├── .gitignore ├── docs ├── .gitignore ├── kcna │ ├── practical-exercises.md │ ├── questions.md │ └── kubernetes-the-hard-way.md ├── gitbook │ ├── images │ │ ├── favicon.ico │ │ └── apple-touch-icon-precomposed-152.png │ ├── fonts │ │ └── fontawesome │ │ │ ├── FontAwesome.otf │ │ │ ├── fontawesome-webfont.eot │ │ │ ├── fontawesome-webfont.ttf │ │ │ ├── fontawesome-webfont.woff │ │ │ └── fontawesome-webfont.woff2 │ ├── gitbook-plugin-search │ │ ├── search.css │ │ ├── search-engine.js │ │ ├── search.js │ │ └── lunr.min.js │ ├── gitbook-plugin-lunr │ │ ├── search-lunr.js │ │ └── lunr.min.js │ ├── gitbook-plugin-sharing │ │ └── buttons.js │ ├── gitbook-plugin-highlight │ │ └── ebook.css │ └── gitbook-plugin-fontsettings │ │ ├── fontsettings.js │ │ └── website.css ├── .gitpod.yml ├── package.json ├── developer-associate │ └── practical-exercises.md ├── advanced-networking │ ├── 3-design-and-implement-aws-networks.md │ └── 2-networking-refresher.md ├── cloud-practitioner │ └── exam-prep.html └── sysops-associate │ └── 1-priorart.html ├── kcna ├── practical-exercises.md ├── questions.md ├── extra-reading.md ├── kubernetes-the-hard-way.md └── notes.md ├── .gitpod.yml ├── cloud-practitioner ├── exam-prep.md ├── extra-reading.md ├── 1-intro.md ├── practical-exercises.md ├── 4-security-cloud.md ├── 3-billing-and-pricing.md └── 2-cloud-concepts.md ├── package.json ├── sysops-associate ├── 1-priorart.md ├── 8-automation.md ├── extra-reading.md ├── exam-prep.md ├── 6-security.md ├── 5-storage.md ├── 4-elasticity-and-scale.md ├── 3-provisioning.md ├── 2-monitoring.md └── 7-networking.md ├── developer-associate ├── extra-reading.md ├── practical-exercises.md ├── exam-prep.md └── services.md ├── README.md ├── comptia cloud+ └── index.md ├── comptia-network+ └── index.md ├── well-architected └── the-framework.md ├── comptia-a+ └── index.md ├── advanced-networking ├── 3-design-and-implement-aws-networks.md ├── index.md └── 2-networking-refresher.md └── SUMMARY.md /.gitignore: -------------------------------------------------------------------------------- 1 | node_modules 2 | _book 3 | 4 | -------------------------------------------------------------------------------- /docs/.gitignore: -------------------------------------------------------------------------------- 1 | node_modules 2 | _book 3 | 4 | -------------------------------------------------------------------------------- /kcna/practical-exercises.md: -------------------------------------------------------------------------------- 1 | 2 | - Learn more about tmux: https://github.com/tmux/tmux/wiki -------------------------------------------------------------------------------- /docs/kcna/practical-exercises.md: -------------------------------------------------------------------------------- 1 | 2 | - Learn more about tmux: https://github.com/tmux/tmux/wiki -------------------------------------------------------------------------------- /docs/gitbook/images/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/loujaybee/cloud-exam-notes/HEAD/docs/gitbook/images/favicon.ico -------------------------------------------------------------------------------- /docs/gitbook/fonts/fontawesome/FontAwesome.otf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/loujaybee/cloud-exam-notes/HEAD/docs/gitbook/fonts/fontawesome/FontAwesome.otf -------------------------------------------------------------------------------- /docs/gitbook/fonts/fontawesome/fontawesome-webfont.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/loujaybee/cloud-exam-notes/HEAD/docs/gitbook/fonts/fontawesome/fontawesome-webfont.eot -------------------------------------------------------------------------------- /docs/gitbook/fonts/fontawesome/fontawesome-webfont.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/loujaybee/cloud-exam-notes/HEAD/docs/gitbook/fonts/fontawesome/fontawesome-webfont.ttf -------------------------------------------------------------------------------- /docs/gitbook/fonts/fontawesome/fontawesome-webfont.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/loujaybee/cloud-exam-notes/HEAD/docs/gitbook/fonts/fontawesome/fontawesome-webfont.woff -------------------------------------------------------------------------------- /docs/gitbook/fonts/fontawesome/fontawesome-webfont.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/loujaybee/cloud-exam-notes/HEAD/docs/gitbook/fonts/fontawesome/fontawesome-webfont.woff2 -------------------------------------------------------------------------------- /docs/gitbook/images/apple-touch-icon-precomposed-152.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/loujaybee/cloud-exam-notes/HEAD/docs/gitbook/images/apple-touch-icon-precomposed-152.png -------------------------------------------------------------------------------- /.gitpod.yml: -------------------------------------------------------------------------------- 1 | tasks: 2 | - name: Start development environment 3 | init: yarn install && yarn run build 4 | command: yarn serve 5 | - name: Bash 6 | command: echo 'Your commands here!' 7 | openMode: split-right 8 | 9 | ports: 10 | - port: 4000 11 | onOpen: open-preview -------------------------------------------------------------------------------- /docs/.gitpod.yml: -------------------------------------------------------------------------------- 1 | tasks: 2 | - name: Start development environment 3 | init: yarn install && yarn run build 4 | command: yarn serve 5 | - name: Bash 6 | command: echo 'Your commands here!' 7 | openMode: split-right 8 | 9 | ports: 10 | - port: 4000 11 | onOpen: open-preview -------------------------------------------------------------------------------- /cloud-practitioner/exam-prep.md: -------------------------------------------------------------------------------- 1 | 2 | # Exam Prep 3 | 4 | ## Plan (with Dates) 5 | 6 | - 19th - 25% Content 7 | - 24th - 50% Content 8 | - 25-26th - 100% Content 9 | - 26th-1st - Everything Remaining / Exam Tips 10 | 11 | ## About The Exam 12 | 13 | - 90 Minutes 14 | - 65 Questions 15 | - 3 Year Validity 16 | -------------------------------------------------------------------------------- /kcna/questions.md: -------------------------------------------------------------------------------- 1 | 2 | - https://github.com/kelseyhightower/kubernetes-the-hard-way/blob/master/docs/04-certificate-authority.md#the-admin-client-certificate refers to an `admin` certificate. What is `admin` in this context? 3 | - Better understanding of https://www.freedesktop.org/wiki/Software/systemd/ and https://en.wikipedia.org/wiki/Cgroups -------------------------------------------------------------------------------- /docs/kcna/questions.md: -------------------------------------------------------------------------------- 1 | 2 | - https://github.com/kelseyhightower/kubernetes-the-hard-way/blob/master/docs/04-certificate-authority.md#the-admin-client-certificate refers to an `admin` certificate. What is `admin` in this context? 3 | - Better understanding of https://www.freedesktop.org/wiki/Software/systemd/ and https://en.wikipedia.org/wiki/Cgroups -------------------------------------------------------------------------------- /kcna/extra-reading.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | - Understanding the etcd algorithm / raft 4 | - https://en.wikipedia.org/wiki/Consensus_(computer_science) 5 | - https://en.wikipedia.org/wiki/Paxos_(computer_science) 6 | - http://thesecretlivesofdata.com/raft/ 7 | - https://raft.github.io/raft.pdf 8 | - OCI Image Manifest Specification 9 | - https://github.com/opencontainers/image-spec/blob/main/manifest.md -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "cloud-exam-notes", 3 | "version": "1.0.0", 4 | "main": "index.js", 5 | "author": "Lou Bichard ", 6 | "license": "MIT", 7 | "scripts": { 8 | "build": "gitbook build . docs", 9 | "serve": "gitbook serve" 10 | }, 11 | "dependencies": { 12 | "gitbook-cli": "github:gengjiawen/gitbook-cli" 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /docs/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "cloud-exam-notes", 3 | "version": "1.0.0", 4 | "main": "index.js", 5 | "author": "Lou Bichard ", 6 | "license": "MIT", 7 | "scripts": { 8 | "build": "gitbook build . docs", 9 | "serve": "gitbook serve" 10 | }, 11 | "dependencies": { 12 | "gitbook-cli": "github:gengjiawen/gitbook-cli" 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /sysops-associate/1-priorart.md: -------------------------------------------------------------------------------- 1 | 2 | # Part 0: Prior Art 3 | 4 | ## OSI Layer Model 5 | * Conceptual framework (not enforced) 6 | * Physical — Cables, voltage, plugs. 7 | * Data Link — Switches and routers 8 | * Network — Packet forwarding 9 | * Transport — TCP / IP 10 | * Session — Connection between two machines. 11 | * Presentation — Translation between application and network (i.e encryption). 12 | * Application — A web browser, or applications. 13 | -------------------------------------------------------------------------------- /developer-associate/extra-reading.md: -------------------------------------------------------------------------------- 1 | ## Further Reading 2 | - [Complete CI/CD with AWS CodeCommit, AWS CodeBuild, AWS CodeDeploy, and AWS CodePipeline](https://aws.amazon.com/blogs/devops/complete-ci-cd-with-aws-codecommit-aws-codebuild-aws-codedeploy-and-aws-codepipeline/) 3 | - [The Case For And Against Cognito](https://theburningmonk.com/2021/03/the-case-for-and-against-amazon-cognito/) 4 | - [CloudFormation Macro's](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-macros.html) 5 | - [The DynamoDB Book](https://www.dynamodbbook.com/) -------------------------------------------------------------------------------- /cloud-practitioner/extra-reading.md: -------------------------------------------------------------------------------- 1 | 2 | # Extra Reading 3 | 4 | ## Whitepaper: AWS Overview 5 | 6 | [AWS Overview](https://d0.awsstatic.com/whitepapers/aws-overview.pdf) 7 | 8 | // TODO: 👷‍♀ Go through this whitepaper 9 | 10 | ## Whitepaper: AWS Cloud Best Practices 11 | 12 | [Cloud Best Practices](https://d1.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf) 13 | 14 | // TODO: 👷‍♀ Go through this whitepaper 15 | 16 | ## Whitepaper: AWS Pricing Overview 17 | 18 | ✅ [Pricing Overview](http://d1.awsstatic.com/whitepapers/aws_pricing_overview.pdf) 19 | -------------------------------------------------------------------------------- /sysops-associate/8-automation.md: -------------------------------------------------------------------------------- 1 | ## CloudFormation 2 | 3 | * CloudFormation takes JSON/YAML config and calls AWS API to create resources. 4 | * Save time configuring automation manually 5 | * Can be used to rollback or delete an entire stack 6 | 7 | ### Optional fields 8 | 9 | * **Description** — Overview of your stack 10 | * **Metadata** — Data about your stack 11 | * **Parameters** — Values to pass into a template (can be validated with “allowed values”) 12 | * **Conditions** — Allows you to wrap resource creation based on conditions 13 | * **Transform** — Can reference snippets code from outside of the template (i.e S3) 14 | -------------------------------------------------------------------------------- /developer-associate/practical-exercises.md: -------------------------------------------------------------------------------- 1 | ## Hands On 2 | - Set up your own self-signed certificate 3 | - Network debugging (VPC flow logs) 4 | - Create your own Bastion in example corp (https://github.com/openupthecloud/example-corp) 5 | - Update example corp with networking (https://github.com/openupthecloud/example-corp) 6 | - EC2: Use session manager to log into EC2 server 7 | - EB: Download the EB CLI and use for AWS 8 | - DDB: Setup different indexes and query them 9 | - Cognito: Authenticate the user 10 | - CD: Use CodeDeploy to deploy EC2 instances 11 | - CB: Run a code build pipeline 12 | - SF: Create your own step-functions example project -------------------------------------------------------------------------------- /kcna/kubernetes-the-hard-way.md: -------------------------------------------------------------------------------- 1 | 2 | * [A Cloud Guru](https://learn.acloud.guru/course/8832e727-9101-4785-8ea6-e8057ad62f69/learn/108f9f86-bcc4-48bb-a6f9-61ab3d0697be/c679060d-5948-48f9-a80e-ac14630086f5/watch) 3 | * [Course](https://github.com/kelseyhightower/kubernetes-the-hard-way) 4 | * [Kubernetes The Hard Way](https://www.youtube.com/watch?v=NvQY5tuxALY) 5 | 6 | ## Architecture 7 | 8 | ## CFSSL 9 | 10 | `cfssl` is cloudflares PKI/TLS utility. 11 | `cfssljson` takes JSON output from `cfssl` and writes certificates, keys, CSR's and bundles to disk 12 | `.csr` extension (certificate signing request includes public key, company and domain name) -------------------------------------------------------------------------------- /docs/developer-associate/practical-exercises.md: -------------------------------------------------------------------------------- 1 | ## Hands On 2 | - Set up your own self-signed certificate 3 | - Network debugging (VPC flow logs) 4 | - Create your own Bastion in example corp (https://github.com/openupthecloud/example-corp) 5 | - Update example corp with networking (https://github.com/openupthecloud/example-corp) 6 | - EC2: Use session manager to log into EC2 server 7 | - EB: Download the EB CLI and use for AWS 8 | - DDB: Setup different indexes and query them 9 | - Cognito: Authenticate the user 10 | - CD: Use CodeDeploy to deploy EC2 instances 11 | - CB: Run a code build pipeline 12 | - SF: Create your own step-functions example project -------------------------------------------------------------------------------- /docs/kcna/kubernetes-the-hard-way.md: -------------------------------------------------------------------------------- 1 | 2 | * [A Cloud Guru](https://learn.acloud.guru/course/8832e727-9101-4785-8ea6-e8057ad62f69/learn/108f9f86-bcc4-48bb-a6f9-61ab3d0697be/c679060d-5948-48f9-a80e-ac14630086f5/watch) 3 | * [Course](https://github.com/kelseyhightower/kubernetes-the-hard-way) 4 | * [Kubernetes The Hard Way](https://www.youtube.com/watch?v=NvQY5tuxALY) 5 | 6 | ## Architecture 7 | 8 | ## CFSSL 9 | 10 | `cfssl` is cloudflares PKI/TLS utility. 11 | `cfssljson` takes JSON output from `cfssl` and writes certificates, keys, CSR's and bundles to disk 12 | `.csr` extension (certificate signing request includes public key, company and domain name) -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | # Cloud Exams 3 | 4 | ## Workflow 5 | 6 | How I'm marking which modules to do next: 7 | 8 | * ✅ — Done! 9 | * ☑️ — Written up, but not formatted 10 | * 🔵 — For Later 11 | 12 | ## Course Overview 13 | 14 | * [AWS Advanced Networking](https://learn.acloud.guru/course/aws-certified-advanced-networking-specialty/dashboard) 15 | * [AWS SysOps Associate](https://learn.acloud.guru/course/aws-certified-sysops-administrator-associate-2019/dashboard) 16 | * [AWS Security Specialty](https://acloud.guru/learn/aws-certified-security-specialty) 17 | * [Well Architected](https://acloud.guru/learn/aws-well-architected-framework) 18 | 19 | ## Progress 20 | 21 | * ✅ Cloud Practitioner: 1st May 2020 22 | * ✅ SysOps Associate: 1st June 2020 23 | * 🔵 Developer Associate: 1st August 2020 24 | * 🔵 Systems Architect Associate: 1st September 2020 25 | * 🔵 DevOps Professional: ... 26 | * 🔵 Systems Architect Professional: ... 27 | -------------------------------------------------------------------------------- /comptia cloud+/index.md: -------------------------------------------------------------------------------- 1 | 2 | ## Alternative Clouds 3 | 4 | 1. Openstack 5 | 2. Cloudify.co 6 | 3. Co Construct 7 | 4. cloudbolt.io 8 | 9 | ## Capacity, Elasticity and Support Agreement 10 | 11 | - Chargeback for internal IT resources 12 | - Terminal servers 13 | 14 | ## Public Cloud 15 | 16 | - Used by public consumers (anyone can create an account) to work with the service provider. 17 | 18 | ## Private Cloud and bare metal 19 | 20 | - VMWare, Microsoft Hyper V, Nutanix, Citrix, Openstack. 21 | - Needs to be overprovisioned to create the benefits of cloud to create the on-demand nature of the cloud. 22 | 23 | ## Single Server (Monolith?) 24 | 25 | - Having all of your cloud on a single server (I've never heard of this...). This feels out of touch? 26 | 27 | ## Community Cloud 28 | 29 | - More like SaaS, not sure why this is relevant. 30 | 31 | ## Hybrid Cloud 32 | 33 | - Mixture of on premise and cloud solutions 34 | 35 | ## Questions 36 | 37 | - Hybrid cloud architectures 38 | -------------------------------------------------------------------------------- /docs/gitbook/gitbook-plugin-search/search.css: -------------------------------------------------------------------------------- 1 | /* 2 | This CSS only styled the search results section, not the search input 3 | It defines the basic interraction to hide content when displaying results, etc 4 | */ 5 | #book-search-results .search-results { 6 | display: none; 7 | } 8 | #book-search-results .search-results ul.search-results-list { 9 | list-style-type: none; 10 | padding-left: 0; 11 | } 12 | #book-search-results .search-results ul.search-results-list li { 13 | margin-bottom: 1.5rem; 14 | padding-bottom: 0.5rem; 15 | /* Highlight results */ 16 | } 17 | #book-search-results .search-results ul.search-results-list li p em { 18 | background-color: rgba(255, 220, 0, 0.4); 19 | font-style: normal; 20 | } 21 | #book-search-results .search-results .no-results { 22 | display: none; 23 | } 24 | #book-search-results.open .search-results { 25 | display: block; 26 | } 27 | #book-search-results.open .search-noresults { 28 | display: none; 29 | } 30 | #book-search-results.no-results .search-results .has-results { 31 | display: none; 32 | } 33 | #book-search-results.no-results .search-results .no-results { 34 | display: block; 35 | } 36 | -------------------------------------------------------------------------------- /cloud-practitioner/1-intro.md: -------------------------------------------------------------------------------- 1 | 2 | # Intro To Cloud On AWS 3 | 4 | ## 1. Hierarchy in AWS 5 | 6 | _The way AWS is laid out..._ 7 | 8 | #### Availability Zones, Regions, Edge 9 | 10 | * A region is a collection of AZ's 11 | * An AZ is within a region 12 | * Some regions have ~3 AZ's, some have more 13 | * Edge locations 14 | 15 | // TODO: 👷‍♀ How many AZ's does each region have? 16 | // TODO: 👷‍♀ Is an edge within an AZ or just a region? 17 | 18 | #### 3 Reasons For Choosing a Region 19 | 20 | 1. Latency to the user — You need to be located closer to the user. 21 | 1. Data laws — You have legal requirements that means you need to be in a given region. 22 | 23 | // TODO: 👷‍♀ What's the third reason!? 24 | 25 | ## Cloud Concepts 26 | 27 | #### 6 Advantages Of Cloud 28 | 29 | - Trade capital expense for variable expense 30 | - Economies of scale 31 | - Stop guessing about capacity (on demand) 32 | - Increase speed and agility 33 | - Stop spending money running data centers 34 | - Global in minutes 35 | 36 | #### 3 Types of Cloud Computing 37 | 38 | - IAAS 39 | - PAAS 40 | - SAAS 41 | 42 | ### 3 Types of Cloud 43 | 44 | - Public: AWS, Azure, GCP 45 | - Hybrid: Mixture of public and private 46 | - Private Cloud: Your datacenter 47 | -------------------------------------------------------------------------------- /comptia-network+/index.md: -------------------------------------------------------------------------------- 1 | 2 | ## OSI + TCP/IP Model 3 | 4 | - Both models relate to each other. 5 | - Each layer has a name and number. 6 | 7 | **OSI (older, more detailed)** 8 | 7. Application -> API interfaces. 9 | 6. Presentation -> Old. Data Format. 10 | 5. Session -> TCP/IP, Websockets. 11 | 4. Transport -> Packets. 12 | 3. Network -> IP Addresses. 13 | 2. Data Link -> Mac Address. Network Cards. Switches. 14 | 1. Physical -> Cables. 15 | 16 | **TCP/IP (more modern, less detailed)** 17 | 4. Application -> 18 | 3. Transport -> Assembly / Dissassembly. 19 | 2. Internet -> Routers + IP. 20 | 1. Network Interface -> Physical Cabling. Harware. 21 | 22 | ## IP Addresses 23 | - Dual stack (runs both IPv4 and IPv6) 24 | - Single stack (runs only IPv4) 25 | - IPv4 26 | - IPv4 addresses have four address ranges 27 | - IPv4 addresses have eight address ranges 28 | - We've worked around IPv6 with private IP and NAT 29 | - IPv6 30 | - Introduces aggregation (better routing) 31 | - DHCP is dead? (Replaced with NDP?) 32 | - You can use "double colon" shorthand to group 0's 33 | - Two IP Addresses 34 | - Link local address (Always: `fe80:0000:0000:0000`) 35 | - Internet Address 36 | - IPv4 = 32 bits 37 | - IPv6 = 128 bits 38 | 39 | ## Questions 40 | 41 | - What is DHCP? 42 | - Why colon separators for IPv6? 43 | - What is a link local address? 44 | - Neighbour discovery protocol? -------------------------------------------------------------------------------- /cloud-practitioner/practical-exercises.md: -------------------------------------------------------------------------------- 1 | 2 | # Practical Exercises 3 | 4 | ✅ Setup EC2 Instance 5 | ✅ Setup 2 EC2 Instances 6 | ✅ Setup ALB for the EC2 Instances 7 | ✅ Setup some EC2 with nginx (and add bootstrap scripts) 8 | - Setup an IAM role and assign to an EC2 9 | - Allow the EC2 to write to S3 on boot-up 10 | - Setup autoscaling for the instances 11 | - Configure athena 12 | - Setup custom metrics for the instances 13 | 14 | ### Future Extensions 15 | - Install RDS and connect from EC2 16 | - Create S3 bucket, make a file public, make a folder public, etc. 17 | - Restrict SSH access (on Security Groups) to my IP 18 | - Install Amazon Inspektor on AWS EC2 instances 19 | - Setup detailed monitoring agent on EC2 instance 20 | - Setup some CloudTrail monitoring checks (and use Athena to query them) 21 | - Setup some AWS Config rules 22 | - Play around with S3 ACL's 23 | - Understand consolidated billing (steps to setup) 24 | 25 | - Setup some roles / users (with different policies, etc) 26 | - Tag resources (and use explorer to find them) 27 | - Add WAF infront of your fake application 28 | - Setup EC2 backups and restore processes 29 | 30 | - Setup custom metrics for the instances 31 | - Setup some EBS volumes, log in, dig out the volumes, break them. 32 | - Research about Linux volumes and Docker volumes 33 | - Create a VPC for your application (probably do this another day...) 34 | -------------------------------------------------------------------------------- /sysops-associate/extra-reading.md: -------------------------------------------------------------------------------- 1 | 2 | ## SysOps administrator Associate Exam Guide 3 | 4 | https://d1.awsstatic.com/training-and-certification/docs-sysops-associate/AWS%20Certified%20SysOps%20-%20Associate_Exam%20Guide_Sep18.pdf 5 | 6 | ## Whitepapers 7 | 8 | ### Whitepaper: AWS Security Best Practices 9 | 10 | https://d0.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf?refid=em_ 11 | 12 | // TODO: 👷‍♀ Go through this whitepaper 13 | 14 | ### Whitepaper: Overview of Security Processes 15 | 16 | http://d0.awsstatic.com/whitepapers/Security/AWS%20Security%20Whitepaper.pdf 17 | 18 | // TODO: 👷‍♀ Go through this whitepaper 19 | 20 | ### Whitepaper: Dev & Test on AWS 21 | 22 | https://media.amazonwebservices.com/AWS_Development_Test_Environments.pdf 23 | 24 | // TODO: 👷‍♀ Go through this whitepaper 25 | 26 | ### Whitepaper: Backup, Archive and Restore approaches using AWS 27 | 28 | https://d0.awsstatic.com/whitepapers/Backup_Archive_and_Restore_Approaches_Using_AWS.pdf 29 | 30 | // TODO: 👷‍♀ Go through this whitepaper 31 | 32 | ### Whitepaper: Amazon Virtual Private Cloud Connectivity Options 33 | 34 | https://media.amazonwebservices.com/AWS_Amazon_VPC_Connectivity_Options.pdf 35 | 36 | // TODO: 👷‍♀ Go through this whitepaper 37 | 38 | ### How AWS Pricing Works 39 | 40 | http://d0.awsstatic.com/whitepapers/aws_pricing_overview.pdf 41 | 42 | // TODO: 👷‍♀ Go through this whitepaper 43 | -------------------------------------------------------------------------------- /docs/gitbook/gitbook-plugin-search/search-engine.js: -------------------------------------------------------------------------------- 1 | require([ 2 | 'gitbook', 3 | 'jquery' 4 | ], function(gitbook, $) { 5 | // Global search objects 6 | var engine = null; 7 | var initialized = false; 8 | 9 | // Set a new search engine 10 | function setEngine(Engine, config) { 11 | initialized = false; 12 | engine = new Engine(config); 13 | 14 | init(config); 15 | } 16 | 17 | // Initialize search engine with config 18 | function init(config) { 19 | if (!engine) throw new Error('No engine set for research. Set an engine using gitbook.research.setEngine(Engine).'); 20 | 21 | return engine.init(config) 22 | .then(function() { 23 | initialized = true; 24 | gitbook.events.trigger('search.ready'); 25 | }); 26 | } 27 | 28 | // Launch search for query q 29 | function query(q, offset, length) { 30 | if (!initialized) throw new Error('Search has not been initialized'); 31 | return engine.search(q, offset, length); 32 | } 33 | 34 | // Get stats about search 35 | function getEngine() { 36 | return engine? engine.name : null; 37 | } 38 | 39 | function isInitialized() { 40 | return initialized; 41 | } 42 | 43 | // Initialize gitbook.search 44 | gitbook.search = { 45 | setEngine: setEngine, 46 | getEngine: getEngine, 47 | query: query, 48 | isInitialized: isInitialized 49 | }; 50 | }); -------------------------------------------------------------------------------- /sysops-associate/exam-prep.md: -------------------------------------------------------------------------------- 1 | ### Notes 2 | 3 | https://d1.awsstatic.com/training-and-certification/docs-sysops-associate/AWS%20Certified%20SysOps%20-%20Associate_Exam%20Guide_Sep18.pdf 4 | 5 | ## General Exam Notes 6 | 7 | Need to know to evaluate: S3 vs EFS 8 | Question about prevention of Cloud Trail logs being tampered with 9 | How to connect on Premise data centre to AWS (What is this called, again?) 10 | VPC (Routing tables, route tables, NACL’s, Security Group problems) 11 | Understand the shared responsibility within AWS 12 | Personal health 13 | Lots of overlap with solutions architect 14 | 15 | ## Steps to exam 16 | 17 | - Watch all videos 18 | - Update all notes from watching videos 19 | - Read all whitepapers 20 | 21 | ## Things To Do 22 | 23 | - Research WhizLabs 24 | - Who is Jon Bonso? - Udemy practice tests for the sysops exam 25 | 26 | ## Exercises: 27 | 28 | Review the ACloudGuru labs: https://learn.acloud.guru/labs/search 29 | 30 | **Create a VPC** — Launch up a new VPC, create an internet gateway, setup security groups, launch some EC2 in public and private networks. 