubernetes or develop with it day-to-day.

18) What is Kubectl?

A) kubectl is a command line interface for running commands against Kubernetes clusters. This overview covers kubectl syntax, describes the command operations, and provides common examples. For details about each command, including all the supported flags and subcommands, see the kubectl reference documentation.

19) What is KUBE proxy?

A) Synopsis. The Kubernetes network proxy runs on each node. Service cluster ips and ports are currently found through Docker-links-compatible environment variables specifying ports opened by the service proxy. There is an optional addon that provides cluster DNS for these cluster IPs.

22) Which process runs on Kubernetes master node?

A) Kube-apiserver process runs on Kubernetes master node.

23) Which process runs on Kubernetes non-master node?

A) Kube-proxy process runs on Kubernetes non-master node.

24) Which process validates and configures data for the api objects like pods, services?

A) kube-apiserver process validates and configures data for the api objects.

25) What is the use of kube-controller-manager?

A) kube-controller-manager embeds the core control loop which is a non-terminating loop that regulates the state of the system.

26) Kubernetes objects made up of what?

A) Kubernetes objects are made up of Pod, Service and Volume.

27) What are Kubernetes controllers?

A) Kubernetes controllers are Replicaset, Deployment controller.

28) Where Kubernetes cluster data is stored?

A) etcd is responsible for storing Kubernetes cluster data.

29) What is the role of kube-scheduler?

A) kube-scheduler is responsible for assigning a node to newly created pods.

30) Which container runtimes supported by Kubernetes?

A) Kubernetes supports docker and rkt container runtimes.

31) What are the components interact with Kubernetes node interface?

A) Kubectl, Kubelet, and Node Controller components interacts with Kubernetes node interface.

Q)How to monitor that a Pod is always running?

A.We can introduce probes. 

A liveness probe with a Pod is ideal in this scenario.

A liveness probe always checks if an application in a pod is running,  if this check fails the container gets restarted. 

Q:What happens when a master fails? What happens when a worker fails?

QWhat is the difference between a replica set and a replication controller?

A.rolling-update command works with Replication Controllers, but won't work with a Replica set

Q:What does chart.yaml file contains ?

Q.What happens if a Kubernetes pod exceeds its memory resources 'limit'?

A.It has 5 stages: 1) The pod state is set to "Terminating" and it will stop receiving request, 2) preStop Hook is called, 3) SIGTERM is sent to pod, 4) k8s waits during grace period, 5) SIGKILL is sent:

Q.What are the different services within Kubernetes?

A.Types of Kubernetes Services

There are five types of Services:

• ClusterIP (default): Internal clients send requests to a stable internal IP address.

• NodePort: Clients send requests to the IP address of a node on one or more nodePort values that are specified by the Service.

• LoadBalancer: Clients send requests to the IP address of a network load balancer.

• ExternalName: Internal clients use the DNS name of a Service as an alias for an external DNS name.

Headless: You can use a headless service when you want a Pod grouping, but don't need a stable IP address.

What are the different services within Kubernetes?

Answer: Different types of Kubernetes services includes

2. Cluster IP service

3. Node port service

4. External name creation service

5.Load balancer service

$kubectl_logs = az aks get-credentials --resource-group myResourceGroup --name myAKSCluster kubectl logs --all-namespaces --tail=100

This will list the last 100 lines of all the logs for your current Kubernetes environment, which you can then analyze to determine any abnormality in your system.

kubectl edit pod <pod-name>

kubectl scale deployment deploymentname --replicas=5

kubectl edit pod <pod-name>

or

kubectl scale deployment <deployment-name> --replica=5

or edit the yaml file with the required things and run

kubectl apply -f deploy.yaml

kubectl run deployment name --dry-run=client -o yaml > pod

How To Create AWS VPC Using Terraform

 References: https://www.geeksforgeeks.org/create-aws-vpc-using-terraform/

Steps To Create AWS VPC Using Terraform

Step 1: First mention the provider and region in which you want to create VPC.

provider.tf

provider "aws" {
    region = "us-east-1"
}

Step 2 : Create a VPC . Here mention the CIDR block and give a name to the VPC .

create_vpc.tf

resource "aws_vpc" "main" {
  cidr_block       = "10.0.0.0/16"
  instance_tenancy = "default"

  tags = {
    Name = "vpc"
  }
}

Step 3 : Then create a subnet inside the VPC .

subnet.tf

resource "aws_subnet" "main" {
  vpc_id     = aws_vpc.main.id
  cidr_block = "10.0.1.0/24"
  map_public_ip_on_launch=true
  tags = {
    Name = "Public-Subnet"
  }
}

