Monthly Archives: May 2021

A New Road Ahead…

Where I’ve Been

Since January 1, 2012 I’ve been the principal consultant at Centino Systems. Jokingly, I refer to myself as The Centino of Systems. I learned a lot of lessons running my own business. Such as how to be a consultant and also how to scale the business even as the only employee/consultant. There’s been ups and downs, successes and failures and I couldn’t be more happy with how things went. The first phase of Centino Systems I learned how to build a consulting practice. Then in the second phase I learned how to scale Centino Systems by focusing on training. I blogged a bunch, produced 21 courses at Pluralsight, co-authored three books (with one more on the way), and numerous corporate and conference sessions and workshops focusing on Linux, SQL Server and of course Kubernetes.

What’s Next

Over the past few years I kept my eye on Pure Storage. Pure builds rocket fast storage systems that I’ve used as the backbone to many SQL Server systems that I’ve built and supported in my consulting practice. Using Pure solutions in my consulting practice exposed me to the technology and the people. Both of which are incredible.

One thing lead to another and starting in July, I am joining Pure Storage as a Principal Field Solution Architect focusing on SQL Server and emerging technologies like Azure Arc-enabled Data Services and deploying SQL Server on Kubernetes. I’m going get to work on bigger and harder challenges, helping customers and Pure Engineering build solutions to solve those challenges. I will remain active in the SQL and PowerShell communities talking about the technologies I enjoy working with. Further, I will continue to produce courses at Pluralsight again focusing on Azure, SQL, PowerShell and of course Kubernetes.

The People

In addition to the technology and challenges ahead, the next reason I want to join Pure it to work with a collection of very talented people. I get to work with of some the best people in our industry. I’ll be fortunate to work with SQL community leaders Argenis Fernandez, Chris Adkin, Marsha Pierce, Melody Zacharias among many others…I have been able to call you friends…and now co-workers. I’m really looking forward to the next phase of my career.

Testing for Specific Versions of TLS Protocols Using curl

Ever need to set your web server a specific protocol version of TLS for web servers and need a quick way to test that out to confirm? Let’s check out how to use curl to go just that.

This code here uses curl with the parameters --tlsv1.1 --tls-max 1.1, which will force the max TLS protocol version to 1.1. Using the --verbose parameter gives you the ability to see the TLS handshake and get the output sent to standard out.

The webserver here has a policy that allows only TLS version 1.2+. So in the output, when forcing curl to use TLS version 1.1, the SSL_connect fails since the webserver only permits 1.2+

curl https://www.notarealurl.com --verbose  --tlsv1.1 --tls-max 1.1
*   Trying 52.173.202.109...
* TCP_NODELAY set
* Connected to www.notarealurl.com (1.2.3.4) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.1 (OUT), TLS handshake, Client hello (1):
* LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.notarealurl.com:443 
* Closing connection 0
curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.notarealurl.com:443 

Now, let’s tell curl to use TLS protocol version of 1.2 with the parameters --tlsv1.2 --tls-max 1.2 and see if we can successfully access the webserver. The output below shows a successful TLS 1.2 TLS handshake and some output from the webserver.

curl https://www.notarealurl.com --verbose  --tlsv1.2 --tls-max 1.2
*   Trying 52.173.202.109...
* TCP_NODELAY set
* Connected to www.notarealurl.com (1.2.3.4) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: C=US; ST=ILLINOIS; L=CHICAGO; O=IT; CN=www.notarealurl.com
*  start date: May 14 00:00:00 2020 GMT
*  expire date: Jul  6 12:00:00 2022 GMT
*  subjectAltName: host "www.notarealurl.com" matched cert's "www.notarealurl.com"
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
*  SSL certificate verify ok.
> GET / HTTP/1.1
> Host: www.notarealurl.com
> User-Agent: curl/7.64.1
> Accept: */*
> 
< HTTP/1.1 301 Moved Permanently
< Content-Type: text/html; charset=UTF-8
< Location: https://notarealurl.com/
< Server: Microsoft-IIS/10.0
< Set-Cookie: ApplicationGatewayAffinity=ca74a2f7c1dea41a8e5010ecf6deda4f944f5539661e08399d8fae0062592401;Path=/;Domain=www.notarealurl.com
< Set-Cookie: ApplicationGatewayAffinityCORS=ca74a2f7c1dea41a8e5010ecf6deda4f944f5539661e08399d8fae0062592401;Path=/;Domain=www.notarealurl.com;SameSite=None;Secure
< Date: Thu, 20 May 2021 13:48:14 GMT
< Content-Length: 148
< 
<head><title>Document Moved</title></head>
* Connection #0 to host www.notarealurl.com left intact
<body><h1>Object Moved</h1>This document may be found <a HREF="https://notarealurl.com/">here</a></body>* 
Closing connection 0

Updated Pluralsight Course – Managing the Kubernetes API Server and Pods

My updated course “Managing the Kubernetes API Server and Pods” in now available on Pluralsight here! If you want to learn about the course, check out the trailer here or if you want to dive right in check it out here

This course targets IT professionals that design and maintain Kubernetes and container based solutions. The course can be used by both the IT pro learning new skills and the system administrator or developer preparing for using Kubernetes both on premises and in the Cloud.

Let’s take your Kubernetes administration and configuration skills to the next level and get you started now!

Key updates to the course include:

  • Using kubectl command options to create workloads and build YAML manifest templates fast such as --dry-run

  • Working with Static Pods

  • Working with Init Containers

  • Managing Pod health with Container Probes

The modules of the course are:

  • Using the Kubernetes API – In this module we dive into the Kubernetes API and the API server. We take a closer look at the API itself, API objects, and the internals of the API server. Next up is we look at working with Kubernetes objects. Looking at the types of objects available, how to use them, looking closely at how we define objects, Kubernetes API groups, and also how the API server itself is versioned. Then we wrap up the module with a deep dive into the anatomy of an API request, where we look closely at what happens when we submit a request into the API server.

  • Managing Objects with Labels, Annotations, and Namespaces – In this module, we discuss organizing objects in Kubernetes, and the techniques to organize objects such as namespaces, labels, and annotations. Once we have those principles behind us, we learn how Kubernetes uses labels to manage critical system functions such as managing Services, controlling Deployments, and workload scheduling in our cluster.

  • Running and Managing Pods – Dig into the fundamental workload element and learn how to run and manage Pods. In this module, we start the conversation off with understanding Pods and why we need this abstraction of a Pod around our container‑based application. Then we look at the interoperation between controllers like Deployments and Replica Sets and Pods themselves and learn why we need such a construct. We look at multi‑container Pods where we have multiple containers resident inside of a single Pod and why we would use something like that in our container‑based application deployments. And then we wrap up the conversation with managing Pod health with probes where we can give Kubernetes a little more information about the health of our application so that it can make good decisions on how to react in certain scenarios with regards to our applications that we’re deploying in Pods.

Check out the course at Pluralsight!

Availability Group StatusNewImage 3