31 | 32 | **Setup a bastion host** and SSH'ing through the network. 33 | 34 | **Setup KMS** And integrate it with real services. 35 | 36 | **Experiment with load balancers** — When you've created a new VPC, implement a web app behind a load balancer. 37 | 38 | **Setup location routing** - Add DNS records that resolve based on location. 39 | 40 | **Teraform Wordpress** — Setup a new wordpress installation with route53, S3 CDN, EBS volumes (with backups) and the PHP EC2 and database, migrate content over. 41 | -------------------------------------------------------------------------------- /developer-associate/exam-prep.md: -------------------------------------------------------------------------------- 1 | 2 | ## Overview 3 | - **Days to go**: 16 4 | - **Percentage remaining**: 94% 5 | 6 | ## Todo 7 | - Run through: 8 | - Networking services 9 | - The "DevOps" services 10 | - Core services (Lambda, EC2, RDS, etc) 11 | - Update your imaginary business repo with some new services 12 | - Create an AWS diagram 13 | - Check out the other courses to see if anything is missing (ACloudGuru, Stephane Mareek, Cloud Academy) 14 | 15 | ## Prep Plan 16 | - Monday AM - Run through main services you don’t know (EB) + do recap 17 | - Monday PM - Recap Lesser Known Services (Step Functions, API Gateway, Code*) + do recap 18 | - Tuesday AM - Networking services / VPC + do recap 19 | - Wednesday AM - Recap Least Known Services + do recap 20 | - Wednesday PM - Recap Least Known Services + do recap 21 | - Thursday AM - Cheat Sheets, Flash Cards, Exam Questions, Practice Exam on ExamPro, Review whitepapers 22 | - Thursday PM - Practice Exam on ExamPro + Jon Bonso 23 | 24 | ## Courses 25 | - ExamPro: https://app.exampro.co/student/material/dva-c01/1188 26 | - Stephane Mareek: https://www.udemy.com/course/aws-certified-developer-associate-dva-c01/learn/lecture/19733666?start=15#overview 27 | - Exam Questions: https://twitter.com/nealkdavis/status/1484468958090596358?s=20 28 | 29 | ## Concepts 30 | 31 | ### CI/CD/CD 32 | - Continuous Integration: Code, Build, Integrate, Test 33 | - Continuous Delivery: Code, Build, Integrate Test, Release (preparing code for deployment, but deployment is still a manual process) 34 | - Continuous Deployment: Code, Build, Integrate Test, Release, Deployment 35 | 36 | 37 | -------------------------------------------------------------------------------- /cloud-practitioner/4-security-cloud.md: -------------------------------------------------------------------------------- 1 | 2 | # Security In The Cloud 3 | 4 | // TODO: 👷‍♀ aws.amazon.com/compliance 5 | 6 | ## 1. Security Concepts 7 | 8 | #### Share Responsibility Model 9 | 10 | **AWS:** 11 | - Hardware, Compute, Databases, Networking 12 | 13 | **Customer** 14 | - Customer data 15 | - Firewall configuration 16 | - Networking traffic 17 | 18 | // TODO: 👷‍♀ https://aws.amazon.com/compliance/shared-responsibility-model/ 19 | 20 | ## 2. Security AWS Services 21 | 22 | #### AWS Artifact (Audit?) 23 | - A comprehensive list of compliance documents 24 | 25 | #### AWS Config 26 | - Monitors your server configurations (security groups, etc) 27 | 28 | #### CloudWatch 29 | - Application Performance Monitoring 30 | 31 | #### CloudTrail 32 | - Setup one S3 in an account and route all CloudTrail logs here 33 | - API Calls (not application monitoring) 34 | 35 | #### AWS WAF 36 | - WAF (Layer 7, Application Firewall) prevents XSS and SQL Injection 37 | 38 | // TODO: 👷‍♀ Investigate more about this service 39 | 40 | #### AWS Shield 41 | - DDoS Mitigation 42 | - Turned on default, advanced is $3000 a month 43 | - Two flavours: Standard + Advanced 44 | - Advanced 45 | - DDos Response Team (and post-attack analysis) 46 | - Cost protection (don't have to pay during an attack) 47 | 48 | // TODO: 👷‍♀ Investigate more about this service 49 | 50 | #### AWS Inspector 51 | - Agent installed on EC2 Instances (Automated assessment) 52 | 53 | #### AWS Trusted Advisor 54 | - Online Service for providing insight 55 | - Helps with reducing cost and performance (not just security) 56 | - Need to update support plan for all checks (cost optimisation) 57 | 58 | ### Security As Code 59 | - Hardened EC2's 60 | -------------------------------------------------------------------------------- /well-architected/the-framework.md: -------------------------------------------------------------------------------- 1 | 2 | # The 5 Pillars Overview 3 | 4 | The well architected framework is based on five pillars: 5 | 6 | - Operational Excellence 7 | - Security 8 | - Cost Optimisation 9 | - Reliability 10 | - Performance Efficiency 11 | 12 | ## Game Days 13 | 14 | - Setting up and testing your response processes 15 | - Standing up your prod architecture and attacking it for the purposes of breaking it 16 | 17 | ## Pillar 1: Operational Excellence 18 | 19 | _Does our application work? Will our application continue to work?_ 20 | 21 | * Operations as code 22 | * Documentation is updated automatically 23 | * Small changes (with rollback plans) 24 | * Tighten feedback loops (iterate) 25 | * Expect failure (red team, game days) 26 | * Learn from failures and successes 27 | 28 | ## Pillar 2: Security 29 | 30 | _Does it do what we want? (And only that?)_ 31 | 32 | * Identities have the least priveledges possible 33 | * Who who did what and when? 34 | * Automate security tasks 35 | * Encrypt data at transit and at rest 36 | * Prepare for the worst (woven into game days) 37 | 38 | ## Pillar 3: Cost Optimisation 39 | 40 | _Spend only what you have to_ 41 | 42 | * Consumption based pricing 43 | * Measure efficiency constantly 44 | * Let AWS do the work when necessary 45 | * Ties closely to operational performance 46 | 47 | ## Pillar 4: Reliability 48 | 49 | _Is what you built going to work consistently?_ 50 | 51 | * Recover from issues automatically 52 | * Scale horizontally (where possible) 53 | * Reduce idle resources (operational burden, attack surface increase) 54 | * Manage change through automation 55 | 56 | ## Pillar 5: Performance Efficiency 57 | 58 | * Let AWS do the work (when possible) 59 | * Reduce latency through regions & AWS edge 60 | * Serverless > Containers > Instances 61 | -------------------------------------------------------------------------------- /docs/gitbook/gitbook-plugin-lunr/search-lunr.js: -------------------------------------------------------------------------------- 1 | require([ 2 | 'gitbook', 3 | 'jquery' 4 | ], function(gitbook, $) { 5 | // Define global search engine 6 | function LunrSearchEngine() { 7 | this.index = null; 8 | this.store = {}; 9 | this.name = 'LunrSearchEngine'; 10 | } 11 | 12 | // Initialize lunr by fetching the search index 13 | LunrSearchEngine.prototype.init = function() { 14 | var that = this; 15 | var d = $.Deferred(); 16 | 17 | $.getJSON(gitbook.state.basePath+'/search_index.json') 18 | .then(function(data) { 19 | // eslint-disable-next-line no-undef 20 | that.index = lunr.Index.load(data.index); 21 | that.store = data.store; 22 | d.resolve(); 23 | }); 24 | 25 | return d.promise(); 26 | }; 27 | 28 | // Search for a term and return results 29 | LunrSearchEngine.prototype.search = function(q, offset, length) { 30 | var that = this; 31 | var results = []; 32 | 33 | if (this.index) { 34 | results = $.map(this.index.search(q), function(result) { 35 | var doc = that.store[result.ref]; 36 | 37 | return { 38 | title: doc.title, 39 | url: doc.url, 40 | body: doc.summary || doc.body 41 | }; 42 | }); 43 | } 44 | 45 | return $.Deferred().resolve({ 46 | query: q, 47 | results: results.slice(0, length), 48 | count: results.length 49 | }).promise(); 50 | }; 51 | 52 | // Set gitbook research 53 | gitbook.events.bind('start', function(e, config) { 54 | var engine = gitbook.search.getEngine(); 55 | if (!engine) { 56 | gitbook.search.setEngine(LunrSearchEngine, config); 57 | } 58 | }); 59 | }); 60 | -------------------------------------------------------------------------------- /sysops-associate/6-security.md: -------------------------------------------------------------------------------- 1 | # Security & Compliance 2 | 3 | ## MFA 4 | * Turn on MFA through the IAM console 5 | * You can save your QR code from the MFA 6 | * MFA for the command line you just use STS for the token 7 | * There is a report within IAM that shows you who has MFA enabled 8 | 9 | ## DDOS 10 | * AWS Shield covers CloudFront, Route53 and ELB's 11 | * Use autoscaling to help consume attacks 12 | * Use CloudWatch to alert if an attack is ongoing 13 | 14 | ## Security Marketplace 15 | * Different security products, like Kali Linux 16 | * Can buy ACloudGuru training 17 | * Can buy hardened images (to certain standards) 18 | 19 | ## STS (Security Token Service) 20 | * Used for creating access tokens, returns your ```ACCESS_TOKEN``` and ```SECRET_TOKEN``` 21 | * Can authenticate against a third party (facebook, google, etc) 22 | 23 | ## Security Logging 24 | * CloudWatch monitors performance 25 | * CloudTrail monitors API calls (You can hook into Lambda's or raise alerts based on these) 26 | * AWS Config records current state of environments and shows changes 27 | 28 | ## Systems Manager (Run Command) 29 | * Apply security patches to a fleet of EC2 30 | * Easily run 31 | 32 | ## IAM Custom Policies 33 | * Can create custom policies that are applied to users / roles. 34 | * Some policies are AWS managed, some are user managed. 35 | * Actions are different things you can do with a resource. 36 | * Can be attached to an EC2 instance. 37 | 38 | ## Pen Test 39 | * You need to notify AWS if you're performing a pen test 40 | 41 | ## AWS Hypervisors 42 | * Abstraction between machine and running image 43 | 44 | ## Shared responsibility Model 45 | * The 3 types of services: Infrastructure, Container and Abstracted services 46 | 47 | ## Question 48 | 49 | * How does it detect DDOS? 50 | * The difference between run command and chef / puppet (and OpsWorks?) 51 | * Why notify AWS of pen test? 52 | * Can we apply policies to all resources? 53 | * How do root privledges work? "Elevate to root?" 54 | * How do attached roles on machines assume the role details via the SDK? 55 | * What does "Managed policy" mean within AWS? 56 | -------------------------------------------------------------------------------- /sysops-associate/5-storage.md: -------------------------------------------------------------------------------- 1 | 2 | # Storage & Data Management 3 | 4 | ## Snowball / Snowball Edge 5 | * Used for moving on-premise data into the cloud (bypassing the internet) 6 | * If data takes more than a few days or a week to upload, you should use snowball (cheaper, easier) 7 | * Used for large-scale data transfer 8 | * Snowball edge is used for analysis before you upload to S3 9 | 10 | ## AMI's 11 | * Are a snapshot of your EC2 12 | * Cannot snapshot certain images (with licenses like Oracle) 13 | * Encrypted AMI's cannot be copied, they must be un-encrypted, moved and then re-encrypted. 14 | 15 | ## Athena 16 | * Querying from inside of S3 17 | * Use a SQL like langauge 18 | * Is a serverless cloud solution (pay per query) 19 | * Can query cloudwatch, cloudtrail, S3 Access, Website Logs (S3) 20 | 21 | ## S3 22 | * Appears in the exam quite a lot 23 | * Allows you to configure lifecycle policies 24 | * Infrequently accessed and glacier options (cheaper than regular S3) 25 | * Can schedule files to be deleted after a certain amount of time 26 | * Can enable MFA delete to protect delete of S3 resources 27 | * Encryption in transit (SSL / TLS) 28 | 29 | ## Encrypting S3 30 | * Encryption at rest is provided by: 31 | * SSE-S3 (Server Side Encryption - S3) 32 | * SSE-KMS (Server Side Encryption with KMS) 33 | * When you enable on an existing bucket: 34 | * No change to existing objects 35 | * Encrypts by default 36 | * If you put encryption info in the header it is used 37 | 38 | ## Instance Store 39 | * Used as block storage 40 | 41 | ## KMS 42 | * KMS and CloudHSM generate, store and manage secrets / keys. 43 | * CloudHSM allows for dedicated hardware for generating specific keys. 44 | 45 | ## Questions 46 | * What are the key differences between snowball and snowball edge? 47 | * Difference between SSL and TLS? 48 | * What's the difference between encryption types in S3? 49 | * What is instance store? 50 | * Is EBS guarenteed persistence? 51 | * S3 as NFS vs EBS (what's the cost/benefits) 52 | * What is CloudHSM 53 | * What is Storage Gateway? 54 | * What is the difference between block storage and other types of storage? 55 | -------------------------------------------------------------------------------- /comptia-a+/index.md: -------------------------------------------------------------------------------- 1 | 2 | ## To Watch 3 | 4 | - [] RAM 5 | - [] CPU 6 | - [] Firmware 7 | - [] Storage 8 | 9 | ## RAM 10 | 11 | - 12 | 13 | ## IP / TCP 14 | 15 | - Four characters 0-255 16 | - Addresses never end with 0 or 255 17 | - Subnet Mask (Tells you if it's in your LAN) 18 | - Router usually has a `.1` 19 | - Most subnet masks are `255.255.255.0` 20 | - Default Gateway 21 | - Ping 22 | - Purpose of IP 23 | - Identify with LAN you're part of 24 | - Gives you a unique host ID 25 | - Class E -> Reserved 26 | - Class D -> Multicast address (?) 27 | - Class C (last number is locked) e.g. `210.11.12.x` 28 | - Class B (last two numbers are locked) `172.16.x.x` 29 | - Class A (last three numbers are locked) `6.x.x.x` 30 | 31 | ## NAT 32 | 33 | - Gateway Router (2 connections to LAN and ISP) 34 | - Converts external public IP to LAN IP 35 | - Anything inside the LAN is not visible to the internet 36 | 37 | ## CPU 38 | 39 | - Two main manufacturers: Intel + AMD 40 | - Core (Pipeline) - 32 or 16bit 41 | - Makes the CPU act like multiple 42 | - Hyperthreading (1 pipeline handing code) 43 | - Register 44 | - Speed (Clock) 45 | - Overclocking for increasing the clock speed 46 | - Hertz = Million times per second 47 | 48 | ## Hard Drive 49 | 50 | - **Hard drives - Block Based** 51 | - Can read/write data at the "block" level. 52 | - Create volumes (that can be partitioned). 53 | - You can choose the type of file system e.g. FAT32 or NTFS. 54 | - You can install an operating system on a block-based system. 55 | - **File Storage - Network Attached** 56 | - Attached via a Network Interface Card. 57 | - Already has a file system (with partitions). 58 | - Often a shared directory in a company. 59 | - Is then shared over a network. 60 | - Use a "mount point" on Linux. 61 | - **Object storage** 62 | - User uploads via a Web Browser. 63 | - Typically no hierarchy and expansive storage. 64 | - Upload an object to a container on the internet (HTTP protocol). 65 | - Typically uploaded over a RESTful API. 66 | 67 | ## Questions 68 | 69 | - What is a CPU Register? 70 | - What/who defines the network mask? 71 | - How does automatic IP allocation work? -------------------------------------------------------------------------------- /sysops-associate/4-elasticity-and-scale.md: -------------------------------------------------------------------------------- 1 | 2 | ## Elasticity & Scalability 3 | 4 | ### Elasticity vs Scalability 5 | 6 | - **Scale:** Ability to meet demands over the long term (think: long term, months / years) 7 | - **Elasticity:** Stretch and retract infrastructure based on demand (think: hours or days) 8 | 9 | ### Aurora & Scale 10 | - Proprietary database that AWS invented 11 | - Aurora allows elasticity (regular RDS does not) 12 | 13 | ### RDS Replica Vs Multiple AZ 14 | - Worth calling out on it’s own. Read replica’s are to help with additional read load whereas multiple AZ is to help with disaster recover. 15 | 16 | ### RDS & Multi AZ Failover 17 | - Backups are taken from a secondary if you’ve got multiple AZ turned on. 18 | - You can force a failover by re-booting (for chaos eng) your instance. 19 | - Connection string points to the DB instance and managed privately by AWS. 20 | - RDS will detect if a database is down and point the DNS to a different AZ 21 | - Multi AZ has an exact copy of your data in the other AZ (sometimes physical replication and sometimes - logical replication) 22 | - Failover priority (set the instance you want to become the master in failover) 23 | 24 | ### Read Replicas (for performance / read-heavy loads) 25 | - Helps with easing read-heavy workloads (such as wordpress) 26 | - AWS takes a snapshot of the primary DB (with no multi AZ it causes I/O suspension) 27 | - Easily have multiple instances of your RDS (through the interface) 28 | - Data is automatically synced between databases 29 | - You can know which RDS you’re running (by viewing the “engine” field) 30 | - Can direct traffic to reads if the write replica is under scale 31 | - Useful for reporting such as data warehousing (or could use S3 and redshift) 32 | - Creates a new endpoint DNS record to connect to 33 | - You can promote a read replica to become a primary DB if you want 34 | - Key metric: Replication lag (the time taken to replicate between databases) 35 | 36 | ## ElastiCache 37 | - A web service that makes it easy to deploy, operate and scale an in-memory cache in the cloud. Much - faster than a disk-based database. 38 | - Can significantly improve latency and throughput for many read-heavy application workloads (social - networking, gaming, media sharing, Q&A portals) 39 | - Improves performance by storing critical pieces of data in memory, for low latency access. 40 | 41 | ### Memcached vs Redis 42 | Memcache does not support multi AZ, Redis does support multiple AZ. 43 | 44 | ### Aurora 45 | 46 | Serverless database solution (can be provisioned if you want) 47 | 48 | ### Troubleshooting Autoscaling 49 | 50 | Below are some reasons that instances might not be able to autoscale... 51 | 52 | - Security group doesn’t exist 53 | - Instance type is not supported in the AZ 54 | - AutoScaling group doesn’t exist 55 | - Invalid EBS mapping 56 | -------------------------------------------------------------------------------- /docs/gitbook/gitbook-plugin-sharing/buttons.js: -------------------------------------------------------------------------------- 1 | require(['gitbook', 'jquery'], function(gitbook, $) { 2 | var SITES = { 3 | 'facebook': { 4 | 'label': 'Facebook', 5 | 'icon': 'fa fa-facebook', 6 | 'onClick': function(e) { 7 | e.preventDefault(); 8 | window.open('http://www.facebook.com/sharer/sharer.php?s=100&p[url]='+encodeURIComponent(location.href)); 9 | } 10 | }, 11 | 'twitter': { 12 | 'label': 'Twitter', 13 | 'icon': 'fa fa-twitter', 14 | 'onClick': function(e) { 15 | e.preventDefault(); 16 | window.open('http://twitter.com/home?status='+encodeURIComponent(document.title+' '+location.href)); 17 | } 18 | }, 19 | 'google': { 20 | 'label': 'Google+', 21 | 'icon': 'fa fa-google-plus', 22 | 'onClick': function(e) { 23 | e.preventDefault(); 24 | window.open('https://plus.google.com/share?url='+encodeURIComponent(location.href)); 25 | } 26 | }, 27 | 'weibo': { 28 | 'label': 'Weibo', 29 | 'icon': 'fa fa-weibo', 30 | 'onClick': function(e) { 31 | e.preventDefault(); 32 | window.open('http://service.weibo.com/share/share.php?content=utf-8&url='+encodeURIComponent(location.href)+'&title='+encodeURIComponent(document.title)); 33 | } 34 | }, 35 | 'instapaper': { 36 | 'label': 'Instapaper', 37 | 'icon': 'fa fa-instapaper', 38 | 'onClick': function(e) { 39 | e.preventDefault(); 40 | window.open('http://www.instapaper.com/text?u='+encodeURIComponent(location.href)); 41 | } 42 | }, 43 | 'vk': { 44 | 'label': 'VK', 45 | 'icon': 'fa fa-vk', 46 | 'onClick': function(e) { 47 | e.preventDefault(); 48 | window.open('http://vkontakte.ru/share.php?url='+encodeURIComponent(location.href)); 49 | } 50 | } 51 | }; 52 | 53 | 54 | 55 | gitbook.events.bind('start', function(e, config) { 56 | var opts = config.sharing; 57 | 58 | // Create dropdown menu 59 | var menu = $.map(opts.all, function(id) { 60 | var site = SITES[id]; 61 | 62 | return { 63 | text: site.label, 64 | onClick: site.onClick 65 | }; 66 | }); 67 | 68 | // Create main button with dropdown 69 | if (menu.length > 0) { 70 | gitbook.toolbar.createButton({ 71 | icon: 'fa fa-share-alt', 72 | label: 'Share', 73 | position: 'right', 74 | dropdown: [menu] 75 | }); 76 | } 77 | 78 | // Direct actions to share 79 | $.each(SITES, function(sideId, site) { 80 | if (!opts[sideId]) return; 81 | 82 | gitbook.toolbar.createButton({ 83 | icon: site.icon, 84 | label: site.text, 85 | position: 'right', 86 | onClick: site.onClick 87 | }); 88 | }); 89 | }); 90 | }); 91 | -------------------------------------------------------------------------------- /advanced-networking/3-design-and-implement-aws-networks.md: -------------------------------------------------------------------------------- 1 | 2 | ## Regions, Availability Zones, and Edge Locations 3 | 4 | Breakdown and understanding of groupings within AWS... 5 | 6 | **Regions** 7 | * Rough geographical region 8 | 9 | **Availability Zones** 10 | * At the AZ level, you're protected against hardware failures 11 | * An AZ is a logical AZ zone 12 | * An AZ is a logical construct 13 | * An AZ is not necessarily a single data-center 14 | * It's a logical fault-tolerant logical grouping 15 | * AZ's are fiber connected (so they're very fast) 16 | 17 | **Edge Locations** 18 | * Where individual AZ's would be overkill 19 | * Act like mini availability zones 20 | 21 | **VPC** 22 | * A VPC can live within one *_REGION_* 23 | * Internet gateways can be attached to VPC's to access the public internet 24 | 25 | **Subnet** 26 | * One subnet lives in a single AZ (the AZ is picked when you create the subnet and cannot be changed!) 27 | 28 | ## Creating a VPC 29 | * CIDR + Tenancy (Region?) cannot be changed once created 30 | * CIDR is between /16 and /28 (65,000 —> 16 IP's) 31 | * Overlapping VPC's have issues integrating / peering (default use same range, be careful) 32 | * Chop up your VPC to be shared between AZ's 33 | * Leave some spare VPC space to be added to new AZ's if released 34 | 35 | ## Reserved Addresses 36 | * First, Network address (10.0.0.0) 37 | * Second, VPC Router (10.0.0.1) 38 | * Third, DNS (10.0.0.2) 39 | * Reserved, in case (10.0.0.3) 40 | * Broadcast address (10.0.0.255) 41 | 42 | ## ENI 43 | * Is an abstraction between network config and instances 44 | * An ENI is provisioned onto an EC2 45 | * Scoped into an AZ 46 | * A security group is attached to an ENI, not an instance 47 | * Larger instances can have multiple ENI's 48 | * ENI's given at creation time, and those given later have different behaviours 49 | * [Information stored by an ENI:](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html) 50 | * MAC address 51 | * Private IP 52 | * Elastic IP 53 | * >=1 security groups 54 | * One public IP address 55 | * A source/destination check 56 | 57 | ## Elastic IP 58 | * External, public facing IP's 59 | * Elastic IP's are linked to private IP's 60 | 61 | ## Internet Gateway 62 | * Is region specific 63 | * Attached to a VPC 64 | * Allows access to public endpoints 65 | * VPC Router communicates with the IG 66 | * Non Internal addresses are routed to the Int3ernet Gateaway 67 | * Usually lives at 0.0.0.0 68 | 69 | ## Security Group 70 | * Applied to EC2, DB, etc (really to the ENI) 71 | * Are scoped to a VPC 72 | * Can only allow traffic (no deny) 73 | * Cannot block IP from in a security group (only in NACL) 74 | 75 | ## NACL 76 | * Applied at the Subnet level (not the instance level) 77 | * Can be applied to many subnets 78 | * Acts like a firewall 79 | * Is state-less, doesn't remember packets previously came in or out 80 | * NACL rules are processed in order (no rejection) 81 | * The default ACL is given an allow all rule to get people started 82 | 83 | ## Questions 84 | * How can CIDR blocks overlap? 85 | * What issues would it cause if two VPC's have the same IP address ranges? 86 | * Reserved instances are applied to VPC's and subnets? 87 | * "Broadcast is not supported in a VPC?" what does this mean? 88 | * What is DHCP? 89 | * What does CIDR stand for? 90 | * What is a source/destination check? 91 | * Internet gateway vs NAT instance 92 | * How do you debug network issues 93 | * NACL vs Subnet 94 | * Do you hit every in the NACL? 95 | * What is an emphemeral port? 96 | -------------------------------------------------------------------------------- /docs/advanced-networking/3-design-and-implement-aws-networks.md: -------------------------------------------------------------------------------- 1 | 2 | ## Regions, Availability Zones, and Edge Locations 3 | 4 | Breakdown and understanding of groupings within AWS... 5 | 6 | **Regions** 7 | * Rough geographical region 8 | 9 | **Availability Zones** 10 | * At the AZ level, you're protected against hardware failures 11 | * An AZ is a logical AZ zone 12 | * An AZ is a logical construct 13 | * An AZ is not necessarily a single data-center 14 | * It's a logical fault-tolerant logical grouping 15 | * AZ's are fiber connected (so they're very fast) 16 | 17 | **Edge Locations** 18 | * Where individual AZ's would be overkill 19 | * Act like mini availability zones 20 | 21 | **VPC** 22 | * A VPC can live within one *_REGION_* 23 | * Internet gateways can be attached to VPC's to access the public internet 24 | 25 | **Subnet** 26 | * One subnet lives in a single AZ (the AZ is picked when you create the subnet and cannot be changed!) 