Step 4 : But the subnet is isolated now . If you create an EC2 instance inside this subnet then you can not connect the EC2 instance as it is present in an isolated environment . So you need an internet gateway .

internet_gateway.tf

resource "aws_internet_gateway" "igw" {
  vpc_id = aws_vpc.main.id

  tags = {
    Name = "IGW"
  }
}

Step 5 : Create a route table and associate the route table with subnet . Here in the route all the traffic is passed through internet gateway .

route_table.tf

resource "aws_route_table" "rt" {
  vpc_id = aws_vpc.main.id

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.igw.id
  }

  tags = {
    Name = "route_table"
  }
}

route_subnet_association.tf

resource "aws_route_table_association" "a" {
  subnet_id      = aws_subnet.main.id
  route_table_id = aws_route_table.rt.id
}

Step 6 : After this execute all these terraform files using the below commands one by one .

terraform init
terraform plan
terraform apply

Step 7: Check on your AWS console whether the VPC is created or not

Now if you want to delete all the resources created through terraform , then write this command .

terraform destroy

Conclusion

Here first we learned basics about AWS VPC and terraform . Then followed the steps to create an AWS VPC . Here inside the VPC we have created a public subnet , an internet gateway which helps the traffic to go in and out of the subnet and finally created a route table and associated with the subnet .

AWS VPC Using Terraform – FAQ’s

1. What is a subnet in VPC ?

When you are creating a VPC you provide a CIDR block (a range of IP address) . Like that , in subnet we provide a segment of IP addresses which helps the VPC to organize and manage its IP addresses .

2. What are NAT gateways used for ?

NAT gateways are used to give internet connectivity to the resources which are created using private subnet .

3. How public subnet is different from private subnet ?

Public subnet access internet(in and out) by using Internet gateway . But private subnets does not not use internet gateway to access internet , rather here NAT gateways are used for outbound internet access . We can not connect private subnet from outside .

4. How to ensure that EC2 instance inside the VPC gets internet connectivity ?

To ensure EC2 instance gets internet connectivity , you should place the instance in a public subnet that has a route to internet gateway in its route table.

5. What is the use of route table in VPC ?

Route table contains a set of routes which is used to determine where network traffic should be directed in the VPC .

Nice SRE GUIDE

 https://www.rajeshkumar.xyz/blog/sre-director-complete-guide/

How to expedite deployments

 To expedite deployments while maintaining control and governance in a CI/CD pipeline with manual approval gates, the following approaches can be considered:

1. Implement Approval Bots: These are automated tools that mimic human actions to facilitate approvals. By sending notifications and requests, bots can speed up the approval process and remove potential bottlenecks.

2. Implement Threshold-Based Automation: If certain approvals often follow similar decisions (e.g., green lights for minor changes), automate these approvals for quicker deployment.

3. Process Segmentation and Parallelization: If stages can be divided, automate each stage independently. This way, even if one stage needs manual approval, the pipeline can continue processing the other stages concurrently.

4. Automated Testing: Implement thorough automated testing to reduce the need for manual checks at later stages. This helps prevent issues that would otherwise require manual intervention, thus minimizing delays.

5. Implement Guard Rails: Introduce checks throughout the pipeline to ensure that only changes meeting required standards can proceed. This prevents faulty code or configuration mistakes from reaching the production stage.

6. Rollback Mechanisms: Ensure that the pipeline includes rollback mechanisms, making it easy and quick to revert changes if issues are discovered during deployment.

Python interview

 Some references

For coding questions:Python Interview Coding Questions with Solutions for Beginners | by Nikita Silaparasetty | Medium

Top Python Interview Questions and Answers (2024) - InterviewBit

list of common AWS error status codes and their meanings

 AWS (Amazon Web Services) utilizes HTTP status codes to indicate the success or failure of API requests. Here is a list of common AWS error status codes and their meanings:

Client-Side Errors (4xx)

1. 400 Bad Request:
• Meaning: The request was invalid or cannot be served. The exact error should be explained in the error payload.
• Possible Causes: Invalid parameters, missing required parameters, or malformed request syntax.
2. 401 Unauthorized:
• Meaning: Authentication is required and has failed or has not been provided.
• Possible Causes: Missing or invalid AWS credentials, or lack of permissions.
3. 403 Forbidden:
• Meaning: The request was valid, but the server is refusing action.
• Possible Causes: Insufficient permissions to access the resource or action.
4. 404 Not Found:
• Meaning: The requested resource could not be found.
• Possible Causes: Incorrect resource identifier (e.g., wrong bucket name in S3).
5. 405 Method Not Allowed:
• Meaning: The method specified in the request is not allowed for the resource.
• Possible Causes: Using GET on a resource that requires POST.
6. 409 Conflict:
• Meaning: The request could not be completed due to a conflict with the current state of the resource.
• Possible Causes: Resource already exists or resource is being modified concurrently.
7. 412 Precondition Failed:
• Meaning: One or more conditions given in the request header fields evaluated to false when tested on the server.
• Possible Causes: Conditional request failed, such as an ETag check.
8. 429 Too Many Requests:
• Meaning: The user has sent too many requests in a given amount of time.
• Possible Causes: Exceeding the API rate limit.

