Security groups are a great way to limit access to your server in IBM Cloud. However, if you are just setting up your server, make sure you don’t inadvertently block traffic so that you can’t do anything.
Case in point: you may set allow_all in a security group. You might think that would allow all traffic in and out of your server. However, allow_all will block some traffic still from leaving your server. I was not able to ping 220.127.116.11 or reach other traffic on my Windows VSI when I had this setting.
According to IBM support: “When setting security groups for servers you need to have an equal relationship of ingress (inbound) and egress (outbound) traffic in order to succeed in a proper connection. You would need the allow_all and the allow_outbound group to achieve this.”
Since April, here are a ton of links I found useful while doing my work. Lots of good stuff on Kubernetes and Cloud (both IBM’s and AWS’s); some cool hardware links; some worthwhile software links. Plus other things! Check it out.
Kubernetes: plenty of good things here to explore if you are doing things with Kubernetes like I was:
Terraform: Relatedly, I was doing work with Terraform and these were useful:
IBM Cloud: one of the two clouds I have been working with. Alot of the work was Kubernetes on IBM Cloud so you’ll see some overlap:
AWS: I work on alot of cloud providers. Mostly IBM Cloud but others like AWS
Software: some of these were work related, but some are more hobby oriented.
Hardware: the pickings are few here
Finally: here are an odd assortment of things worthwhile:
If you are looking for a way to gain knowledge in a lot of different ways (Kubernetes including ingress, services, and COS as a way to holding information, plus Terraform and more) then I recommend this article.
It has a link to a repo you can use that had 2 issues at the time, so I forked a copy and in the meantime to fix the issues. You can get it here.
What’s nice about this is it comes with some shell scripts that use terraform to build and configure the cluster. It’s a good way to learn many things at the same time. Recommended.
IBM has numerous free products in its Cloud Service, and you can find them, here.
One I recommend especially is the Kubernetes Service. You can create a free cluster and learn a lot about both IBM Cloud and Kubernetes by using this.
If you aren’t sure where to start, I put together a github repo to help you get started. It gives you all the information you need, so you can go from a simple web page or node.js app on your own machine to having it up and running on the IBM Kubernetes service. You can find it here: blm849/networkcontainertesting: a simple way to test connectivity in and out of a container.
It’s up to date as of May, 2022. While there are plenty of tutorials out there, you may want to see if they are up to date. For example, some features may be deprecated.
Drop me a comment if you have any feedback. Good luck!
Last week I encouraged you to consider your naming standards before adding services. This week I’d like to encourage you to use tags as well to help you manage your IBM Cloud environment.
As this piece from the IBM Cloud Docs on Working with tags explains, you can use tags to
organize, track usage costs, and even manage access to your resources. You can tag related resources and view them throughout your account by filtering by tags from your resource list. To see a full list of tags in your account, go to Manage > Account in the IBM Cloud® console, and select Tags. You can apply user tags to organize your resources and easily find them later or help you with identifying specific team usage or cost allocation. By creating access management tags, you can control access to your resources without requiring updates to your IAM policies.
Here’s some examples, partially taken from the same piece:
- Use tags to identify or even manage access to your development environment, not to mention QA, UAT, Production and DR
- Use tags to identify or even manage access to a project: project:lw-wizard, app:poc-app
- Use tags to define compliance requirements: dataresidency:germany, compliance:hipaa, compliance:pii
- Use tags to help you automate optimization: schedule:24×7, maxruntime:12days
So use tags: your IBM cloud environment will be easier to operate if you do.
For more on this, here’s a good blog post on tags, here: Characteristics of User and Access Tags on IBM Cloud | IBM
And this piece in IBM Cloud Docs is a good tutorial that will guide you:
…through the steps to centrally manage access to the resources in your account at scale (using tags). By completing this tutorial, you learn how to create an access management tag, add the tag to selected resources, and define a policy to assign access to resources based on the tags on those resources.
Good stuff. Start using tags more and you will find it much easier to manage your resources in the IBM Cloud. If you are unsure, start with a few for now (e.g. tag your production environment, tag resources belong to specific groups). You’ll start to see the benefits soon.
Before adding services to your IBM Cloud environment, consider adopting a naming standard for them. By default IBM Cloud services will give them a unique name (e.g.IBM Log Analysis-4g, DB2-r0). While that may be fine, giving them a name that clearly identifies their role and service (e.g. DB2-Development, IBM Log Analysis for Production) helps the support teams do their job easier. It can also help later if you are deciding to pare back services. If you have 10 instances of DB2 or 100 devices, clear naming standards will also help you decide which ones to delete and which ones to keep.