27 | 28 | ## Creating a VPC 29 | * CIDR + Tenancy (Region?) cannot be changed once created 30 | * CIDR is between /16 and /28 (65,000 —> 16 IP's) 31 | * Overlapping VPC's have issues integrating / peering (default use same range, be careful) 32 | * Chop up your VPC to be shared between AZ's 33 | * Leave some spare VPC space to be added to new AZ's if released 34 | 35 | ## Reserved Addresses 36 | * First, Network address (10.0.0.0) 37 | * Second, VPC Router (10.0.0.1) 38 | * Third, DNS (10.0.0.2) 39 | * Reserved, in case (10.0.0.3) 40 | * Broadcast address (10.0.0.255) 41 | 42 | ## ENI 43 | * Is an abstraction between network config and instances 44 | * An ENI is provisioned onto an EC2 45 | * Scoped into an AZ 46 | * A security group is attached to an ENI, not an instance 47 | * Larger instances can have multiple ENI's 48 | * ENI's given at creation time, and those given later have different behaviours 49 | * [Information stored by an ENI:](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html) 50 | * MAC address 51 | * Private IP 52 | * Elastic IP 53 | * >=1 security groups 54 | * One public IP address 55 | * A source/destination check 56 | 57 | ## Elastic IP 58 | * External, public facing IP's 59 | * Elastic IP's are linked to private IP's 60 | 61 | ## Internet Gateway 62 | * Is region specific 63 | * Attached to a VPC 64 | * Allows access to public endpoints 65 | * VPC Router communicates with the IG 66 | * Non Internal addresses are routed to the Int3ernet Gateaway 67 | * Usually lives at 0.0.0.0 68 | 69 | ## Security Group 70 | * Applied to EC2, DB, etc (really to the ENI) 71 | * Are scoped to a VPC 72 | * Can only allow traffic (no deny) 73 | * Cannot block IP from in a security group (only in NACL) 74 | 75 | ## NACL 76 | * Applied at the Subnet level (not the instance level) 77 | * Can be applied to many subnets 78 | * Acts like a firewall 79 | * Is state-less, doesn't remember packets previously came in or out 80 | * NACL rules are processed in order (no rejection) 81 | * The default ACL is given an allow all rule to get people started 82 | 83 | ## Questions 84 | * How can CIDR blocks overlap? 85 | * What issues would it cause if two VPC's have the same IP address ranges? 86 | * Reserved instances are applied to VPC's and subnets? 87 | * "Broadcast is not supported in a VPC?" what does this mean? 88 | * What is DHCP? 89 | * What does CIDR stand for? 90 | * What is a source/destination check? 91 | * Internet gateway vs NAT instance 92 | * How do you debug network issues 93 | * NACL vs Subnet 94 | * Do you hit every in the NACL? 95 | * What is an emphemeral port? 96 | -------------------------------------------------------------------------------- /docs/gitbook/gitbook-plugin-highlight/ebook.css: -------------------------------------------------------------------------------- 1 | pre, 2 | code { 3 | /* http://jmblog.github.io/color-themes-for-highlightjs */ 4 | /* Tomorrow Comment */ 5 | /* Tomorrow Red */ 6 | /* Tomorrow Orange */ 7 | /* Tomorrow Yellow */ 8 | /* Tomorrow Green */ 9 | /* Tomorrow Aqua */ 10 | /* Tomorrow Blue */ 11 | /* Tomorrow Purple */ 12 | } 13 | pre .hljs-comment, 14 | code .hljs-comment, 15 | pre .hljs-title, 16 | code .hljs-title { 17 | color: #8e908c; 18 | } 19 | pre .hljs-variable, 20 | code .hljs-variable, 21 | pre .hljs-attribute, 22 | code .hljs-attribute, 23 | pre .hljs-tag, 24 | code .hljs-tag, 25 | pre .hljs-regexp, 26 | code .hljs-regexp, 27 | pre .hljs-deletion, 28 | code .hljs-deletion, 29 | pre .ruby .hljs-constant, 30 | code .ruby .hljs-constant, 31 | pre .xml .hljs-tag .hljs-title, 32 | code .xml .hljs-tag .hljs-title, 33 | pre .xml .hljs-pi, 34 | code .xml .hljs-pi, 35 | pre .xml .hljs-doctype, 36 | code .xml .hljs-doctype, 37 | pre .html .hljs-doctype, 38 | code .html .hljs-doctype, 39 | pre .css .hljs-id, 40 | code .css .hljs-id, 41 | pre .css .hljs-class, 42 | code .css .hljs-class, 43 | pre .css .hljs-pseudo, 44 | code .css .hljs-pseudo { 45 | color: #c82829; 46 | } 47 | pre .hljs-number, 48 | code .hljs-number, 49 | pre .hljs-preprocessor, 50 | code .hljs-preprocessor, 51 | pre .hljs-pragma, 52 | code .hljs-pragma, 53 | pre .hljs-built_in, 54 | code .hljs-built_in, 55 | pre .hljs-literal, 56 | code .hljs-literal, 57 | pre .hljs-params, 58 | code .hljs-params, 59 | pre .hljs-constant, 60 | code .hljs-constant { 61 | color: #f5871f; 62 | } 63 | pre .ruby .hljs-class .hljs-title, 64 | code .ruby .hljs-class .hljs-title, 65 | pre .css .hljs-rules .hljs-attribute, 66 | code .css .hljs-rules .hljs-attribute { 67 | color: #eab700; 68 | } 69 | pre .hljs-string, 70 | code .hljs-string, 71 | pre .hljs-value, 72 | code .hljs-value, 73 | pre .hljs-inheritance, 74 | code .hljs-inheritance, 75 | pre .hljs-header, 76 | code .hljs-header, 77 | pre .hljs-addition, 78 | code .hljs-addition, 79 | pre .ruby .hljs-symbol, 80 | code .ruby .hljs-symbol, 81 | pre .xml .hljs-cdata, 82 | code .xml .hljs-cdata { 83 | color: #718c00; 84 | } 85 | pre .css .hljs-hexcolor, 86 | code .css .hljs-hexcolor { 87 | color: #3e999f; 88 | } 89 | pre .hljs-function, 90 | code .hljs-function, 91 | pre .python .hljs-decorator, 92 | code .python .hljs-decorator, 93 | pre .python .hljs-title, 94 | code .python .hljs-title, 95 | pre .ruby .hljs-function .hljs-title, 96 | code .ruby .hljs-function .hljs-title, 97 | pre .ruby .hljs-title .hljs-keyword, 98 | code .ruby .hljs-title .hljs-keyword, 99 | pre .perl .hljs-sub, 100 | code .perl .hljs-sub, 101 | pre .javascript .hljs-title, 102 | code .javascript .hljs-title, 103 | pre .coffeescript .hljs-title, 104 | code .coffeescript .hljs-title { 105 | color: #4271ae; 106 | } 107 | pre .hljs-keyword, 108 | code .hljs-keyword, 109 | pre .javascript .hljs-function, 110 | code .javascript .hljs-function { 111 | color: #8959a8; 112 | } 113 | pre .hljs, 114 | code .hljs { 115 | display: block; 116 | background: white; 117 | color: #4d4d4c; 118 | padding: 0.5em; 119 | } 120 | pre .coffeescript .javascript, 121 | code .coffeescript .javascript, 122 | pre .javascript .xml, 123 | code .javascript .xml, 124 | pre .tex .hljs-formula, 125 | code .tex .hljs-formula, 126 | pre .xml .javascript, 127 | code .xml .javascript, 128 | pre .xml .vbscript, 129 | code .xml .vbscript, 130 | pre .xml .css, 131 | code .xml .css, 132 | pre .xml .hljs-cdata, 133 | code .xml .hljs-cdata { 134 | opacity: 0.5; 135 | } 136 | -------------------------------------------------------------------------------- /SUMMARY.md: -------------------------------------------------------------------------------- 1 | * [ 🏠Home ](README.md) 2 | 3 | ### Kubernetes & Cloud Native Associate 4 | 5 | * [🔵 Notes ](./kcna/notes.md) 6 | * [🔵 Kubernetes The Hard Way ](./kcna/kubernetes-the-hard-way.md) 7 | * [🔵 Practical Exercises ](./kcna/practical-exercises.md) 8 | * [🔵 Questions ](./kcna/questions.md) 9 | 10 | ### Cloud Practicioner 11 | 12 | * [ Exam Prep ](./cloud-practitioner/exam-prep.md) 13 | * [ Extra Reading ](./cloud-practitioner/extra-reading.md) 14 | * [ Practical Exercises ](./cloud-practitioner/practical-exercises.md) 15 | * [✅ 1 - Intro ](./cloud-practitioner/1-intro.md) 16 | * [✅ 2 - Cloud Concepts](./cloud-practitioner/2-cloud-concepts.md) 17 | * [✅ 3 - Billing & Pricing](./cloud-practitioner/3-billing-and-pricing.md) 18 | * [✅ 4 - Security In The Cloud](./cloud-practitioner/4-security-cloud.md) 19 | 20 | ### SysOps Associate 21 | 22 | * [ Exam Prep ](./sysops-associate/exam-prep.md) 23 | * [ Extra Reading ](./sysops-associate/extra-reading.md) 24 | * [ ✅ 1 - Prior Art ](./sysops-associate/1-priorart.md) 25 | * [ ️️✅ 2 - Monitoring ](./sysops-associate/2-monitoring.md) 26 | * [ ✅ 3 - Provisioning ](./sysops-associate/3-provisioning.md) 27 | * [ ✅ 4 - High Availability ](./sysops-associate/4-elasticity-and-scale.md) 28 | * [ ✅ 5 - Storage & Data Management ](./sysops-associate/5-storage.md) 29 | * [ ✅️ 6 - Security & Compliance ](./sysops-associate/6-security.md) 30 | * [ ✅ 7 - Networking ](./sysops-associate/7-networking.md) 31 | * [ ️✅ 8 - Automation ](./sysops-associate/8-automation.md) 32 | 33 | ### Developer Associate 34 | 35 | * [ Exam Prep ](./developer-associate/exam-prep.md) 36 | * [ Practical Exercises ](./developer-associate/exam-prep.md) 37 | * [ Extra Reading ](./developer-associate/extra-reading.md) 38 | * [ ✅ Services ](./developer-associate/services.md) 39 | 40 | ### Well Architected 41 | 42 | * [🔵 1 - Being Well Architected]() 43 | * [️✅ 2 - The Framework](well-architected/the-framework.md) 44 | * [🔵 3 - The Framework At Work]() 45 | * [🔵 4 - Change is constant]() 46 | * [🔵 5 - Evaluating your design]() 47 | 48 | 116 | 117 | ### Key 118 | 119 | * ✅ — Done 120 | * ☑️ — In Progress 121 | * ⭐️ — Do next 122 | * 🔵 — For Later 123 | -------------------------------------------------------------------------------- /cloud-practitioner/3-billing-and-pricing.md: -------------------------------------------------------------------------------- 1 | # Billing & Pricing 2 | 3 | ## 1. Billing Principles / Overview 4 | 5 | General billing concepts / ideas. 6 | 7 | #### Capex vs Opex 8 | * **Capex**: Fixed upfront cost (static hosting) 9 | * **Opex:** Operational expenditure 10 | 11 | #### 4 Pricing Principles 12 | 1. Pay as you go 13 | 1. Pay for what you use 14 | 1. Pay less as you use more 15 | 1. Pay even less when you reserve capacity 16 | 17 | #### 5 Basic Pricing Policy 18 | 1. Pay as you go 19 | 1. Pay less when you reserve 20 | 1. Pay even less per unit by using more 21 | 1. Pay less when AWS grows 22 | 1. Custom pricing 23 | 24 | #### The 3 Primary Drivers Of Cost 25 | 1. Compute 26 | 1. Storage 27 | 1. Data (Outbound) 28 | 29 | #### The 4 Pricing Models 30 | 31 | 1. **On Demand** - Pay for what you use, no commitment. Good for urgent requirements. 32 | 1. **Reserved** - Reserved workloads for a given time, useful if you know your workload. Broken up into _standard_ (you can't change the instance type), _convertible_ (where you can change the class of your EC2 instances) and _scheduled_ (within time windows, good for more sporadic workloads). 33 | 1. **Spot** - Purchase spare capacity, up to market price. Works for flexible start and end times. You are not terminated for a partial hour if AWS disable an instance, you _will be_ if you terminate it. 34 | 1. **Dedicated** Hosts (for your use). Useful for regulatory requirements, and licensing needs. 35 | 36 | #### What is free? 37 | * VPC is free 38 | * Elastic Beanstalk 39 | * CloudFormation 40 | * IAM 41 | * AutoScaling 42 | 43 | ## 2. What Determines Pricing? 44 | You need to know the factors that affect pricing for the main services. 45 | 46 | #### For EC2... 47 | * Server Time 48 | * Instance Type 49 | * Pricing Model 50 | * Number of Instances 51 | * Load Balancing 52 | * Detailed Monitoring (polling every 1 minute) 53 | * Elastic IP's are paid 54 | 55 | #### For Lambda... 56 | 1. Per request ($0.20 per million requests) 57 | 1. Duration price 58 | 1. Data transfer cost (such as data in/out of S3) 59 | 60 | #### For EBS... 61 | * Volumes 62 | * Snapshots 63 | * Data Transfer 64 | 65 | #### For S3... 66 | 1. Storage Class (Glacier, etc) 67 | 1. Storage (Amount of files) 68 | 1. Requests () 69 | 1. Data Transfer (data in/out) 70 | 1. Transfer Acceleration + Cross Region Replication (settings which you can turn on) 71 | 72 | #### For Glacier... 73 | 1. Storage 74 | 1. Data Retrieval Time 75 | 76 | #### For Snowball... 77 | * 50TB $200 78 | * 80TB $250 79 | * First 10 days free (after that $15 a day) 80 | 81 | #### For RDS... 82 | * Time of server uptime 83 | * Instance Type 84 | * Number of instances 85 | * Storage (Provisioned / Additional) 86 | * Requests (and data transfer) 87 | 88 | #### DynamoDB 89 | * Write / Read 90 | * Amount Of Data Stored In DynamoDB 91 | 92 | ## 3. Billing Services / Tools 93 | 94 | The tools you can use to review / implement billing. 95 | 96 | #### Budgets vs Cost Explorer 97 | 98 | - **Budgets**: Forecasts costs _before_ they occur. 99 | - **Cost Explorer**: Costs _after_ they've occurred. 100 | 101 | #### Create a Billing alarm 102 | 103 | * Must be done in the `us-east-1` region 104 | * Emails are sent via SNS topic 105 | * You need to create an email subscription to SNS also 106 | 107 | #### Tags 108 | 109 | - Tags & Resource Groups 110 | - Can Create Resource Groups 111 | 112 | ## 4. AWS Organisations + Billing 113 | 114 | How AWS Organisations can affect / help with billing... 115 | 116 | #### Consolidated Billing 117 | 118 | - Used to consolidate billing across AWS accounts (Using AWS Organisations) 119 | - You have one paying account, so you get economies of scale (for using more) 120 | - Paying account cannot access other accounts (don't deploy into the paying account) 121 | - Billing alerts on a paying account include costs for all associated accounts 122 | - Billing alerts on individual accounts still work 123 | - MFA on root, and complex password on root 124 | 125 | #### AWS Cost Calculators 126 | 127 | - Simple Monthly Calculator (Basic Cost Calculations) 128 | - Calculate basic monthly costs based on resources 129 | - Total Cost of Ownership Calculator 130 | - Cost of on premise vs on AWS 131 | 132 | // TODO: 👷‍♀ https://awstcocalculator.com/ 133 | // TODO: 👷‍♀ Explore https://aws.amazon.com/calculator/calculator-faq/ 134 | // TODO: 👷‍♀ Experiemnt with these calculators 135 | -------------------------------------------------------------------------------- /advanced-networking/index.md: -------------------------------------------------------------------------------- 1 | ## Regions + Availability Zones 2 | 3 | ## DNS 4 | 5 | - You can use Route53 for DNS instead of IP if wanted 6 | - You can use CloudFront for additional caching 7 | 8 | ## VPC 9 | 10 | - A fully controlled network by you (resembles an on-prem network) 11 | - You cannot use a VPC without a subnet 12 | - A VPC is scoped to a single region 13 | - You can enable VPC flow logs for audit of network access 14 | - Managed service without VPC: S3, DynamoDB, AWS Lambda, API Gateway, SQS, SNS 15 | 16 | #### CIDR (Classless Interdomain Routing) 17 | 18 | - https://cidr.xyz/ 19 | - https://www.ipaddressguide.com/cidr 20 | - Syntax is the IP range and CIDR prefix `X.X.X.X/X` and the formula for the address range is: `2 ^ (32 - Prefix)` 21 | - AWS doesn't use class based routing (Class A, Class B, Class C) it uses the subnet mask prefix, e.g. `/26` 22 | - Considering IPv4 has 32 bits, for example `/16` means there are 16 bits available which is 2^16 which is 65,536. In short, the larger the prefix the fewer the available addresses for the network. 23 | 24 | ## Availability Zone 25 | 26 | - Use at least 2 availability zone 27 | - Subnets are in the AZ 28 | 29 | ## Nat Gateway 30 | 31 | - By default is created in a public subnet 32 | - Is AWS managed and scales automatically 33 | - Replaces the source IP addresses of the origin to it's own 34 | - Lives in the public subnet(?) 35 | 36 | ## Subnet 37 | 38 | - Exist in a single availability zone 39 | - There can be no overlapping IP addresses 40 | - Public subnets have internet gateway access 41 | - A load balancer can route to the private network 42 | 43 | ### Route Table 44 | 45 | - Is the attachment of the internet gateway 46 | - Has IP of entire VPC defined as the "local" network 47 | - Can attach to multiple subnets 48 | 49 | ### NACL 50 | 51 | - You need to define in and outbound 52 | - NACLs are stateless (doesn't remember traffic in and out) 53 | - Is the "2nd layer of defence" 54 | - Can attach to multiple subnets 55 | 56 | ### Security Group 57 | 58 | - Security groups are stateful (inbound and outbound) 59 | - All rules will be evaluated 60 | - There is no "DENY" in security groups 61 | 62 | ## Internet Gateway 63 | 64 | - You'll need an internet gateway in a subnet 65 | 66 | ## VPC Endpoint (Interface and Gateway) 67 | 68 | - VPC Endpoint Interface for Lambda SQS and SNS 69 | - VPC Endpoint Gateway for S3 and DynamoDB 70 | - Avoids the public internet for networking 71 | - You can connect to private resources like S3 and DynamoDB 72 | - S3 and DynamoDB has to be in the same region 73 | 74 | ## VPC Peering 75 | 76 | - Can reach from any machine to any machine 77 | - Connections are non-transitive 78 | - Private connectivity between two VPCs 79 | - VPC Peering flows through the AWS managed network 80 | - Flows through AWS managed network 81 | 82 | ## Private Link 83 | 84 | - Connects a private (on prem?) VPC to an AWS VPC 85 | - Expose VPC Endpoint to Network Load Balancer of Private VPC 86 | 87 | ## Transit Gateway 88 | 89 | - Solves the issue of transitive VPCs 90 | - Any VPC can connect to any VPC 91 | - Useful for hybrid connections 92 | - Also can be better than individual VPNs 93 | 94 | ## Virtual Private Gateway 95 | 96 | - Goes over the internet via VPN 97 | - Is called "site-to-site" connection 98 | 99 | ## Direct Connect 100 | 101 | - Is used as a substitute to Virtual Gateway + VPN 102 | - One of the most important service 103 | - A physical link to your corporate data center 104 | 105 | ## Notes 106 | 107 | - VPC has the larger block of addresses (CIDR block) 108 | - Private/Public resources 109 | - Lots of services are private 110 | - You can control the resources from the public console, but resources can be private 111 | - NACL (stateless firewalls, in and out traffic) 112 | - Subnet level firewalls 113 | - Security Group 114 | - Stateful firewall (traffic that leaves and returns) 115 | - Firewall (Stateful vs Stateless) 116 | - Stateful connects in and outbound requests 117 | - Stateless doesn’t connect inbound and outbound requests 118 | - VPC Peering links 119 | - Are not transitive (can’t go via another VPC) 120 | - IAM 121 | - Principal (person or application) 122 | - AWS Local Zone 123 | - Transit Gateway 124 | - VPC peering 125 | - Can be attached to VPN, Direct Connect 126 | - Amazon VPN (site-to-site) 127 | - Customer Gateway deployed on the customer side 128 | - Establish a connection between the on-prem customer gateway 129 | - AWS Wavelength Zone 130 | - 131 | - Virtual Gateway 132 | - 133 | - AWS Outposts 134 | - Can run EC2, EBS, S3, VPC + RDS 135 | - VPN CloudHub 136 | - Goes over the public internet 137 | - AWS Direct Connect Location 138 | - Like a hopping point into AWS 139 | - Can help improve performance (more expensive than VPN) 140 | 141 | ## Further Reading 142 | 143 | - What is AWS Direct Connect? 144 | - Are there any networking projects? 145 | - Difference between NACL and Route Table? -------------------------------------------------------------------------------- /sysops-associate/3-provisioning.md: -------------------------------------------------------------------------------- 1 | 2 | ## Provisioning an EC2 3 | 4 | - Choose an AMI: Redhat, Window, Pre-Installed Binaries 5 | - Choose a VPC: One is setup as the default. 6 | - Choosing a placement group: Allows you to physically locate machines near each other. 7 | - Assign IAM roles: Give access to resources 8 | 9 | ### EC2 States 10 | - Stopping vs Hibernating 11 | - Hibernate does no lose RAM 12 | - Spot instances are significantly discounted (up to 60% off) 13 | - Will close if exceeding your max price 14 | - Will close if not enough instances available 15 | - Not good for high availability 16 | 17 | ### IAM roles 18 | - Enable EC2 to access AWS resources 19 | - DB or S3, for instance 20 | 21 | ### Shutdown Behaviour 22 | - OS stop behaviour 23 | - Define what happens when you stop an instance 24 | - Enable termination protection 25 | - Prevent unwanted deletion of a resource 26 | 27 | ### CloudWatch 28 | - Metrics on a 5 minute schedule 29 | - Detailed monitoring can be toggled (for a cost) to run every minute 30 | - You can get more fine grained metrics with custom metrics 31 | 32 | ### Shared Tenancy 33 | - Can configure dedicated instance (at additional cost) 34 | - Advanced User Data 35 | - Used for running startup commands 36 | - `#!/bin/bash` <— For the interpreter to know what shell to use (shebang) 37 | Allows you to run start up scripts for your machine 38 | 39 | ### Volume Mounting 40 | 41 | - Can mount a volume 42 | 43 | ### Security Groups 44 | 45 | - Firewall rules 46 | - Decide on traffic in and out of an instance 47 | 48 | ### Launch Log 49 | 50 | - Not too sure what this is? 51 | 52 | ### EC2 Launch Issues 53 | - InstanceLimitExceeded 54 | - You’ve maxed your instance count (25 default) 55 | - InsufficientCapacityError 56 | - No more machines in AWS 57 | - Can mitigate by: 58 | - Wait and trying again 59 | - Request fewer machines 60 | - Change the instance type 61 | - Reserve instances 62 | - Don’t specify the AZ 63 | 64 | --- 65 | 66 | ## EBS Provisioning 67 | 68 | - Can be used for storage volumes 69 | - Used for databases 70 | - Used for operating systems 71 | - Two Types of SSD 72 | - GP2 73 | - General Purpose SSD 74 | - Min 100 iOPS + more per GB of memory up to 16,000 IOPS max 75 | - Io1 76 | - 50 IOPS per GB 77 | - A max of 64,000 IOPS 78 | - 6x the IOPS of general purpose 79 | - Running out of IOPS 80 | - When you run out of IOPS you create a queue 81 | - This can drastically slow down your application 82 | - Remedy: Increase volume size, Switch to provisioned IOPS 83 | 84 | --- 85 | 86 | ## Elastic Load Balancer 87 | - Steps to deploy an ELB 88 | - Go to EC2 89 | - `#!/bin/bash (shebang for the interpreter)` 90 | - Add HTTP port 80 for web traffic (0.0.0.0) inbound 91 | - Don’t open 0.0.0.0 to everyone for SSH, instead use VPN or a custom IP 92 | - Create load balancer from within EC2 console 93 | - App load balancer using layer 4 94 | - Name the ALB 95 | - Select availability zones 96 | - Use security group that has inbound :80 traffic 97 | - Setup a health check URL (can use index.html) 98 | - Select registered targets for the ALB 99 | - ALB will then be shown as active 100 | 101 | ### 3 Types of Load Balancer 102 | - Application Load Balancer 103 | - Operates at Layer 7 (application layer) 104 | - Content based routing (reads packets) 105 | - Advanced request routing (based on headers etc) 106 | - Specific requests go to specific servers 107 | - Network Load Balancer 108 | - Operates at layer 4 (Transport) 109 | - TCP level load balancing 110 | - Ultra low latency 111 | - Classic Load Balancer 112 | - Legacy (ignore largely) 113 | - Does both network and app load balancing 114 | - Research the OSI layers model 115 | - I’m really interested in best practices for VPC’s 116 | 117 | ## ELB Provisioning 118 | - ELB pre-warming 119 | - Can be done by contacting AWS 120 | - Tell them: 121 | - Traffic expected, 122 | - Start and end date 123 | - RPS and average request size 124 | - ELB and static IP’s 125 | - ALB scales and the IP changes 126 | - Network load balancers can have elastic IP’s 127 | 128 | ### ELB Errors 129 | - 400 — Malformed 130 | - 401 — Access Denied 131 | - 403 — Request Forbidden 132 | - 460 — Closed connection 133 | - 463 — X-Forwarded-For (has more than 30 IP addresses) 134 | - 500 — Internal Server Error 135 | - 502 — Bad gateway 136 | - 503 — No registered target 137 | - 504 — Gateway Timeout 138 | - 561 — Unauthorised (ID provider) 139 | 140 | --- 141 | ## AWS Systems Manager 142 | - Visibility and control of AWS infrastructure 143 | - Integrates with CloudWatch 144 | - Run commands (tasks) such as patching 145 | - Organise inventory grouping resources together by application or environment 146 | - Seems quite configuration management-y 147 | 148 | ### Run Command 149 | - Can be used to stop/start an EC2 150 | - Run playbooks (such as Ansible) 151 | - Attach EBS volumes 152 | 153 | ### Find Resources 154 | - Serach by tag 155 | - Save as resource group if needed (for ease of later use) 156 | 157 | ### Insights 158 | - Config, cloudtrail, personal health dashboard, trusted advisor 159 | 160 | ### Personal Health 161 | - Issues with AWS 162 | - Issues that could affect your infrastructure (AWS infra issues for instance) 163 | - Can view all events (for all regions) 164 | 165 | #### Trusted Advisor 166 | - Cost optimising 167 | - Security 168 | - Recommended actions 169 | - Alerts if you’re near resource limits (VPC’s etc) 170 | - Idle resource indications 171 | 172 | ### Cloudwatch Dashboards 173 | - Quickly see 174 | 175 | ### Inventory 176 | - High level view of the sources 177 | 178 | ### Automation 179 | - Automate tasks 180 | - Back ups 181 | - Stop instances 182 | - Do all automation (or one by one) 183 | - Parameter store 184 | - Secrets + Configuration data management 185 | - Central encryption 186 | 187 | --- 188 | 189 | ## Bastion Provisioning 190 | - What is a Bastion? 191 | - Also called a “jump box”. 192 | - Typically hosted in public subnet (or open network accessible). 193 | - Don’t expose EC2 to the internet directly. 194 | - You should lock down Bastion to only accept traffic from single IP’s. 195 | - Only expose SSH access (ports) on your Bastion 196 | -------------------------------------------------------------------------------- /sysops-associate/2-monitoring.md: -------------------------------------------------------------------------------- 1 | 2 | ### EC2 Custom vs Out-Of-The-Box Metrics 3 | - Standard metric time for EC2 cloudwatch metrics is 5 minutes 4 | - Detailed monitoring is 1 minute 5 | - High resolution monitoring allows faster resolution (can be as low as 1 second) 6 | 7 | ### EC2 CloudWatch metrics out-of-the-box 8 | - CPU 9 | - Network 10 | - Disk 11 | - Status Check 12 | 13 | **Note:** RAM is a custom metric 14 | 15 | ### Setting up a Custom EC2 Metric 16 | - Install the cloudwatch agent on your machine (using user data startup script) 17 | - You use a user data script to configure your EC2 18 | - User data scripts must provider their interpreter (Use a shebang (#!/bin/bash) 19 | - Scripts are executed as root 20 | - On Ubuntu you can run this as a crontab (put a shell script into a cron folder) 21 | 22 | ### The Four EC2 Pricing Models 23 | - On Demand 24 | - Reserved 25 | - Has an Upfront price (fixed cost) 26 | - 3 year term (check this?) 27 | - Useful for repeating resources (day/week/year) 28 | - Spot 29 | - Very low prices 30 | - Dedicated 31 | - No virtualisation with other tenants 32 | - Good for certain licenses (Oracle) 33 | 34 | ### EBS, The 4 Volume Types 35 | - Solid State Drives (They’re expensive, but much quicker) 36 | - GP2 37 | - Is a general purpose volume (generic use cases) 38 | - Up to 10,000 iops 39 | - Performance is linked to the size of the volume 40 | - Allows IOPS bursting 41 | - IO1 42 | - Highest performance volume 43 | - Mission critical stuff 44 | - Provisioned IOPS 45 | - Used for high throughput databases etc 46 | - Hard Disk Drives (They’re cheaper, but performance is massively reduced) 47 | - ST1 48 | - Can’t be boot, quite slow still 49 | - Big data (non-production, but still performant) 50 | - SC1 51 | - Basically for very low cost (but slow) 52 | - Used for large and infrequent access 53 | - Has a lower storage cost 54 | 55 | ### EBS Volume Pre-Warming 56 | - Pre-warming is an optimisation to prevent cold access of EBS blocks 57 | - There is no need to warm EBS any more unless you’re restoring from S3, where you may want to pre-warm as each accessed block will have a “first touch penalty”. 58 | - You can warm EBS with a bash command that touches all files internally 59 | - Use the dd or fio command and read all files to /dev/null as a pre-warming process. 60 | 61 | ### EBS Cloudwatch 62 | - Read/Writeops (I/O operations per second) 63 | - Amount of IOPS per second 64 | - Queue length 65 | - You really don’t want anything queuing 66 | 67 | ### The Four EBS Volume Statuses 68 | - OK — Volume is running fine 69 | - Warning — Degraded performance, pushing to queue? 