Server-Side Errors (5xx)

1. 500 Internal Server Error:
• Meaning: The server encountered an unexpected condition that prevented it from fulfilling the request.
• Possible Causes: Internal server issues, temporary issues with the AWS service.
2. 502 Bad Gateway:
• Meaning: The server, while acting as a gateway or proxy, received an invalid response from the upstream server.
• Possible Causes: Temporary issues with the AWS service or network issues.
3. 503 Service Unavailable:
• Meaning: The server is currently unable to handle the request due to temporary overloading or maintenance of the server.
• Possible Causes: Service outage, service throttling, or maintenance.
4. 504 Gateway Timeout:
• Meaning: The server, while acting as a gateway or proxy, did not receive a timely response from the upstream server.
• Possible Causes: Timeout issues, latency in upstream servers.
5. 507 Insufficient Storage:
• Meaning: The server is unable to store the representation needed to complete the request.
• Possible Causes: Insufficient storage available.

Specific AWS Error Codes

AWS also provides specific error codes in the response body for more detailed information. Here are a few common ones:

1. AccessDenied:
• Meaning: Access to the resource is denied.
• Possible Causes: Lack of permissions, policies preventing access.
2. NoSuchBucket:
• Meaning: The specified bucket does not exist.
• Possible Causes: Incorrect bucket name or bucket has been deleted.
3. InvalidAccessKeyId:
• Meaning: The AWS access key ID provided does not exist in our records.
• Possible Causes: Incorrect access key, revoked access key.
4. SignatureDoesNotMatch:
• Meaning: The request signature we calculated does not match the signature you provided.
• Possible Causes: Incorrect secret key, incorrect signing process.
5. ThrottlingException:
• Meaning: Request rate is too high.
• Possible Causes: Exceeding the API rate limit.

Understanding these status codes and error messages can help diagnose and resolve issues when interacting with AWS services.

Here is a list of some of the more common Amazon Web Services (AWS) error status codes and their meanings:

    - 200 OK - The request was successful and the resource was created or updated.

    - 400 Bad Request - The request was malformed or incomplete, and the server could not understand it.

    - 401 Unauthorized - The request was made with invalid credentials or without proper authorization, and the server rejected it.

    - 403 Forbidden - The request was made to a resource that the user does not have permission to access.

    - 404 Not Found - The requested resource could not be found, either because it does not exist or because the user does not have permission to view it.

    - 409 Conflict - The request caused a conflict with another ongoing process, and the server could not complete it.

    - 410 Gone - The resource is no longer available, either because it has been deleted or because the user does not have permission to view it.

    - 415 Unsupported Media Type - The request was made with an improper media type, and the server could not process it.

    - 416 Invalid Range - The request was made with an invalid range or duration, and the server could not process it.

    - 500 Internal Server Error - The server encountered an internal error and could not complete the request.

    - 503 Service Unavailable - The service was unavailable at the moment the request was made, and the server could not complete it.

    - 504 Gateway Timeout - The gateway or server was busy and could not immediately process the request.

    - 505 Too Many Requests - The user made too many requests in a given period of time, and the server rejected them all.

    - 507 Insufficient Storage - The request could not be completed because the user's account did not have enough free storage space.

    - 508 Resource Exhausted - The request could not be completed because the resource was exhausted or unavailable.

    - 511 Too Many Users - The system was overloaded with too many users at the moment the request was made, and the server could not complete it.

    - 512 Too Many Connections - The system was overloaded with too many connections at the moment the request was made, and the server could not complete it.

    - 513 Slow Request - The request took too long to complete, and the server returned a  slow down message.

    - 514 Too Many Queries - The user made too many queries in a given period of time, and the server rejected them all.

    - 515 Bad Query - The user made a bad or malformed query, and the server could not understand it.

    - 516 Too Many Results - The search engine returned too many results for the given query, and the server stopped processing it.

    - 517 Insufficient Memory - The request could not be completed because the user's account did not have enough free memory space.

    - 518 Resource Not Found - The resource was not found or could not be accessed, and the server returned a  not found message.

    - 519 Slow Client - The client or script took too long to complete the request, and the server returned a  slow down message.