70 | - Impaired — Not working, maybe I/O is disabled? 71 | - Insufficient Data — Not enough data! 72 | 73 | **Applying changes:** When you modify block storage, you might need to adjust your OS to see the higher volume size. You can also apply changes whilst the EBS is running. 74 | 75 | ### ELBs 76 | - ELB have listeners (for connections using defined protocol and ports) 77 | - Register health checks on the ELB to ensure that service health (before routing) 78 | - You can load balance across regular instances and serverless 79 | - By default load balancers distribute across specified AZ’s 80 | 81 | ### Types of ELB 82 | - Application Load Balancer 83 | - Supports path based routing 84 | - Can forward requests with modified headers (operates at application level) 85 | - Network Load Balancer 86 | - Transport layer routing (TCP/SSL) 87 | - Very fast, millions of RPS 88 | - Forwards requests without modifying headers (it can’t) 89 | - For very low latency needs 90 | - Classic Load Balancer (to be deprecated) 91 | - Supports sticky sessions (using app generated cookies) 92 | - Ephemeral ports? 93 | 94 | ### Monitoring ELB 95 | - Cloud Watch (for 4/5xx’s, healthy hosts count) 96 | - Access Logs (are disabled by default) 97 | - They dump to S3 so can be hard to analyse (require 3rd party tool) 98 | - Request Tracing 99 | - They’re good because they can access data after an ELB scales down 100 | - Adds a header to requests before sending on (so they can be correlated) 101 | 102 | ### Cloudwatch Dashboards 103 | - Dashboards aren’t regional specific 104 | - Can add lines, stacks, numbers and charts 105 | - View data usage, memory 106 | - Remember to save your dashboard 107 | 108 | ### Creating a Billing Alarm 109 | - You can setup a threshold when you want to be alerted 110 | - Create people who are to be alerted 111 | 112 | ###CloudWatch Vs CloudTrail vs Config 113 | - Cloudwatch 114 | - For logs and monitoring of applications (performance monitoring) 115 | - CloudTrail 116 | - Allows you to see what changes have been made to the AWS API 117 | - Config 118 | - Records the state of AWS environments 119 | 120 | ### Elasticache monitoring metrics 121 | - CPU utilisation 122 | - Swap usage 123 | - You don’t want to be using the swap file 124 | - Usually equal to the size of your general elasticache 125 | - Evictions 126 | - When an old piece of memory is swapped with a newer 127 | - Concurrent connections 128 | - Find out if you are not releasing connections properly (assumed same as RDS) 129 | 130 | ### AWS Organisations 131 | - Purpose of AWS orgs 132 | - AWS Organisations allow you to manage multiple AWS accounts 133 | - You can apply policies to your organisation that allow you to control access to AWS accounts 134 | - You can automate account access / creation 135 | - Can group accounts (departments, business functions etc) 136 | - Used to consolidate billing across different accounts 137 | - Can restrict what services people use 138 | 139 | ### Tags & Resource Groups 140 | - Tags are key / value pairs (same as resources) 141 | - Resource groups are groups of tagged resources 142 | - AWS systems manager 143 | 144 | ### AWS Config? 145 | - Is a management tool that records configuration changes 146 | - Is regional (needs to be turned on a per region basis) 147 | - Can schedule a lambda to be triggered on config change 148 | - Pipes results into S3 for analysis later 149 | - Can trigger periodically or on change 150 | - You can have up to 40 managed rules 151 | - Config needs read access to resources it’s tracking 152 | - Needs publish access to SNS to trigger notifications 153 | 154 | ### Questions 155 | * What is AWS Config? 156 | * Read: https://aws.amazon.com/config/faq/ 157 | * How to setup a billing alarm? 158 | * Understand resource groups better 159 | * Understand AWS config better 160 | -------------------------------------------------------------------------------- /advanced-networking/2-networking-refresher.md: -------------------------------------------------------------------------------- 1 | 2 | # The OSI Model: 7 Layers 3 | 4 | 1. **Physical** 5 | - Very little intelligence. 6 | - Uses a defined electrical format (voltage, etc). 7 | - It is the cabling between 8 | - Don't know each other (just data on a wire) 9 | - Ethernet and Wifi are physical layer protocols (but they're totally different) 10 | 1. **Data Link** 11 | - Can talk from machine to machine 12 | - Talk using MAC address 13 | - Uses frames to communicate 14 | - Handles sequencing and flow control (how much data is transferred) 15 | - Handles data correction (such as if corrupted by the physical layer) 16 | - Can also re-order frames if needed. 17 | 1. **Network** 18 | - Packes are used here 19 | - Computers are talking via IP at this point 20 | - No error checking happenings at this level (ICMP, IP) 21 | 1. **Transport** 22 | - Uses segments (or data segment) 23 | - Can also handle error control 24 | - TCP and IP operate at this level 25 | 1. **Sesssion** 26 | - We add the concept of on-going sessions here 27 | - This is the layer that controls long-lived connections 28 | - Handles the perception of a connection 29 | - Handles ports (e.g. UDP and DNS @ 53, TCP for HTTP @ 80) 30 | - Ports allow multiple services to be addressed on one host (not possible at lower layers) 31 | 1. **Presentation** 32 | - ???? 33 | 1. **Application** 34 | - Where the application protocols are added 35 | - Devices don't know that it's TCP, they just see data over a port 36 | 37 | 38 | ### How does data communicate between layers? 39 | 40 | Note: 41 | - Layers don't know whats happening up and down 42 | - Layer 4 talks to layer 4 across computers 43 | 44 | **Encapsulation:** How data is wrapped and passed down/up the stack 45 | 46 | - Application (Basic Data): `[DATA]` 47 | - Session (Segment) `[[DATA] + TCP HEADER (SRC / DEST PORT)]` 48 | - Network (IP Packet) `[[[DATA] + TCP HEADER (SRC / DEST PORT)] + IP ]` 49 | - DataLink (Ethernet Frame) `[[[DATA] + TCP HEADER (SRC / DEST PORT)] + IP ] + MAC]` 50 | - Physical (Binary) `0101010010` 51 | 52 | # IPV4 53 | 54 | - IPV4 is the fourth generation of the IP 55 | - IP is _connectionless_, it has no notion of ports, sessions. Simply sends data from point A to point B 56 | - IP is 32 bit binary (4x octet blocks) usually converted to the 256 numbers 57 | 58 | **Host vs Network Mask** 59 | - Part represents the network and the host side of the address 60 | - Netmasks distinguish between the host and the network side (represented in decimal or binary) 61 | 62 | ## Understanding Subnet Masks (& Network Size) 63 | 64 | The netmasks is: The number of bits out of 32 (8 x 4) that are given to the network. 65 | 66 | Usually subnet masks are: `/24`, `/16` or `/8` (but don't have to be these are your class A,B,C). 67 | 68 | Remember: A `/3` netmask gives internal addresses double the space of a `/2`. Which in turn gives double the space of a `/1` netmask. This occurs because you're giving up one extra bit (which creates a X^2 increase in address range to your local network). 69 | 70 | You _could_ use different network masks, such as: `/22` 71 | 72 | ### Class A,B,C networks 73 | 74 | ### 255.255.255.0 = /24 75 | 76 | - class C network (3rd 8bit block) 77 | - 24 bits for network 78 | - 8 bits for the host 79 | - Total space for host = [2^8 = 256 addresses] 80 | 81 | #### 255.255.0.0 = /16 82 | - class B network (2nd 8 bit block) 83 | - 16 bits for network 84 | - 16 bits for the host 85 | - Total space for host = [2^16 = 65536 addresses] 86 | 87 | #### 255.0.0.0 = /8 88 | - class A network (1st 8bit block) 89 | - 8 bits for network 90 | - 24 bits for the host 91 | - Total space for host = [2^24 = 16777216 addresses] 92 | 93 | ### Dividing up subnets 94 | 95 | If you wanted to work with logically divide a network you can use subnets. To have multiple subnets you can simply chop a subnet in half (and so on). 96 | 97 | e.g. if you're given `10.0.0.0` —> `10.0.0.256` with a /24 subnet mask you could chop it up into: 98 | 99 | **4 x /25 addresses** 100 | 101 | Simply divide in two: 102 | 103 | - `10.0.0.0` —> `10.0.0.127` 104 | - `10.0.0.128` —> `10.0.0.255` 105 | 106 | **2 x /26 addresses** 107 | 108 | Or divide in four: 109 | 110 | - `10.0.0.0` —> `10.0.0..63` 111 | - `10.0.0.64` —> `10.0.0.127` 112 | - `10.0.0.128` —> `10.0.0.192` 113 | - `10.0.0.192` —> `10.0.0.255` 114 | 115 | You can do this subnet splitting all the way down ( 🐢🐢🐢 ) 116 | 117 | ### Route Tables (Supernetting) 118 | - A route table links networks to one another (next hop) 119 | - You can hardcode _static_ IP's to the route table or you can use _dynamic_ addressing (through various algorithms) 120 | - If address not found it goes to default route (0.0.0.0) and hops out of the network 121 | - *Supernetting* allows multiple route table entries to be grouped together to avoid duplicated entries 122 | 123 | ### Network Address Translation 124 | - A NAT maps publically available addresses to internal addresses 125 | - Allows you to share a public IP amongst many internal IP's 126 | - NAT Gateways are stateful so remember the outgoing requests and can map return traffic 127 | - Home routers use NAT to link your network (local) to public 128 | 129 | ### VLAN 130 | - Logically group together machines on a network so they can communicate across a network that has _physical_ access to all other machines 131 | - VLAN's are implemented in the packet routing devices (such as switches or trunks) 132 | - VLANS ensure that only certain computers can talk to each other 133 | 134 | ### DNS Basics 135 | - TLD's are governed by IANA 136 | - Nominet handles the UK domains 137 | - DNS operates an inverted tree structure (root servers, ~300) 138 | - Root servers are accessed via Anycast 139 | - Authoritative servers have the current up to date information 140 | - Some servers are purely cache, not authoritative 141 | - TTL is a suggsetion, not a mandate 142 | - A recursive query is one that is resolved by the server on the requestors behalf 143 | 144 | 145 | ## Questions 146 | - How are netmasks passed as part of the IP protocol? 147 | - What is the broadcast / network address? 148 | - Why are broadcast / network addresses the same IP's? 149 | - Why would you want more than 1 public IP if you can use NAT GW's? 150 | - What are the "two bits" at the start of a network range (when subnetting) 151 | - Why are route tables needed? 152 | - How does supernetting really work? 153 | - How does NAT translation work (where is the tag stored in the frame/packet)? 154 | - Is a trunk a physical device? Why use one instead of a switch etc? 155 | - What is Anycast? 156 | - Research recursive vs non-recursive DNS look ups 157 | -------------------------------------------------------------------------------- /docs/advanced-networking/2-networking-refresher.md: -------------------------------------------------------------------------------- 1 | 2 | # The OSI Model: 7 Layers 3 | 4 | 1. **Physical** 5 | - Very little intelligence. 6 | - Uses a defined electrical format (voltage, etc). 7 | - It is the cabling between 8 | - Don't know each other (just data on a wire) 9 | - Ethernet and Wifi are physical layer protocols (but they're totally different) 10 | 1. **Data Link** 11 | - Can talk from machine to machine 12 | - Talk using MAC address 13 | - Uses frames to communicate 14 | - Handles sequencing and flow control (how much data is transferred) 15 | - Handles data correction (such as if corrupted by the physical layer) 16 | - Can also re-order frames if needed. 17 | 1. **Network** 18 | - Packes are used here 19 | - Computers are talking via IP at this point 20 | - No error checking happenings at this level (ICMP, IP) 21 | 1. **Transport** 22 | - Uses segments (or data segment) 23 | - Can also handle error control 24 | - TCP and IP operate at this level 25 | 1. **Sesssion** 26 | - We add the concept of on-going sessions here 27 | - This is the layer that controls long-lived connections 28 | - Handles the perception of a connection 29 | - Handles ports (e.g. UDP and DNS @ 53, TCP for HTTP @ 80) 30 | - Ports allow multiple services to be addressed on one host (not possible at lower layers) 31 | 1. **Presentation** 32 | - ???? 33 | 1. **Application** 34 | - Where the application protocols are added 35 | - Devices don't know that it's TCP, they just see data over a port 36 | 37 | 38 | ### How does data communicate between layers? 39 | 40 | Note: 41 | - Layers don't know whats happening up and down 42 | - Layer 4 talks to layer 4 across computers 43 | 44 | **Encapsulation:** How data is wrapped and passed down/up the stack 45 | 46 | - Application (Basic Data): `[DATA]` 47 | - Session (Segment) `[[DATA] + TCP HEADER (SRC / DEST PORT)]` 48 | - Network (IP Packet) `[[[DATA] + TCP HEADER (SRC / DEST PORT)] + IP ]` 49 | - DataLink (Ethernet Frame) `[[[DATA] + TCP HEADER (SRC / DEST PORT)] + IP ] + MAC]` 50 | - Physical (Binary) `0101010010` 51 | 52 | # IPV4 53 | 54 | - IPV4 is the fourth generation of the IP 55 | - IP is _connectionless_, it has no notion of ports, sessions. Simply sends data from point A to point B 56 | - IP is 32 bit binary (4x octet blocks) usually converted to the 256 numbers 57 | 58 | **Host vs Network Mask** 59 | - Part represents the network and the host side of the address 60 | - Netmasks distinguish between the host and the network side (represented in decimal or binary) 61 | 62 | ## Understanding Subnet Masks (& Network Size) 63 | 64 | The netmasks is: The number of bits out of 32 (8 x 4) that are given to the network. 65 | 66 | Usually subnet masks are: `/24`, `/16` or `/8` (but don't have to be these are your class A,B,C). 67 | 68 | Remember: A `/3` netmask gives internal addresses double the space of a `/2`. Which in turn gives double the space of a `/1` netmask. This occurs because you're giving up one extra bit (which creates a X^2 increase in address range to your local network). 69 | 70 | You _could_ use different network masks, such as: `/22` 71 | 72 | ### Class A,B,C networks 73 | 74 | ### 255.255.255.0 = /24 75 | 76 | - class C network (3rd 8bit block) 77 | - 24 bits for network 78 | - 8 bits for the host 79 | - Total space for host = [2^8 = 256 addresses] 80 | 81 | #### 255.255.0.0 = /16 82 | - class B network (2nd 8 bit block) 83 | - 16 bits for network 84 | - 16 bits for the host 85 | - Total space for host = [2^16 = 65536 addresses] 86 | 87 | #### 255.0.0.0 = /8 88 | - class A network (1st 8bit block) 89 | - 8 bits for network 90 | - 24 bits for the host 91 | - Total space for host = [2^24 = 16777216 addresses] 92 | 93 | ### Dividing up subnets 94 | 95 | If you wanted to work with logically divide a network you can use subnets. To have multiple subnets you can simply chop a subnet in half (and so on). 96 | 97 | e.g. if you're given `10.0.0.0` —> `10.0.0.256` with a /24 subnet mask you could chop it up into: 98 | 99 | **4 x /25 addresses** 100 | 101 | Simply divide in two: 102 | 103 | - `10.0.0.0` —> `10.0.0.127` 104 | - `10.0.0.128` —> `10.0.0.255` 105 | 106 | **2 x /26 addresses** 107 | 108 | Or divide in four: 109 | 110 | - `10.0.0.0` —> `10.0.0..63` 111 | - `10.0.0.64` —> `10.0.0.127` 112 | - `10.0.0.128` —> `10.0.0.192` 113 | - `10.0.0.192` —> `10.0.0.255` 114 | 115 | You can do this subnet splitting all the way down ( 🐢🐢🐢 ) 116 | 117 | ### Route Tables (Supernetting) 118 | - A route table links networks to one another (next hop) 119 | - You can hardcode _static_ IP's to the route table or you can use _dynamic_ addressing (through various algorithms) 120 | - If address not found it goes to default route (0.0.0.0) and hops out of the network 121 | - *Supernetting* allows multiple route table entries to be grouped together to avoid duplicated entries 122 | 123 | ### Network Address Translation 124 | - A NAT maps publically available addresses to internal addresses 125 | - Allows you to share a public IP amongst many internal IP's 126 | - NAT Gateways are stateful so remember the outgoing requests and can map return traffic 127 | - Home routers use NAT to link your network (local) to public 128 | 129 | ### VLAN 130 | - Logically group together machines on a network so they can communicate across a network that has _physical_ access to all other machines 131 | - VLAN's are implemented in the packet routing devices (such as switches or trunks) 132 | - VLANS ensure that only certain computers can talk to each other 133 | 134 | ### DNS Basics 135 | - TLD's are governed by IANA 136 | - Nominet handles the UK domains 137 | - DNS operates an inverted tree structure (root servers, ~300) 138 | - Root servers are accessed via Anycast 139 | - Authoritative servers have the current up to date information 140 | - Some servers are purely cache, not authoritative 141 | - TTL is a suggsetion, not a mandate 142 | - A recursive query is one that is resolved by the server on the requestors behalf 143 | 144 | 145 | ## Questions 146 | - How are netmasks passed as part of the IP protocol? 147 | - What is the broadcast / network address? 148 | - Why are broadcast / network addresses the same IP's? 149 | - Why would you want more than 1 public IP if you can use NAT GW's? 150 | - What are the "two bits" at the start of a network range (when subnetting) 151 | - Why are route tables needed? 152 | - How does supernetting really work? 153 | - How does NAT translation work (where is the tag stored in the frame/packet)? 154 | - Is a trunk a physical device? Why use one instead of a switch etc? 155 | - What is Anycast? 156 | - Research recursive vs non-recursive DNS look ups 157 | -------------------------------------------------------------------------------- /sysops-associate/7-networking.md: -------------------------------------------------------------------------------- 1 | # Part 7a: Networking (VPC) 2 | 3 | Need to be able to build out a VPC from scratch (and memory) 4 | 5 | ## What is a VPC? 6 | * A VPC can be thought of as a virtual data center in the cloud 7 | * A VPC is logically isolated and completely controls IP’s and gateways 8 | * A VPC can have public and private networks 9 | * A VPC can be between on prem and virtual 10 | * You can have 5 VPC’s per account on account creation (you can ask for more) 11 | * You can only attach one internet gateway to a VPC 12 | * Allows you fine-grained control of your network 13 | 14 | ## Connecting to a VPC 15 | 16 | There are two main ways to connect to a VPC 17 | 18 | * Via an Internet Gateway 19 | * Via a Virtual Private Gateway (Apparently this is a VPN really?) 20 | 21 | ## Components of a VPC (Subnet, AZ, Route Table, NACL, VPG, Security Groups) 22 | * Subnets live in Availability Zones 23 | * Security groups are then assigned —> subnets 24 | * Route tables are what connects subnets 25 | * A NACL (Network Access Control List) 26 | * Security groups are stateful 27 | 28 | ## VPC Peering 29 | * You can connect a VPC with another (through peering) 30 | * VPC’s then behave like they’re on the same network 31 | * VPC’s are not transitatively peered (peers of peers do not have access) 32 | * Peering is always hub and spoke (one central hub, with many peers) 33 | 34 | ## Creating a VPC 35 | 36 | * Under Network & Content Delivery 37 | * Choose your CIDR block range 38 | * Creating a VPC creates the following: 39 | * A route table 40 | * A Network Access Control List (NACL) 41 | * Allowing all inbound traffic by default 42 | * Creating a VPC does not create... 43 | * Subnets 44 | * Creating subnets 45 | * Set the name 46 | * Set the address range 47 | * Set the AZ (subnets must live in AZ’s) 48 | * Create an internet gateway 49 | * Needs to be attached manually to your VPC 50 | * You can have one internet gateway per VPC (no more!) 51 | * Create a security group (for a private resource such as a DB) 52 | * Set the source as custom (from your CIDR address range) 53 | * SSH / HTTP / HTTPS / ICMP 54 | 55 | ## AWS IP address ranges 56 | * First 4 and last 1 IP’s are reserved for different reasons. 57 | 58 | ## What is a NAT gateway? 59 | * A NAT instance is a way to get traffic from a private network out to the internet. 60 | * NAT instances are useful for things like database patching (which is required on private network machines) 61 | 62 | ## NAT instances vs NAT gateways 63 | 64 | * You can create a NAT instance from an amazon AMI 65 | * Disable source / destination check for the NAT (A NAT is not the source or destination of traffic) 66 | * You create a route table for your NAT gateway which proxies traffic out to the internet from a private instance 67 | * Would need to monitor bandwidth (like a typical instance) 68 | * Can also use your NAT gateway as a Bastion (seems like a bit of a hack to me) 69 | * EGRESS only internet gateway 70 | * Nat Gateway 71 | * Don’t have to worry about patching OS 72 | * Supported up to 10GB/s 73 | * Is a component that is in VPC panel within AWS 74 | * Built to be highly available (need one in each AZ for high availability) 75 | * READ: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-comparison.html 76 | 77 | ## Network ACL’s and Security Groups 78 | * What is a NACL? 79 | * Add ACL rules with increments of 100 (to give you room in between) 80 | * Allow internet from anywhere with 0.0.0.0/0 81 | * You can only associate a subnet to a single Network Access Control List 82 | * Newly created private NACL’s will be closed off to the internet (unlike ones given out of the box when you created a new VPC) 83 | * You need to associate your NACL with your subnet 84 | * Rules for NACL’s are evaluated in numerical order 85 | * You should number each rule in increments of 100 (so that you’ve got some wiggle room) 86 | * NACL’s are a way to block specific IP’s and IP ranges. 87 | * NACL’s are assessed before security groups 88 | * VPC comes with a default NACL (that allows all inbound and outbound traffic) 89 | * Custom written NACL’s allow no traffic in or out 90 | * Not associating a subnet with an NACL 91 | * Network ACL’s are stateless 92 | * You can block IP’s using ACL’s not security groups 93 | 94 | ## VPC Endpoints 95 | * Keeps traffic in the private network (without going over the public) 96 | * Basically two AWS resources can talk to each other 97 | 98 | ## VPC Flow Logs 99 | * Go to your VPC and toggle on if you want 100 | * IP traffic going to and from network interfaces in a VPC 101 | * Can be at different levels: 102 | * VPC 103 | * Subnet 104 | * Network interface level 105 | * Can stream logs to Lambda (so you can proactively react) or elastic search 106 | * Note: Doesn’t log all traffic as some is between AWS resources (Route 53, VPC router etc) 107 | 108 | ## VPC Clean Up 109 | * Clean up all resources first (such as EC2’s) 110 | * Delete NAT Gateways 111 | * Delete Internet Gateways 112 | * Delete VPC Endpoints 113 | 114 | # Part 7b: Networking (DNS) 115 | 116 | * TLD’s are controlled by the IANA. Route 53 naming — DNS works on route 53, which is the origin of the name. The TTL is the time that the resource lives, you want this to be low if you’re making changes. 117 | 118 | ## Types of DNS records 119 | 120 | * SOA 121 | * Name of the server that supplied the data 122 | * NS 123 | * Domain registrar points to the name servers (where the routing records are) 124 | * Multiple TLD NS records (to protect from outages) 125 | * A 126 | * Most fundamental type of record 127 | * Stands for address 128 | * Simply translates the name to an address 129 | * CNAME 130 | * Resolves one domain to another 131 | * These cannot be used for naked domain names 132 | * ALIAS (unique to Route53) 133 | * Map record sets to elastic load balancers 134 | * Can be used for naked domains 135 | * Useful as Amazon can update resource records (so you don’t have to) 136 | * Basically AWS manage the IP to host mapping! 137 | 138 | ## Routing Policies 139 | 140 | * Simple 141 | * Can only have a single record 142 | * If you want multiple values, you can, but they’re chosen at random 143 | * Despite being random, it could be cached at DNS, so you’ll get the same 144 | * Weighted Routing 145 | * When you have two resources (and want a failover) you assign a weighted policy for speed, but have the second as fallback. 146 | * Weighting: A number (these are all added up) i.e 20 + 20 = 50% each. 147 | * Set ID: Unique value for that weighted record 148 | * Latency Based Routing 149 | * Can’t have latency or weighted together 150 | * Route based on lowest latency region 151 | * Failover Based Routing 152 | * How you can setup active/passive routing 153 | * Uses a health check to ensure that your site is up in a given region 154 | * Create a health check from within Route53 (didn’t know you could do this!) 155 | * Geolocation Routing Policy 156 | * Point different location based customers to different sites 157 | * Multivalue answer 158 | * Balances across two resources 159 | 160 | ## Questions 161 | * What does a default VPC come with? 162 | -------------------------------------------------------------------------------- /docs/gitbook/gitbook-plugin-search/search.js: -------------------------------------------------------------------------------- 1 | require([ 2 | 'gitbook', 3 | 'jquery' 4 | ], function(gitbook, $) { 5 | var MAX_RESULTS = 15; 6 | var MAX_DESCRIPTION_SIZE = 500; 7 | 8 | var usePushState = (typeof history.pushState !== 'undefined'); 9 | 10 | // DOM Elements 11 | var $body = $('body'); 12 | var $bookSearchResults; 13 | var $searchInput; 14 | var $searchList; 15 | var $searchTitle; 16 | var $searchResultsCount; 17 | var $searchQuery; 18 | 19 | // Throttle search 20 | function throttle(fn, wait) { 21 | var timeout; 22 | 23 | return function() { 24 | var ctx = this, args = arguments; 25 | if (!timeout) { 26 | timeout = setTimeout(function() { 27 | timeout = null; 28 | fn.apply(ctx, args); 29 | }, wait); 30 | } 31 | }; 32 | } 33 | 34 | function displayResults(res) { 35 | $bookSearchResults.addClass('open'); 36 | 37 | var noResults = res.count == 0; 38 | $bookSearchResults.toggleClass('no-results', noResults); 39 | 40 | // Clear old results 41 | $searchList.empty(); 42 | 43 | // Display title for research 44 | $searchResultsCount.text(res.count); 45 | $searchQuery.text(res.query); 46 | 47 | // Create an
  • element for each result 48 | res.results.forEach(function(res) { 49 | var $li = $('
  • ', { 50 | 'class': 'search-results-item' 51 | }); 52 | 53 | var $title = $('

    '); 54 | 55 | var $link = $('', { 56 | 'href': gitbook.state.basePath + '/' + res.url, 57 | 'text': res.title 58 | }); 59 | 60 | var content = res.body.trim(); 61 | if (content.length > MAX_DESCRIPTION_SIZE) { 62 | content = content.slice(0, MAX_DESCRIPTION_SIZE).trim()+'...'; 63 | } 64 | var $content = $('

    ').html(content); 65 | 66 | $link.appendTo($title); 67 | $title.appendTo($li); 68 | $content.appendTo($li); 69 | $li.appendTo($searchList); 70 | }); 71 | } 72 | 73 | function launchSearch(q) { 74 | // Add class for loading 75 | $body.addClass('with-search'); 76 | $body.addClass('search-loading'); 77 | 78 | // Launch search query 79 | throttle(gitbook.search.query(q, 0, MAX_RESULTS) 80 | .then(function(results) { 81 | displayResults(results); 82 | }) 83 | .always(function() { 84 | $body.removeClass('search-loading'); 85 | }), 1000); 86 | } 87 | 88 | function closeSearch() { 89 | $body.removeClass('with-search'); 90 | $bookSearchResults.removeClass('open'); 91 | } 92 | 93 | function launchSearchFromQueryString() { 94 | var q = getParameterByName('q'); 95 | if (q && q.length > 0) { 96 | // Update search input 97 | $searchInput.val(q); 98 | 99 | // Launch search 100 | launchSearch(q); 101 | } 102 | } 103 | 104 | function bindSearch() { 105 | // Bind DOM 106 | $searchInput = $('#book-search-input input'); 107 | $bookSearchResults = $('#book-search-results'); 108 | $searchList = $bookSearchResults.find('.search-results-list'); 109 | $searchTitle = $bookSearchResults.find('.search-results-title'); 110 | $searchResultsCount = $searchTitle.find('.search-results-count'); 111 | $searchQuery = $searchTitle.find('.search-query'); 112 | 113 | // Launch query based on input content 114 | function handleUpdate() { 115 | var q = $searchInput.val(); 116 | 117 | if (q.length == 0) { 118 | closeSearch(); 119 | } 120 | else { 121 | launchSearch(q); 122 | } 123 | } 124 | 125 | // Detect true content change in search input 126 | // Workaround for IE < 9 127 | var propertyChangeUnbound = false; 128 | $searchInput.on('propertychange', function(e) { 129 | if (e.originalEvent.propertyName == 'value') { 130 | handleUpdate(); 131 | } 132 | }); 133 | 134 | // HTML5 (IE9 & others) 135 | $searchInput.on('input', function(e) { 136 | // Unbind propertychange event for IE9+ 137 | if (!propertyChangeUnbound) { 138 | $(this).unbind('propertychange'); 139 | propertyChangeUnbound = true; 140 | } 141 | 142 | handleUpdate(); 143 | }); 144 | 145 | // Push to history on blur 146 | $searchInput.on('blur', function(e) { 147 | // Update history state 148 | if (usePushState) { 149 | var uri = updateQueryString('q', $(this).val()); 150 | history.pushState({ path: uri }, null, uri); 151 | } 152 | }); 153 | } 154 | 155 | gitbook.events.on('page.change', function() { 156 | bindSearch(); 157 | closeSearch(); 158 | 159 | // Launch search based on query parameter 160 | if (gitbook.search.isInitialized()) { 161 | launchSearchFromQueryString(); 162 | } 163 | }); 164 | 165 | gitbook.events.on('search.ready', function() { 166 | bindSearch(); 167 | 168 | // Launch search from query param at start 169 | launchSearchFromQueryString(); 170 | }); 171 | 172 | function getParameterByName(name) { 173 | var url = window.location.href; 174 | name = name.replace(/[\[\]]/g, '\\$&'); 175 | var regex = new RegExp('[?&]' + name + '(=([^&#]*)|&|#|$)', 'i'), 176 | results = regex.exec(url); 177 | if (!results) return null; 178 | if (!results[2]) return ''; 179 | return decodeURIComponent(results[2].replace(/\+/g, ' ')); 180 | } 181 | 182 | function updateQueryString(key, value) { 183 | value = encodeURIComponent(value); 184 | 185 | var url = window.location.href; 186 | var re = new RegExp('([?&])' + key + '=.*?(&|#|$)(.*)', 'gi'), 187 | hash; 188 | 189 | if (re.test(url)) { 190 | if (typeof value !== 'undefined' && value !== null) 191 | return url.replace(re, '$1' + key + '=' + value + '$2$3'); 192 | else { 193 | hash = url.split('#'); 194 | url = hash[0].replace(re, '$1$3').replace(/(&|\?)$/, ''); 195 | if (typeof hash[1] !== 'undefined' && hash[1] !== null) 196 | url += '#' + hash[1]; 197 | return url; 198 | } 199 | } 200 | else { 201 | if (typeof value !== 'undefined' && value !== null) { 202 | var separator = url.indexOf('?') !== -1 ? '&' : '?'; 203 | hash = url.split('#'); 204 | url = hash[0] + separator + key + '=' + value; 205 | if (typeof hash[1] !== 'undefined' && hash[1] !== null) 206 | url += '#' + hash[1]; 207 | return url; 208 | } 209 | else 210 | return url; 211 | } 212 | } 213 | }); 214 | -------------------------------------------------------------------------------- /docs/gitbook/gitbook-plugin-fontsettings/fontsettings.js: -------------------------------------------------------------------------------- 1 | require(['gitbook', 'jquery'], function(gitbook, $) { 2 | // Configuration 3 | var MAX_SIZE = 4, 4 | MIN_SIZE = 0, 5 | BUTTON_ID; 6 | 7 | // Current fontsettings state 8 | var fontState; 9 | 10 | // Default themes 11 | var THEMES = [ 12 | { 13 | config: 'white', 14 | text: 'White', 15 | id: 0 16 | }, 17 | { 18 | config: 'sepia', 19 | text: 'Sepia', 20 | id: 1 21 | }, 22 | { 23 | config: 'night', 24 | text: 'Night', 25 | id: 2 26 | } 27 | ]; 28 | 29 | // Default font families 30 | var FAMILIES = [ 31 | { 32 | config: 'serif', 33 | text: 'Serif', 34 | id: 0 35 | }, 36 | { 37 | config: 'sans', 38 | text: 'Sans', 39 | id: 1 40 | } 41 | ]; 42 | 43 | // Return configured themes 44 | function getThemes() { 45 | return THEMES; 46 | } 47 | 48 | // Modify configured themes 49 | function setThemes(themes) { 50 | THEMES = themes; 51 | updateButtons(); 52 | } 53 | 54 | // Return configured font families 55 | function getFamilies() { 56 | return FAMILIES; 57 | } 58 | 59 | // Modify configured font families 60 | function setFamilies(families) { 61 | FAMILIES = families; 62 | updateButtons(); 63 | } 64 | 65 | // Save current font settings 66 | function saveFontSettings() { 67 | gitbook.storage.set('fontState', fontState); 68 | update(); 69 | } 70 | 71 | // Increase font size 72 | function enlargeFontSize(e) { 73 | e.preventDefault(); 74 | if (fontState.size >= MAX_SIZE) return; 75 | 76 | fontState.size++; 77 | saveFontSettings(); 78 | } 79 | 80 | // Decrease font size 81 | function reduceFontSize(e) { 82 | e.preventDefault(); 83 | if (fontState.size <= MIN_SIZE) return; 84 | 85 | fontState.size--; 86 | saveFontSettings(); 87 | } 88 | 89 | // Change font family 90 | function changeFontFamily(configName, e) { 91 | if (e && e instanceof Event) { 92 | e.preventDefault(); 93 | } 94 | 95 | var familyId = getFontFamilyId(configName); 96 | fontState.family = familyId; 97 | saveFontSettings(); 98 | } 99 | 100 | // Change type of color theme 101 | function changeColorTheme(configName, e) { 102 | if (e && e instanceof Event) { 103 | e.preventDefault(); 104 | } 105 | 106 | var $book = gitbook.state.$book; 107 | 108 | // Remove currently applied color theme 109 | if (fontState.theme !== 0) 110 | $book.removeClass('color-theme-'+fontState.theme); 111 | 112 | // Set new color theme 113 | var themeId = getThemeId(configName); 114 | fontState.theme = themeId; 115 | if (fontState.theme !== 0) 116 | $book.addClass('color-theme-'+fontState.theme); 117 | 118 | saveFontSettings(); 119 | } 120 | 121 | // Return the correct id for a font-family config key 122 | // Default to first font-family 123 | function getFontFamilyId(configName) { 124 | // Search for plugin configured font family 125 | var configFamily = $.grep(FAMILIES, function(family) { 126 | return family.config == configName; 127 | })[0]; 128 | // Fallback to default font family 129 | return (!!configFamily)? configFamily.id : 0; 130 | } 131 | 132 | // Return the correct id for a theme config key 133 | // Default to first theme 134 | function getThemeId(configName) { 135 | // Search for plugin configured theme 136 | var configTheme = $.grep(THEMES, function(theme) { 137 | return theme.config == configName; 138 | })[0]; 139 | // Fallback to default theme 140 | return (!!configTheme)? configTheme.id : 0; 141 | } 142 | 143 | function update() { 144 | var $book = gitbook.state.$book; 145 | 146 | $('.font-settings .font-family-list li').removeClass('active'); 147 | $('.font-settings .font-family-list li:nth-child('+(fontState.family+1)+')').addClass('active'); 148 | 149 | $book[0].className = $book[0].className.replace(/\bfont-\S+/g, ''); 150 | $book.addClass('font-size-'+fontState.size); 151 | $book.addClass('font-family-'+fontState.family); 152 | 153 | if(fontState.theme !== 0) { 154 | $book[0].className = $book[0].className.replace(/\bcolor-theme-\S+/g, ''); 155 | $book.addClass('color-theme-'+fontState.theme); 156 | } 157 | } 158 | 159 | function init(config) { 160 | // Search for plugin configured font family 161 | var configFamily = getFontFamilyId(config.family), 162 | configTheme = getThemeId(config.theme); 163 | 164 | // Instantiate font state object 165 | fontState = gitbook.storage.get('fontState', { 166 | size: config.size || 2, 167 | family: configFamily, 168 | theme: configTheme 169 | }); 170 | 171 | update(); 172 | } 173 | 174 | function updateButtons() { 175 | // Remove existing fontsettings buttons 176 | if (!!BUTTON_ID) { 177 | gitbook.toolbar.removeButton(BUTTON_ID); 178 | } 179 | 180 | // Create buttons in toolbar 181 | BUTTON_ID = gitbook.toolbar.createButton({ 182 | icon: 'fa fa-font', 183 | label: 'Font Settings', 184 | className: 'font-settings', 185 | dropdown: [ 186 | [ 187 | { 188 | text: 'A', 189 | className: 'font-reduce', 190 | onClick: reduceFontSize 191 | }, 192 | { 193 | text: 'A', 194 | className: 'font-enlarge', 195 | onClick: enlargeFontSize 196 | } 197 | ], 198 | $.map(FAMILIES, function(family) { 199 | family.onClick = function(e) { 200 | return changeFontFamily(family.config, e); 201 | }; 202 | 203 | return family; 204 | }), 205 | $.map(THEMES, function(theme) { 206 | theme.onClick = function(e) { 207 | return changeColorTheme(theme.config, e); 208 | }; 209 | 210 | return theme; 211 | }) 212 | ] 213 | }); 214 | } 215 | 216 | // Init configuration at start 217 | gitbook.events.bind('start', function(e, config) { 218 | var opts = config.fontsettings; 219 | 220 | // Generate buttons at start 221 | updateButtons(); 222 | 223 | // Init current settings 224 | init(opts); 225 | }); 226 | 227 | // Expose API 228 | gitbook.fontsettings = { 229 | enlargeFontSize: enlargeFontSize, 230 | reduceFontSize: reduceFontSize, 231 | setTheme: changeColorTheme, 232 | setFamily: changeFontFamily, 233 | getThemes: getThemes, 234 | setThemes: setThemes, 235 | getFamilies: getFamilies, 236 | setFamilies: setFamilies 237 | }; 238 | }); 239 | 240 | 241 | -------------------------------------------------------------------------------- /kcna/notes.md: -------------------------------------------------------------------------------- 1 | 2 | # Meta information (about the exam) 3 | - [Exam Guide](https://training.linuxfoundation.org/certification/kubernetes-cloud-native-associate/) 4 | - [Kubernetes Docs](https://kubernetes.io/docs) 5 | 6 | # Plan 7 | - [ ] Buy the practice exams (Udemy) 8 | - [ ] Initial pass of the Kubernetes Docs 9 | - [ ] A run through of Kubernetes The Hard Way 10 | 11 | ## Overview 12 | 13 | - [ ] Kubernetes Fundamentals 14 | - [ ] Kubernetes Resources 15 | - [ ] Kubernetes Architecture 16 | - [ ] Kubernetes API 17 | - [ ] Containers 18 | - [ ] Scheduling 19 | - [ ] Container Orchestration 20 | - [ ] Container Orchestration Fundamentals 21 | - [ ] Runtime 22 | - [ ] Security 23 | - [ ] Networking 24 | - [ ] Service Mesh 25 | - [ ] Storage 26 | - [ ] Cloud Native Architecture 27 | - [ ] Autoscaling 28 | - [ ] Serverless 29 | - [ ] Community and Governance 30 | - [ ] Roles and Personas 31 | - [ ] Open Standards 32 | - [ ] Cloud Native Observability 33 | - [ ] Telemetry & Observability 34 | - [ ] Prometheus 35 | - [ ] Cost Management 36 | - [ ] Cloud Native Application Delivery 37 | - [ ] Application Delivery Fundamentals 38 | - [x] GitOps 39 | - [x] CI/CD 40 | 41 | # Kubernetes Fundamentals (46%) 42 | **Topics:** Kubernetes Resources, Kubernetes Architecture, Kubernetes API, Containers, Scheduling 43 | 44 | **Basics:** Service discovery and load balancing, self-healing, secrets management. 45 | 46 | ## Containers 47 | 48 | - Decouple applications from underlying host infrastructure 49 | 50 | ## [Kubernetes Objects](https://kubernetes.io/docs/concepts/overview/working-with-objects/) (infra as code reference) 51 | 52 | - Represent the state of your cluster. Your desired declarative end state. Most often provided via `kubectl` by passing a YAML file. 53 | 54 | ### Methods of interacting with Kubernetes objects 55 | 1. **Imperative** - User interacts directly on live objects. User provides operations to the `kubectl` command as arguments or flags. 56 | 2. **Imperative object** - Apply changes given in a single file, but still specifies which operation (create / read / update / delete etc). 57 | 3. **Declarative object configuration** - Does not define the operation, nor the specific file, operates on full directory structures. 58 | 59 | ## Component: [Nodes](https://kubernetes.io/docs/concepts/overview/components/#node-components) 60 | 61 | *Nodes are worker machines which host pods, where every cluster has at least 1 node.* 62 | 63 | - Node names are unique 64 | - Kubelet can self-register with the API server 65 | 66 | ### Node authorisation 67 | 68 | https://kubernetes.io/docs/reference/access-authn-authz/node/ 69 | 70 | ### Related components 71 | - **[Kubelet](https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/)** 72 | - The agent running on a node, connects with apiserver. Makes sure that containers are running in a pod. 73 | - Takes PodSpec typically from `api-server` (but can be provided via a static file or a reference to an HTTP endpoint) to ensure that containers defined in the PodSpec are running and healthy. 74 | - **[kube-proxy](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/)** 75 | - Network proxy that runs on each node in your cluster. 76 | - **[container runtime](https://kubernetes.io/docs/setup/production-environment/container-runtimes/)** 77 | - Software responsible for running containers (containerd, CRI-O). 78 | - systemd generates and consumes a root control group and acts as a cgroup manager 79 | - There is a [cgroup v1 and cgroup v2](https://medium.com/some-tldrs/tldr-understanding-the-new-control-groups-api-by-rami-rosen-980df476f633#:~:text=In%20cgroups%20v1%2C%20a%20process,only%20to%20a%20single%20subgroup.) 80 | 81 | 82 | ## Component: [Pods](https://kubernetes.io/docs/concepts/workloads/pods/) 83 | 84 | - Smallest deployable units of compute that you can deploy in Kubernetes 85 | - Shared storage and network resources (co-located, co-scheduled, run in shared context) 86 | - Can include [init](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) - These run before app containers in a pod. 87 | - And [ephemeral containers](https://kubernetes.io/docs/concepts/workloads/pods/ephemeral-containers/) - Used for inspecting running applicataions, rather than for running applications. They lack guarentees for completion, and are not automatically restarted. Useful when you can't exec into a container. 88 | - "User accounts" are for humans, "service accounts" are for processes. User accounts are global, service accounts are namespaced. Pods created use the `default` "service account". 89 | 90 | ## Component: [Kubernetes API](https://kubernetes.io/docs/concepts/overview/kubernetes-api/) 91 | 92 | - Let's you query and manipulate the state of API objects in Kubernetes. Can be accessed through CLI commands such as `kubectl` and `kubeadm`, also has client libraries. 93 | 94 | - **[kube-apiserver](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/)** 95 | - Exposes the Kubernetes API. 96 | 97 | - **[kube-ctl](https://kubernetes.io/docs/reference/kubectl/)** 98 | - `kubectl config set-cluster` - 99 | 100 | 101 | ## [etcd](https://etcd.io/) 102 | 103 | - [How etcd works with and without kubernetes](https://learnk8s.io/etcd-kubernetes) 104 | - Strongly consistent (must be strongly consistent, not eventual), highly-available (designed to be ran on many nodes, unlike SQL) key/value store used as a backing store for cluster data. Can be encrypted at rest. 105 | 106 | ## [Kube Scheduler](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-scheduler/) 107 | 108 | Watches for newly created pods and selects nodes for them to run on. Assigns pods to nodes 109 | 110 | ## [Kube Controller Manager](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/) and [Cloud Controller Manager](https://kubernetes.io/docs/concepts/architecture/cloud-controller/) 111 | 112 | **Kube controller manager** - Runs controller processes. Each controller is a separate process, but are compiled into a single binary. 113 | 114 | **cloud-controller-manager** - Cloud specific control logic. When ran on-premise or on your computer you do not have this component. Executes as a single binary. 115 | 116 | ## [Other Components](https://kubernetes.io/docs/concepts/overview/components/) 117 | - **Addons** - Such as cluster DNS, Web UI, container resource monitoring, cluster-level logging 118 | 119 | # Container Orchestration (22%) 120 | **Topics:** Container Orchestration Fundamentals, Runtime, Security, Networking, Service Mesh, Storage 121 | 122 | 123 | 124 | # Networking 125 | 126 | ## Overview 127 | - Each pod gets it's own IP 128 | - Kubernetes IP addresses exist at the `Pod` scope 129 | - Containers within a `Pod` can all reach each other's ports on localhost 130 | - Containers within a Pod must coordinate port usage, but this is no different from processes in a VM. 131 | 132 | # Cloud Native Architecture (16%) 133 | **Topics:** Autoscaling, Serverless, Community and Governance, Roles and Personas, Open Standards 134 | 135 | - [Cloud Native Landscape](https://landscape.cncf.io/) 136 | 137 | # Cloud Native Observability (8%) 138 | **Topics:** Telemetry & Observability, Prometheus, Cost Management 139 | 140 | # Cloud Native Application Delivery (8%) 141 | **Topics:** Application Delivery Fundamentals, GitOps, CI/CD 142 | 143 | **GitOps** 144 | * CI/CD + IaC + Code Review 145 | * Push/Pull pipeline - push pipeline defines infra and has access to the environment, pull based syncs the source control with the cluster architecture 146 | * Pull based GitOps (the cluster has access to source control but doesn't expose credentials outside of the system) 147 | 148 | **OCI** 149 | * The `runtime-spec` and the `image-spec` 150 | 151 | ## Questions 152 | 153 | - Are things like canary deployments handled with plugins? 154 | - Would you deploy databases from within Kubernetes? 155 | - GRPC vs HTTP -------------------------------------------------------------------------------- /cloud-practitioner/2-cloud-concepts.md: -------------------------------------------------------------------------------- 1 | 2 | # Cloud Concepts 3 | 4 | ## 1. Account Setup 5 | _How to setup an AWS account_ 6 | 7 | #### AWS Organisations 8 | 9 | **How it works:** 10 | - Global Service 11 | - Can create accounts fresh in the organisation 12 | - Can invite accounts (emails the root user) 13 | - You can't invite another organisation/ root account 14 | 15 | **The hierarchy:** 16 | - Policies stand alone (like IAM policies) 17 | - Accounts are categorised into organisational units 18 | - Policies are attached to organisational units 19 | 20 | // TODO: 👷‍♀ Can an organisation invite another organisation? 21 | 22 | #### The 4 Different Support Plans 23 | 24 | 1. Basic ($0PM) — Repsonses for billing, not technical. 25 | 1. Developer ($29PM) — Contact for technical questions 12- 26 | 1. Business ($100PM) — 24/7 support by phone, AWS Trusted Advisor. 27 | 1. Enterprise ($15000PM) — Get a TAM (Technical Account Manager) with 15m response time. 28 | 29 | #### Quick Starts & AWS Landing Zone 30 | 31 | **Quick Start** 32 | - Templates designed by an architect (provisioned through CloudFormation) 33 | 34 | // TODO : 👷‍♀ Learn more about this "service" 35 | 36 | **Landing Zone** 37 | - Deploys 4 accounts at the same time (quick setup of AWS accounts) 38 | 39 | #### IAM 40 | 41 | - Global service (not regional) 42 | - **Hierarchy:*- Users, Groups, Roles 43 | - 3 (kinda) ways of accessing AWS: Programattic access (and SDK access), console access. 44 | - MFA is useful for users 45 | - Create one user per person, assign groups and roles where necessary 46 | - Apply password policy (complexity, expiration, password reuse) 47 | - Policies come as JSON documents. 48 | 49 | // TODO : 👷‍♀ Draw up the IAM relations (Role, Policy, User) 50 | // TODO : 👷‍♀ Are group permissions additive? 51 | // TODO : 👷‍♀ How do principals work? 52 | 53 | ## 2. Compute Services, Websites & Scaling. 54 | _The services to be used as compute._ 55 | 56 | #### Using IAM Roles (with EC2) 57 | 58 | A safer way to give priveledges to EC2 instances, if you use the AWS CLI within an instance with a role, it will get the privledges from the attached role. 59 | 60 | 1. Choose the service that will use the role. 61 | 1. Attach a policy to the role. 62 | 1. Tag the role. 63 | 1. Attach the role to the EC2. 64 | 1. Don't need credentials on the EC2, you can just use the role. 65 | 66 | #### How To Use An Elastic Load Balancer 67 | 68 | Three types of ALB exists... 69 | 70 | 1. Application Load Balancer (Layer 7) 71 | 1. Network Load Balancer (High Performance) 72 | 1. Classic Load Balancer (Being Deprecated) 73 | 74 | Configuring an ALB: 75 | 76 | - You need to configure your ALB for which AZ's which it can use. 77 | - You'll need a target group for the servers that will receive your traffic. 78 | - Configure your polling thresholds (how often it polls the server) 79 | - Can take ~5 minutes to setup an ALB 80 | 81 | // TODO: 👷‍♀ Active/Active or Active/Passive with ALB? 82 | 83 | #### EC2 84 | 85 | - Vertical server in the Cloud 86 | - Instance Types 87 | - T3, Lowest Cost, General Purpose 88 | - M5, General Purpose 89 | - X1, Large Memory 90 | - Make a web server 91 | - `yum install httpd -yes` 92 | - `service httpd start` 93 | - `echo '

    Hello

    ' > /var/www/html` 94 | 95 | #### Security Groups / Firewalls 96 | 97 | - To allow a single IP you need to add `/32` to your IP to restrict just that IP 98 | 99 | #### Using EC2 as a Web Server 100 | 101 | - Storage Volumes attached to EC2 instances 102 | - SSD type 103 | - GP2 - for general purpose 104 | - IO1 - for provisioned IOps (DB servers) 105 | - Magnetic 106 | - ST1 - Lowest cost HDD (data warehouse) 107 | - SC1 - Lowest cost (file servers) 108 | 109 | // TODO: 👷‍♀ Research more about these EBS types 110 | 111 | #### AutoScaling 112 | 113 | Two things to autoscaling... 114 | 115 | 1. Launch Configuration (how you want to launch your EC2) 116 | 1. Autoscaling Group 117 | 118 | // TODO: 👷‍♀ Experiment with autoscaling groups 119 | 120 | #### Elastic Beanstalk 121 | 122 | - Kinda like Heroku (using AWS underlying resources) 123 | - Launch basic applications (PHP, Node.JS for instance) 124 | 125 | ## 3. Operations + Monitoring 126 | 127 | _Things that affect operations and monitoring..._ 128 | 129 | #### CloudWatch 130 | 131 | - CloudWatch is for monitoring performance (metrics, logs) 132 | - Can install custom metrics on AWS 133 | 134 | #### Systems Manager 135 | 136 | - Used for configuration management 137 | - Uses "Run Command" on difference EC2's 138 | 139 | // TODO: 👷‍♀ What's the difference between systems manager and ansible etc? 140 | 141 | #### CloudTrail 142 | 143 | // TODO: 👷‍♀ What is the purpose of a CloudTrail? When would you use it? 144 | 145 | #### Athena vs Macie 146 | 147 | **Athena:** 148 | - Serverless (so you pay per query) 149 | - Works with data in S3 150 | - No complex ETL 151 | 152 | **Macie:** 153 | - A sub-feature of S3 / CloudTrail 154 | - Uses NLP to protect PII on S3 155 | 156 | // TODO: 👷‍♀ Read more about Macie, and what it is 157 | 158 | ## 4. Other Fundamental Services 159 | 160 | **What is S3?** 161 | - Flat "Object Based" storage 162 | - Not "Block Storage" (like where you can store an Operating System) 163 | - A bucket is a "folder" in the crowd 164 | - Key Value (key the name of the item) Value (the value of the actual file data) 165 | 166 | **S3 Availability** 167 | - Consistency in AWS 168 | - Read after write consistency for new objects (Immediate updates) 169 | - Eventually consistent for overwrite PUTs (Slow updates, basically) 170 | - Availability 171 | - 99.9% availability (built to be 99.99%) 172 | - Guarenteed 99.99999999999% (11 nines) 173 | 174 | **S3 Storage Classes** 175 | - S3 Storage Classes 176 | - Standard 177 | - IA 178 | - One Zone IA 179 | - S3 Intelligent Tiering (move data to best cost tier) 180 | - Glacier (and Glacier Deep Archive, i.e 12 hour retrieval) 181 | - Transfer Acceleration 182 | - Upload to a region nearest to the user 183 | - Cross Region Replication 184 | - Replicated to a secondary bucket (for disaster recovery) 185 | 186 | **S3 Permissions** 187 | - An ACL is on a file level (fine grained) bucket policy is on a bucket level 188 | - Used to make buckets public 189 | - You can do this on an individual object level 190 | 191 | // TODO: 👷‍♀ Understand more about how ACL's work on S3 192 | 193 | #### Databases 194 | 195 | **Availability For Databases** 196 | - Multi AZ which allows failover to a new availability zone 197 | - Read replicas are sent to the replica 198 | 199 | **OLTP vs OLAP** 200 | - **OLTP** is running a query (i.e grabbing a row) 201 | - **OLAP** usually done in a data warehouse (not on primary)... on AWS you have redshift 202 | 203 | **ElastiCache** 204 | - Two types of elastic cache: Memcached and Redis 205 | 206 | **Aurora vs DynamoDB vs Redshift** 207 | - Aurora: Scalable, multi-az, used for joinable data 208 | - Dynamo: Use when you don't have joins, don't store large data in DynamoDB 209 | - Redshift: Don't use for OLTP 210 | - CloudSearch & ElasticSearch: 211 | - Neptune: Graph database 212 | - Elasticache: Caching in elasticache, cloudfront for CDN caching 213 | 214 | #### CloudFront 215 | 216 | - Helps distribute files around the world 217 | - Cache is controlled by the TTL 218 | - **Edge** is where it's cached 219 | - **Origin** is the originator of the files 220 | - **Distribution** which is the collection of edge locations 221 | 222 | ## 5. Miscellaneous Notes / Services 223 | 224 | #### AWS CLI 225 | - Format of AWS command: `aws service-name command` 226 | - Add credentials to use AWS CLI 227 | 228 | #### Global Services 229 | 230 | Which services are global? 231 | 232 | 1. IAM 233 | 1. Route53 234 | 1. Cloudfront 235 | 1. SNS + SES 236 | 237 | Remember, S3 is not global. 238 | 239 | #### Which AWS Services can be used on premise? 240 | 241 | - **AWS Snowball** - To import data into AWS. 242 | - **Snowball Edge** - Computer with storage (comes with Lambda installed). 243 | - **Storage Gateway** - Replicates to S3. 244 | - **Code Deploy** - Can deploy to on premise code. 245 | - **OpsWorks** - Managed Chef, can be used to deploy to on-premise. 246 | - **IoT Greengrass** - Managed Chef, can be used to deploy to on-premise. 247 | 248 | // TODO: 👷‍♀ 249 | 250 | #### Linux 251 | 252 | - `sudo su` —> Stands for switch user 253 | - Fedora / RedHat / CentOS 254 | - Installs with: `apt-get` 255 | - Ubuntu/Debian 256 | - Installs with: `yum` 257 | 258 | #### DNS + S3 Websites 259 | 260 | - Register a domain within the AWS console 261 | - Creating a website bucket must be the same, i.e `yourwebsite.com` 262 | -------------------------------------------------------------------------------- /docs/gitbook/gitbook-plugin-fontsettings/website.css: -------------------------------------------------------------------------------- 1 | /* 2 | * Theme 1 3 | */ 4 | .color-theme-1 .dropdown-menu { 5 | background-color: #111111; 6 | border-color: #7e888b; 7 | } 8 | .color-theme-1 .dropdown-menu .dropdown-caret .caret-inner { 9 | border-bottom: 9px solid #111111; 10 | } 11 | .color-theme-1 .dropdown-menu .buttons { 12 | border-color: #7e888b; 13 | } 14 | .color-theme-1 .dropdown-menu .button { 15 | color: #afa790; 16 | } 17 | .color-theme-1 .dropdown-menu .button:hover { 18 | color: #73553c; 19 | } 20 | /* 21 | * Theme 2 22 | */ 23 | .color-theme-2 .dropdown-menu { 24 | background-color: #2d3143; 25 | border-color: #272a3a; 26 | } 27 | .color-theme-2 .dropdown-menu .dropdown-caret .caret-inner { 28 | border-bottom: 9px solid #2d3143; 29 | } 30 | .color-theme-2 .dropdown-menu .buttons { 31 | border-color: #272a3a; 32 | } 33 | .color-theme-2 .dropdown-menu .button { 34 | color: #62677f; 35 | } 36 | .color-theme-2 .dropdown-menu .button:hover { 37 | color: #f4f4f5; 38 | } 39 | .book .book-header .font-settings .font-enlarge { 40 | line-height: 30px; 41 | font-size: 1.4em; 42 | } 43 | .book .book-header .font-settings .font-reduce { 44 | line-height: 30px; 45 | font-size: 1em; 46 | } 47 | .book.color-theme-1 .book-body { 48 | color: #704214; 49 | background: #f3eacb; 50 | } 51 | .book.color-theme-1 .book-body .page-wrapper .page-inner section { 52 | background: #f3eacb; 53 | } 54 | .book.color-theme-2 .book-body { 55 | color: #bdcadb; 56 | background: #1c1f2b; 57 | } 58 | .book.color-theme-2 .book-body .page-wrapper .page-inner section { 59 | background: #1c1f2b; 60 | } 61 | .book.font-size-0 .book-body .page-inner section { 62 | font-size: 1.2rem; 63 | } 64 | .book.font-size-1 .book-body .page-inner section { 65 | font-size: 1.4rem; 66 | } 67 | .book.font-size-2 .book-body .page-inner section { 68 | font-size: 1.6rem; 69 | } 70 | .book.font-size-3 .book-body .page-inner section { 71 | font-size: 2.2rem; 72 | } 73 | .book.font-size-4 .book-body .page-inner section { 74 | font-size: 4rem; 75 | } 76 | .book.font-family-0 { 77 | font-family: Georgia, serif; 78 | } 79 | .book.font-family-1 { 80 | font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; 81 | } 82 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal { 83 | color: #704214; 84 | } 85 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal a { 86 | color: inherit; 87 | } 88 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal h1, 89 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal h2, 90 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal h3, 91 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal h4, 92 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal h5, 93 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal h6 { 94 | color: inherit; 95 | } 96 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal h1, 97 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal h2 { 98 | border-color: inherit; 99 | } 100 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal h6 { 101 | color: inherit; 102 | } 103 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal hr { 104 | background-color: inherit; 105 | } 106 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal blockquote { 107 | border-color: inherit; 108 | } 109 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal pre, 110 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal code { 111 | background: #fdf6e3; 112 | color: #657b83; 113 | border-color: #f8df9c; 114 | } 115 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal .highlight { 116 | background-color: inherit; 117 | } 118 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal table th, 119 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal table td { 120 | border-color: #f5d06c; 121 | } 122 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal table tr { 123 | color: inherit; 124 | background-color: #fdf6e3; 125 | border-color: #444444; 126 | } 127 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal table tr:nth-child(2n) { 128 | background-color: #fbeecb; 129 | } 130 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal { 131 | color: #bdcadb; 132 | } 133 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal a { 134 | color: #3eb1d0; 135 | } 136 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal h1, 137 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal h2, 138 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal h3, 139 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal h4, 140 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal h5, 141 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal h6 { 142 | color: #fffffa; 143 | } 144 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal h1, 145 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal h2 { 146 | border-color: #373b4e; 147 | } 148 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal h6 { 149 | color: #373b4e; 150 | } 151 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal hr { 152 | background-color: #373b4e; 153 | } 154 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal blockquote { 155 | border-color: #373b4e; 156 | } 157 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal pre, 158 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal code { 159 | color: #9dbed8; 160 | background: #2d3143; 161 | border-color: #2d3143; 162 | } 163 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal .highlight { 164 | background-color: #282a39; 165 | } 166 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal table th, 167 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal table td { 168 | border-color: #3b3f54; 169 | } 170 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal table tr { 171 | color: #b6c2d2; 172 | background-color: #2d3143; 173 | border-color: #3b3f54; 174 | } 175 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal table tr:nth-child(2n) { 176 | background-color: #35394b; 177 | } 178 | .book.color-theme-1 .book-header { 179 | color: #afa790; 180 | background: transparent; 181 | } 182 | .book.color-theme-1 .book-header .btn { 183 | color: #afa790; 184 | } 185 | .book.color-theme-1 .book-header .btn:hover { 186 | color: #73553c; 187 | background: none; 188 | } 189 | .book.color-theme-1 .book-header h1 { 190 | color: #704214; 191 | } 192 | .book.color-theme-2 .book-header { 193 | color: #7e888b; 194 | background: transparent; 195 | } 196 | .book.color-theme-2 .book-header .btn { 197 | color: #3b3f54; 198 | } 199 | .book.color-theme-2 .book-header .btn:hover { 200 | color: #fffff5; 201 | background: none; 202 | } 203 | .book.color-theme-2 .book-header h1 { 204 | color: #bdcadb; 205 | } 206 | .book.color-theme-1 .book-body .navigation { 207 | color: #afa790; 208 | } 209 | .book.color-theme-1 .book-body .navigation:hover { 210 | color: #73553c; 211 | } 212 | .book.color-theme-2 .book-body .navigation { 213 | color: #383f52; 214 | } 215 | .book.color-theme-2 .book-body .navigation:hover { 216 | color: #fffff5; 217 | } 218 | /* 219 | * Theme 1 220 | */ 221 | .book.color-theme-1 .book-summary { 222 | color: #afa790; 223 | background: #111111; 224 | border-right: 1px solid rgba(0, 0, 0, 0.07); 225 | } 226 | .book.color-theme-1 .book-summary .book-search { 227 | background: transparent; 228 | } 229 | .book.color-theme-1 .book-summary .book-search input, 230 | .book.color-theme-1 .book-summary .book-search input:focus { 231 | border: 1px solid transparent; 232 | } 233 | .book.color-theme-1 .book-summary ul.summary li.divider { 234 | background: #7e888b; 235 | box-shadow: none; 236 | } 237 | .book.color-theme-1 .book-summary ul.summary li i.fa-check { 238 | color: #33cc33; 239 | } 240 | .book.color-theme-1 .book-summary ul.summary li.done > a { 241 | color: #877f6a; 242 | } 243 | .book.color-theme-1 .book-summary ul.summary li a, 244 | .book.color-theme-1 .book-summary ul.summary li span { 245 | color: #877f6a; 246 | background: transparent; 247 | font-weight: normal; 248 | } 249 | .book.color-theme-1 .book-summary ul.summary li.active > a, 250 | .book.color-theme-1 .book-summary ul.summary li a:hover { 251 | color: #704214; 252 | background: transparent; 253 | font-weight: normal; 254 | } 255 | /* 256 | * Theme 2 257 | */ 258 | .book.color-theme-2 .book-summary { 259 | color: #bcc1d2; 260 | background: #2d3143; 261 | border-right: none; 262 | } 263 | .book.color-theme-2 .book-summary .book-search { 264 | background: transparent; 265 | } 266 | .book.color-theme-2 .book-summary .book-search input, 267 | .book.color-theme-2 .book-summary .book-search input:focus { 268 | border: 1px solid transparent; 269 | } 270 | .book.color-theme-2 .book-summary ul.summary li.divider { 271 | background: #272a3a; 272 | box-shadow: none; 273 | } 274 | .book.color-theme-2 .book-summary ul.summary li i.fa-check { 275 | color: #33cc33; 276 | } 277 | .book.color-theme-2 .book-summary ul.summary li.done > a { 278 | color: #62687f; 279 | } 280 | .book.color-theme-2 .book-summary ul.summary li a, 281 | .book.color-theme-2 .book-summary ul.summary li span { 282 | color: #c1c6d7; 283 | background: transparent; 284 | font-weight: 600; 285 | } 286 | .book.color-theme-2 .book-summary ul.summary li.active > a, 287 | .book.color-theme-2 .book-summary ul.summary li a:hover { 288 | color: #f4f4f5; 289 | background: #252737; 290 | font-weight: 600; 291 | } 292 | -------------------------------------------------------------------------------- /docs/gitbook/gitbook-plugin-lunr/lunr.min.js: -------------------------------------------------------------------------------- 1 | /** 2 | * lunr - http://lunrjs.com - A bit like Solr, but much smaller and not as bright - 0.5.12 3 | * Copyright (C) 2015 Oliver Nightingale 4 | * MIT Licensed 5 | * @license 6 | */ 7 | !function(){var t=function(e){var n=new t.Index;return n.pipeline.add(t.trimmer,t.stopWordFilter,t.stemmer),e&&e.call(n,n),n};t.version="0.5.12",t.utils={},t.utils.warn=function(t){return function(e){t.console&&console.warn&&console.warn(e)}}(this),t.EventEmitter=function(){this.events={}},t.EventEmitter.prototype.addListener=function(){var t=Array.prototype.slice.call(arguments),e=t.pop(),n=t;if("function"!=typeof e)throw new TypeError("last argument must be a function");n.forEach(function(t){this.hasHandler(t)||(this.events[t]=[]),this.events[t].push(e)},this)},t.EventEmitter.prototype.removeListener=function(t,e){if(this.hasHandler(t)){var n=this.events[t].indexOf(e);this.events[t].splice(n,1),this.events[t].length||delete this.events[t]}},t.EventEmitter.prototype.emit=function(t){if(this.hasHandler(t)){var e=Array.prototype.slice.call(arguments,1);this.events[t].forEach(function(t){t.apply(void 0,e)})}},t.EventEmitter.prototype.hasHandler=function(t){return t in this.events},t.tokenizer=function(t){return arguments.length&&null!=t&&void 0!=t?Array.isArray(t)?t.map(function(t){return t.toLowerCase()}):t.toString().trim().toLowerCase().split(/[\s\-]+/):[]},t.Pipeline=function(){this._stack=[]},t.Pipeline.registeredFunctions={},t.Pipeline.registerFunction=function(e,n){n in this.registeredFunctions&&t.utils.warn("Overwriting existing registered function: "+n),e.label=n,t.Pipeline.registeredFunctions[e.label]=e},t.Pipeline.warnIfFunctionNotRegistered=function(e){var n=e.label&&e.label in this.registeredFunctions;n||t.utils.warn("Function is not registered with pipeline. This may cause problems when serialising the index.\n",e)},t.Pipeline.load=function(e){var n=new t.Pipeline;return e.forEach(function(e){var i=t.Pipeline.registeredFunctions[e];if(!i)throw new Error("Cannot load un-registered function: "+e);n.add(i)}),n},t.Pipeline.prototype.add=function(){var e=Array.prototype.slice.call(arguments);e.forEach(function(e){t.Pipeline.warnIfFunctionNotRegistered(e),this._stack.push(e)},this)},t.Pipeline.prototype.after=function(e,n){t.Pipeline.warnIfFunctionNotRegistered(n);var i=this._stack.indexOf(e);if(-1==i)throw new Error("Cannot find existingFn");i+=1,this._stack.splice(i,0,n)},t.Pipeline.prototype.before=function(e,n){t.Pipeline.warnIfFunctionNotRegistered(n);var i=this._stack.indexOf(e);if(-1==i)throw new Error("Cannot find existingFn");this._stack.splice(i,0,n)},t.Pipeline.prototype.remove=function(t){var e=this._stack.indexOf(t);-1!=e&&this._stack.splice(e,1)},t.Pipeline.prototype.run=function(t){for(var e=[],n=t.length,i=this._stack.length,o=0;n>o;o++){for(var r=t[o],s=0;i>s&&(r=this._stack[s](r,o,t),void 0!==r);s++);void 0!==r&&e.push(r)}return e},t.Pipeline.prototype.reset=function(){this._stack=[]},t.Pipeline.prototype.toJSON=function(){return this._stack.map(function(e){return t.Pipeline.warnIfFunctionNotRegistered(e),e.label})},t.Vector=function(){this._magnitude=null,this.list=void 0,this.length=0},t.Vector.Node=function(t,e,n){this.idx=t,this.val=e,this.next=n},t.Vector.prototype.insert=function(e,n){this._magnitude=void 0;var i=this.list;if(!i)return this.list=new t.Vector.Node(e,n,i),this.length++;if(en.idx?n=n.next:(i+=e.val*n.val,e=e.next,n=n.next);return i},t.Vector.prototype.similarity=function(t){return this.dot(t)/(this.magnitude()*t.magnitude())},t.SortedSet=function(){this.length=0,this.elements=[]},t.SortedSet.load=function(t){var e=new this;return e.elements=t,e.length=t.length,e},t.SortedSet.prototype.add=function(){var t,e;for(t=0;t1;){if(r===t)return o;t>r&&(e=o),r>t&&(n=o),i=n-e,o=e+Math.floor(i/2),r=this.elements[o]}return r===t?o:-1},t.SortedSet.prototype.locationFor=function(t){for(var e=0,n=this.elements.length,i=n-e,o=e+Math.floor(i/2),r=this.elements[o];i>1;)t>r&&(e=o),r>t&&(n=o),i=n-e,o=e+Math.floor(i/2),r=this.elements[o];return r>t?o:t>r?o+1:void 0},t.SortedSet.prototype.intersect=function(e){for(var n=new t.SortedSet,i=0,o=0,r=this.length,s=e.length,a=this.elements,h=e.elements;;){if(i>r-1||o>s-1)break;a[i]!==h[o]?a[i]h[o]&&o++:(n.add(a[i]),i++,o++)}return n},t.SortedSet.prototype.clone=function(){var e=new t.SortedSet;return e.elements=this.toArray(),e.length=e.elements.length,e},t.SortedSet.prototype.union=function(t){var e,n,i;return this.length>=t.length?(e=this,n=t):(e=t,n=this),i=e.clone(),i.add.apply(i,n.toArray()),i},t.SortedSet.prototype.toJSON=function(){return this.toArray()},t.Index=function(){this._fields=[],this._ref="id",this.pipeline=new t.Pipeline,this.documentStore=new t.Store,this.tokenStore=new t.TokenStore,this.corpusTokens=new t.SortedSet,this.eventEmitter=new t.EventEmitter,this._idfCache={},this.on("add","remove","update",function(){this._idfCache={}}.bind(this))},t.Index.prototype.on=function(){var t=Array.prototype.slice.call(arguments);return this.eventEmitter.addListener.apply(this.eventEmitter,t)},t.Index.prototype.off=function(t,e){return this.eventEmitter.removeListener(t,e)},t.Index.load=function(e){e.version!==t.version&&t.utils.warn("version mismatch: current "+t.version+" importing "+e.version);var n=new this;return n._fields=e.fields,n._ref=e.ref,n.documentStore=t.Store.load(e.documentStore),n.tokenStore=t.TokenStore.load(e.tokenStore),n.corpusTokens=t.SortedSet.load(e.corpusTokens),n.pipeline=t.Pipeline.load(e.pipeline),n},t.Index.prototype.field=function(t,e){var e=e||{},n={name:t,boost:e.boost||1};return this._fields.push(n),this},t.Index.prototype.ref=function(t){return this._ref=t,this},t.Index.prototype.add=function(e,n){var i={},o=new t.SortedSet,r=e[this._ref],n=void 0===n?!0:n;this._fields.forEach(function(n){var r=this.pipeline.run(t.tokenizer(e[n.name]));i[n.name]=r,t.SortedSet.prototype.add.apply(o,r)},this),this.documentStore.set(r,o),t.SortedSet.prototype.add.apply(this.corpusTokens,o.toArray());for(var s=0;s0&&(i=1+Math.log(this.documentStore.length/n)),this._idfCache[e]=i},t.Index.prototype.search=function(e){var n=this.pipeline.run(t.tokenizer(e)),i=new t.Vector,o=[],r=this._fields.reduce(function(t,e){return t+e.boost},0),s=n.some(function(t){return this.tokenStore.has(t)},this);if(!s)return[];n.forEach(function(e,n,s){var a=1/s.length*this._fields.length*r,h=this,l=this.tokenStore.expand(e).reduce(function(n,o){var r=h.corpusTokens.indexOf(o),s=h.idf(o),l=1,u=new t.SortedSet;if(o!==e){var c=Math.max(3,o.length-e.length);l=1/Math.log(c)}return r>-1&&i.insert(r,a*s*l),Object.keys(h.tokenStore.get(o)).forEach(function(t){u.add(t)}),n.union(u)},new t.SortedSet);o.push(l)},this);var a=o.reduce(function(t,e){return t.intersect(e)});return a.map(function(t){return{ref:t,score:i.similarity(this.documentVector(t))}},this).sort(function(t,e){return e.score-t.score})},t.Index.prototype.documentVector=function(e){for(var n=this.documentStore.get(e),i=n.length,o=new t.Vector,r=0;i>r;r++){var s=n.elements[r],a=this.tokenStore.get(s)[e].tf,h=this.idf(s);o.insert(this.corpusTokens.indexOf(s),a*h)}return o},t.Index.prototype.toJSON=function(){return{version:t.version,fields:this._fields,ref:this._ref,documentStore:this.documentStore.toJSON(),tokenStore:this.tokenStore.toJSON(),corpusTokens:this.corpusTokens.toJSON(),pipeline:this.pipeline.toJSON()}},t.Index.prototype.use=function(t){var e=Array.prototype.slice.call(arguments,1);e.unshift(this),t.apply(this,e)},t.Store=function(){this.store={},this.length=0},t.Store.load=function(e){var n=new this;return n.length=e.length,n.store=Object.keys(e.store).reduce(function(n,i){return n[i]=t.SortedSet.load(e.store[i]),n},{}),n},t.Store.prototype.set=function(t,e){this.has(t)||this.length++,this.store[t]=e},t.Store.prototype.get=function(t){return this.store[t]},t.Store.prototype.has=function(t){return t in this.store},t.Store.prototype.remove=function(t){this.has(t)&&(delete this.store[t],this.length--)},t.Store.prototype.toJSON=function(){return{store:this.store,length:this.length}},t.stemmer=function(){var t={ational:"ate",tional:"tion",enci:"ence",anci:"ance",izer:"ize",bli:"ble",alli:"al",entli:"ent",eli:"e",ousli:"ous",ization:"ize",ation:"ate",ator:"ate",alism:"al",iveness:"ive",fulness:"ful",ousness:"ous",aliti:"al",iviti:"ive",biliti:"ble",logi:"log"},e={icate:"ic",ative:"",alize:"al",iciti:"ic",ical:"ic",ful:"",ness:""},n="[^aeiou]",i="[aeiouy]",o=n+"[^aeiouy]*",r=i+"[aeiou]*",s="^("+o+")?"+r+o,a="^("+o+")?"+r+o+"("+r+")?$",h="^("+o+")?"+r+o+r+o,l="^("+o+")?"+i,u=new RegExp(s),c=new RegExp(h),f=new RegExp(a),d=new RegExp(l),p=/^(.+?)(ss|i)es$/,m=/^(.+?)([^s])s$/,v=/^(.+?)eed$/,y=/^(.+?)(ed|ing)$/,g=/.$/,S=/(at|bl|iz)$/,w=new RegExp("([^aeiouylsz])\\1$"),x=new RegExp("^"+o+i+"[^aeiouwxy]$"),k=/^(.+?[^aeiou])y$/,b=/^(.+?)(ational|tional|enci|anci|izer|bli|alli|entli|eli|ousli|ization|ation|ator|alism|iveness|fulness|ousness|aliti|iviti|biliti|logi)$/,E=/^(.+?)(icate|ative|alize|iciti|ical|ful|ness)$/,_=/^(.+?)(al|ance|ence|er|ic|able|ible|ant|ement|ment|ent|ou|ism|ate|iti|ous|ive|ize)$/,F=/^(.+?)(s|t)(ion)$/,O=/^(.+?)e$/,P=/ll$/,N=new RegExp("^"+o+i+"[^aeiouwxy]$"),T=function(n){var i,o,r,s,a,h,l;if(n.length<3)return n;if(r=n.substr(0,1),"y"==r&&(n=r.toUpperCase()+n.substr(1)),s=p,a=m,s.test(n)?n=n.replace(s,"$1$2"):a.test(n)&&(n=n.replace(a,"$1$2")),s=v,a=y,s.test(n)){var T=s.exec(n);s=u,s.test(T[1])&&(s=g,n=n.replace(s,""))}else if(a.test(n)){var T=a.exec(n);i=T[1],a=d,a.test(i)&&(n=i,a=S,h=w,l=x,a.test(n)?n+="e":h.test(n)?(s=g,n=n.replace(s,"")):l.test(n)&&(n+="e"))}if(s=k,s.test(n)){var T=s.exec(n);i=T[1],n=i+"i"}if(s=b,s.test(n)){var T=s.exec(n);i=T[1],o=T[2],s=u,s.test(i)&&(n=i+t[o])}if(s=E,s.test(n)){var T=s.exec(n);i=T[1],o=T[2],s=u,s.test(i)&&(n=i+e[o])}if(s=_,a=F,s.test(n)){var T=s.exec(n);i=T[1],s=c,s.test(i)&&(n=i)}else if(a.test(n)){var T=a.exec(n);i=T[1]+T[2],a=c,a.test(i)&&(n=i)}if(s=O,s.test(n)){var T=s.exec(n);i=T[1],s=c,a=f,h=N,(s.test(i)||a.test(i)&&!h.test(i))&&(n=i)}return s=P,a=c,s.test(n)&&a.test(n)&&(s=g,n=n.replace(s,"")),"y"==r&&(n=r.toLowerCase()+n.substr(1)),n};return T}(),t.Pipeline.registerFunction(t.stemmer,"stemmer"),t.stopWordFilter=function(e){return e&&t.stopWordFilter.stopWords[e]!==e?e:void 0},t.stopWordFilter.stopWords={a:"a",able:"able",about:"about",across:"across",after:"after",all:"all",almost:"almost",also:"also",am:"am",among:"among",an:"an",and:"and",any:"any",are:"are",as:"as",at:"at",be:"be",because:"because",been:"been",but:"but",by:"by",can:"can",cannot:"cannot",could:"could",dear:"dear",did:"did","do":"do",does:"does",either:"either","else":"else",ever:"ever",every:"every","for":"for",from:"from",get:"get",got:"got",had:"had",has:"has",have:"have",he:"he",her:"her",hers:"hers",him:"him",his:"his",how:"how",however:"however",i:"i","if":"if","in":"in",into:"into",is:"is",it:"it",its:"its",just:"just",least:"least",let:"let",like:"like",likely:"likely",may:"may",me:"me",might:"might",most:"most",must:"must",my:"my",neither:"neither",no:"no",nor:"nor",not:"not",of:"of",off:"off",often:"often",on:"on",only:"only",or:"or",other:"other",our:"our",own:"own",rather:"rather",said:"said",say:"say",says:"says",she:"she",should:"should",since:"since",so:"so",some:"some",than:"than",that:"that",the:"the",their:"their",them:"them",then:"then",there:"there",these:"these",they:"they","this":"this",tis:"tis",to:"to",too:"too",twas:"twas",us:"us",wants:"wants",was:"was",we:"we",were:"were",what:"what",when:"when",where:"where",which:"which","while":"while",who:"who",whom:"whom",why:"why",will:"will","with":"with",would:"would",yet:"yet",you:"you",your:"your"},t.Pipeline.registerFunction(t.stopWordFilter,"stopWordFilter"),t.trimmer=function(t){var e=t.replace(/^\W+/,"").replace(/\W+$/,"");return""===e?void 0:e},t.Pipeline.registerFunction(t.trimmer,"trimmer"),t.TokenStore=function(){this.root={docs:{}},this.length=0},t.TokenStore.load=function(t){var e=new this;return e.root=t.root,e.length=t.length,e},t.TokenStore.prototype.add=function(t,e,n){var n=n||this.root,i=t[0],o=t.slice(1);return i in n||(n[i]={docs:{}}),0===o.length?(n[i].docs[e.ref]=e,void(this.length+=1)):this.add(o,e,n[i])},t.TokenStore.prototype.has=function(t){if(!t)return!1;for(var e=this.root,n=0;no;o++){for(var r=t[o],s=0;i>s&&(r=this._stack[s](r,o,t),void 0!==r);s++);void 0!==r&&e.push(r)}return e},t.Pipeline.prototype.reset=function(){this._stack=[]},t.Pipeline.prototype.toJSON=function(){return this._stack.map(function(e){return t.Pipeline.warnIfFunctionNotRegistered(e),e.label})},t.Vector=function(){this._magnitude=null,this.list=void 0,this.length=0},t.Vector.Node=function(t,e,n){this.idx=t,this.val=e,this.next=n},t.Vector.prototype.insert=function(e,n){this._magnitude=void 0;var i=this.list;if(!i)return this.list=new t.Vector.Node(e,n,i),this.length++;if(en.idx?n=n.next:(i+=e.val*n.val,e=e.next,n=n.next);return i},t.Vector.prototype.similarity=function(t){return this.dot(t)/(this.magnitude()*t.magnitude())},t.SortedSet=function(){this.length=0,this.elements=[]},t.SortedSet.load=function(t){var e=new this;return e.elements=t,e.length=t.length,e},t.SortedSet.prototype.add=function(){var t,e;for(t=0;t1;){if(r===t)return o;t>r&&(e=o),r>t&&(n=o),i=n-e,o=e+Math.floor(i/2),r=this.elements[o]}return r===t?o:-1},t.SortedSet.prototype.locationFor=function(t){for(var e=0,n=this.elements.length,i=n-e,o=e+Math.floor(i/2),r=this.elements[o];i>1;)t>r&&(e=o),r>t&&(n=o),i=n-e,o=e+Math.floor(i/2),r=this.elements[o];return r>t?o:t>r?o+1:void 0},t.SortedSet.prototype.intersect=function(e){for(var n=new t.SortedSet,i=0,o=0,r=this.length,s=e.length,a=this.elements,h=e.elements;;){if(i>r-1||o>s-1)break;a[i]!==h[o]?a[i]h[o]&&o++:(n.add(a[i]),i++,o++)}return n},t.SortedSet.prototype.clone=function(){var e=new t.SortedSet;return e.elements=this.toArray(),e.length=e.elements.length,e},t.SortedSet.prototype.union=function(t){var e,n,i;return this.length>=t.length?(e=this,n=t):(e=t,n=this),i=e.clone(),i.add.apply(i,n.toArray()),i},t.SortedSet.prototype.toJSON=function(){return this.toArray()},t.Index=function(){this._fields=[],this._ref="id",this.pipeline=new t.Pipeline,this.documentStore=new t.Store,this.tokenStore=new t.TokenStore,this.corpusTokens=new t.SortedSet,this.eventEmitter=new t.EventEmitter,this._idfCache={},this.on("add","remove","update",function(){this._idfCache={}}.bind(this))},t.Index.prototype.on=function(){var t=Array.prototype.slice.call(arguments);return this.eventEmitter.addListener.apply(this.eventEmitter,t)},t.Index.prototype.off=function(t,e){return this.eventEmitter.removeListener(t,e)},t.Index.load=function(e){e.version!==t.version&&t.utils.warn("version mismatch: current "+t.version+" importing "+e.version);var n=new this;return n._fields=e.fields,n._ref=e.ref,n.documentStore=t.Store.load(e.documentStore),n.tokenStore=t.TokenStore.load(e.tokenStore),n.corpusTokens=t.SortedSet.load(e.corpusTokens),n.pipeline=t.Pipeline.load(e.pipeline),n},t.Index.prototype.field=function(t,e){var e=e||{},n={name:t,boost:e.boost||1};return this._fields.push(n),this},t.Index.prototype.ref=function(t){return this._ref=t,this},t.Index.prototype.add=function(e,n){var i={},o=new t.SortedSet,r=e[this._ref],n=void 0===n?!0:n;this._fields.forEach(function(n){var r=this.pipeline.run(t.tokenizer(e[n.name]));i[n.name]=r,t.SortedSet.prototype.add.apply(o,r)},this),this.documentStore.set(r,o),t.SortedSet.prototype.add.apply(this.corpusTokens,o.toArray());for(var s=0;s0&&(i=1+Math.log(this.documentStore.length/n)),this._idfCache[e]=i},t.Index.prototype.search=function(e){var n=this.pipeline.run(t.tokenizer(e)),i=new t.Vector,o=[],r=this._fields.reduce(function(t,e){return t+e.boost},0),s=n.some(function(t){return this.tokenStore.has(t)},this);if(!s)return[];n.forEach(function(e,n,s){var a=1/s.length*this._fields.length*r,h=this,l=this.tokenStore.expand(e).reduce(function(n,o){var r=h.corpusTokens.indexOf(o),s=h.idf(o),l=1,u=new t.SortedSet;if(o!==e){var c=Math.max(3,o.length-e.length);l=1/Math.log(c)}return r>-1&&i.insert(r,a*s*l),Object.keys(h.tokenStore.get(o)).forEach(function(t){u.add(t)}),n.union(u)},new t.SortedSet);o.push(l)},this);var a=o.reduce(function(t,e){return t.intersect(e)});return a.map(function(t){return{ref:t,score:i.similarity(this.documentVector(t))}},this).sort(function(t,e){return e.score-t.score})},t.Index.prototype.documentVector=function(e){for(var n=this.documentStore.get(e),i=n.length,o=new t.Vector,r=0;i>r;r++){var s=n.elements[r],a=this.tokenStore.get(s)[e].tf,h=this.idf(s);o.insert(this.corpusTokens.indexOf(s),a*h)}return o},t.Index.prototype.toJSON=function(){return{version:t.version,fields:this._fields,ref:this._ref,documentStore:this.documentStore.toJSON(),tokenStore:this.tokenStore.toJSON(),corpusTokens:this.corpusTokens.toJSON(),pipeline:this.pipeline.toJSON()}},t.Index.prototype.use=function(t){var e=Array.prototype.slice.call(arguments,1);e.unshift(this),t.apply(this,e)},t.Store=function(){this.store={},this.length=0},t.Store.load=function(e){var n=new this;return n.length=e.length,n.store=Object.keys(e.store).reduce(function(n,i){return n[i]=t.SortedSet.load(e.store[i]),n},{}),n},t.Store.prototype.set=function(t,e){this.has(t)||this.length++,this.store[t]=e},t.Store.prototype.get=function(t){return this.store[t]},t.Store.prototype.has=function(t){return t in this.store},t.Store.prototype.remove=function(t){this.has(t)&&(delete this.store[t],this.length--)},t.Store.prototype.toJSON=function(){return{store:this.store,length:this.length}},t.stemmer=function(){var t={ational:"ate",tional:"tion",enci:"ence",anci:"ance",izer:"ize",bli:"ble",alli:"al",entli:"ent",eli:"e",ousli:"ous",ization:"ize",ation:"ate",ator:"ate",alism:"al",iveness:"ive",fulness:"ful",ousness:"ous",aliti:"al",iviti:"ive",biliti:"ble",logi:"log"},e={icate:"ic",ative:"",alize:"al",iciti:"ic",ical:"ic",ful:"",ness:""},n="[^aeiou]",i="[aeiouy]",o=n+"[^aeiouy]*",r=i+"[aeiou]*",s="^("+o+")?"+r+o,a="^("+o+")?"+r+o+"("+r+")?$",h="^("+o+")?"+r+o+r+o,l="^("+o+")?"+i,u=new RegExp(s),c=new RegExp(h),f=new RegExp(a),d=new RegExp(l),p=/^(.+?)(ss|i)es$/,m=/^(.+?)([^s])s$/,v=/^(.+?)eed$/,y=/^(.+?)(ed|ing)$/,g=/.$/,S=/(at|bl|iz)$/,w=new RegExp("([^aeiouylsz])\\1$"),x=new RegExp("^"+o+i+"[^aeiouwxy]$"),k=/^(.+?[^aeiou])y$/,b=/^(.+?)(ational|tional|enci|anci|izer|bli|alli|entli|eli|ousli|ization|ation|ator|alism|iveness|fulness|ousness|aliti|iviti|biliti|logi)$/,E=/^(.+?)(icate|ative|alize|iciti|ical|ful|ness)$/,_=/^(.+?)(al|ance|ence|er|ic|able|ible|ant|ement|ment|ent|ou|ism|ate|iti|ous|ive|ize)$/,F=/^(.+?)(s|t)(ion)$/,O=/^(.+?)e$/,P=/ll$/,N=new RegExp("^"+o+i+"[^aeiouwxy]$"),T=function(n){var i,o,r,s,a,h,l;if(n.length<3)return n;if(r=n.substr(0,1),"y"==r&&(n=r.toUpperCase()+n.substr(1)),s=p,a=m,s.test(n)?n=n.replace(s,"$1$2"):a.test(n)&&(n=n.replace(a,"$1$2")),s=v,a=y,s.test(n)){var T=s.exec(n);s=u,s.test(T[1])&&(s=g,n=n.replace(s,""))}else if(a.test(n)){var T=a.exec(n);i=T[1],a=d,a.test(i)&&(n=i,a=S,h=w,l=x,a.test(n)?n+="e":h.test(n)?(s=g,n=n.replace(s,"")):l.test(n)&&(n+="e"))}if(s=k,s.test(n)){var T=s.exec(n);i=T[1],n=i+"i"}if(s=b,s.test(n)){var T=s.exec(n);i=T[1],o=T[2],s=u,s.test(i)&&(n=i+t[o])}if(s=E,s.test(n)){var T=s.exec(n);i=T[1],o=T[2],s=u,s.test(i)&&(n=i+e[o])}if(s=_,a=F,s.test(n)){var T=s.exec(n);i=T[1],s=c,s.test(i)&&(n=i)}else if(a.test(n)){var T=a.exec(n);i=T[1]+T[2],a=c,a.test(i)&&(n=i)}if(s=O,s.test(n)){var T=s.exec(n);i=T[1],s=c,a=f,h=N,(s.test(i)||a.test(i)&&!h.test(i))&&(n=i)}return s=P,a=c,s.test(n)&&a.test(n)&&(s=g,n=n.replace(s,"")),"y"==r&&(n=r.toLowerCase()+n.substr(1)),n};return T}(),t.Pipeline.registerFunction(t.stemmer,"stemmer"),t.stopWordFilter=function(e){return e&&t.stopWordFilter.stopWords[e]!==e?e:void 0},t.stopWordFilter.stopWords={a:"a",able:"able",about:"about",across:"across",after:"after",all:"all",almost:"almost",also:"also",am:"am",among:"among",an:"an",and:"and",any:"any",are:"are",as:"as",at:"at",be:"be",because:"because",been:"been",but:"but",by:"by",can:"can",cannot:"cannot",could:"could",dear:"dear",did:"did","do":"do",does:"does",either:"either","else":"else",ever:"ever",every:"every","for":"for",from:"from",get:"get",got:"got",had:"had",has:"has",have:"have",he:"he",her:"her",hers:"hers",him:"him",his:"his",how:"how",however:"however",i:"i","if":"if","in":"in",into:"into",is:"is",it:"it",its:"its",just:"just",least:"least",let:"let",like:"like",likely:"likely",may:"may",me:"me",might:"might",most:"most",must:"must",my:"my",neither:"neither",no:"no",nor:"nor",not:"not",of:"of",off:"off",often:"often",on:"on",only:"only",or:"or",other:"other",our:"our",own:"own",rather:"rather",said:"said",say:"say",says:"says",she:"she",should:"should",since:"since",so:"so",some:"some",than:"than",that:"that",the:"the",their:"their",them:"them",then:"then",there:"there",these:"these",they:"they","this":"this",tis:"tis",to:"to",too:"too",twas:"twas",us:"us",wants:"wants",was:"was",we:"we",were:"were",what:"what",when:"when",where:"where",which:"which","while":"while",who:"who",whom:"whom",why:"why",will:"will","with":"with",would:"would",yet:"yet",you:"you",your:"your"},t.Pipeline.registerFunction(t.stopWordFilter,"stopWordFilter"),t.trimmer=function(t){var e=t.replace(/^\W+/,"").replace(/\W+$/,"");return""===e?void 0:e},t.Pipeline.registerFunction(t.trimmer,"trimmer"),t.TokenStore=function(){this.root={docs:{}},this.length=0},t.TokenStore.load=function(t){var e=new this;return e.root=t.root,e.length=t.length,e},t.TokenStore.prototype.add=function(t,e,n){var n=n||this.root,i=t[0],o=t.slice(1);return i in n||(n[i]={docs:{}}),0===o.length?(n[i].docs[e.ref]=e,void(this.length+=1)):this.add(o,e,n[i])},t.TokenStore.prototype.has=function(t){if(!t)return!1;for(var e=this.root,n=0;n 3 | 4 | 5 | 6 | 7 | Exam Prep · GitBook 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 |
    70 |
    71 | 72 | 73 | 76 | 77 | 78 | 564 | 565 | 566 |
    567 | 568 |
    569 | 570 |
    571 | 572 | 573 | 574 | 583 | 584 | 585 | 586 | 587 |
    588 |
    589 | 590 |
    591 |
    592 | 593 |
    594 | 595 |

    Exam Prep

    596 |

    Plan (with Dates)

    597 |
      598 |
    • 19th - 25% Content
      • 599 |
    • 24th - 50% Content
      • 600 |
    • 25-26th - 100% Content
      • 601 |
    • 26th-1st - Everything Remaining / Exam Tips
      • 602 |
    603 |

    About The Exam

    604 |
      605 |
    • 90 Minutes
      • 606 |
    • 65 Questions
      • 607 |
    • 3 Year Validity
      • 608 |
    609 | 610 | 611 |
    612 | 613 |
    614 |
    615 |
    616 | 617 |

    results matching ""

    618 |
      619 | 620 |
      621 |
      622 | 623 |

      No results matching ""

      624 | 625 |
      626 |
      627 |
      628 | 629 |
      630 |
      631 | 632 |
      633 | 634 | 635 | 636 | 637 | 638 | 639 | 640 | 641 | 642 | 643 | 644 | 645 | 646 | 647 |
      648 | 649 | 655 |
      656 | 657 | 658 | 659 | 660 | 661 | 662 | 663 | 664 | 665 | 666 | 667 | 668 | 669 | 670 | 671 | 672 | 673 | 674 | 675 | 676 | 677 | 678 | 679 | 680 | 681 | 682 | 683 | 684 | 685 | 686 | 687 | 688 | 689 | -------------------------------------------------------------------------------- /docs/sysops-associate/1-priorart.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | ✅ 1 - Prior Art · GitBook 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 |
      70 |
      71 | 72 | 73 | 76 | 77 | 78 | 564 | 565 | 566 |
      567 | 568 |
      569 | 570 |
      571 | 572 | 573 | 574 | 583 | 584 | 585 | 586 | 587 |
      588 |
      589 | 590 |
      591 |
      592 | 593 |
      594 | 595 |

      Part 0: Prior Art

      596 |

      OSI Layer Model

      597 |
        598 |
      • Conceptual framework (not enforced)
        • 599 |
      • Physical — Cables, voltage, plugs.
        • 600 |
      • Data Link — Switches and routers
        • 601 |
      • Network — Packet forwarding
        • 602 |
      • Transport — TCP / IP
        • 603 |
      • Session — Connection between two machines.
        • 604 |
      • Presentation — Translation between application and network (i.e encryption).
        • 605 |
      • Application — A web browser, or applications.
        • 606 |
      607 | 608 | 609 |
      610 | 611 |
      612 |
      613 |
      614 | 615 |

      results matching ""

      616 |
        617 | 618 |
        619 |
        620 | 621 |

        No results matching ""

        622 | 623 |
        624 |
        625 |
        626 | 627 |
        628 |
        629 | 630 |
        631 | 632 | 633 | 634 | 635 | 636 | 637 | 638 | 639 | 640 | 641 | 642 | 643 | 644 | 645 |
        646 | 647 | 653 |
        654 | 655 | 656 | 657 | 658 | 659 | 660 | 661 | 662 | 663 | 664 | 665 | 666 | 667 | 668 | 669 | 670 | 671 | 672 | 673 | 674 | 675 | 676 | 677 | 678 | 679 | 680 | 681 | 682 | 683 | 684 | 685 | 686 | 687 | --------------------------------------------------------------------------------