Keep Learning, Keep Growing

 https://www.ionos.com/digitalguide/server/know-how/nat-how-network-address-translation-works/ Network Address Translation (NAT) is a process used by routers to translate private IP addresses in a local network to a public IP address for communication over the internet. This is particularly useful when multiple devices in a private network need access to the internet but only a single public IP address is available. NAT provides a mechanism to manage the translation of private IP addresses and ports to public ones. Scenario Explanation: Router Configuration : The router has been assigned the public IP address 217.229.111.18 by the Internet Service Provider (ISP). The local network uses the private IP address range 192.168.0.0/24 (e.g., IPs from 192.168.0.0 to 192.168.0.24 ). Device Connection to the Internet : A device within the local network (e.g., a computer with private IP 192.168.0.2 ) wants to establish a connection to a web server with the public IP address 71.123.239....

IPsec provides encryption and authentication to secure IP traffic, commonly used in business VPNs. It supports two encapsulation modes: Tunnel Mode and Transport Mode . Tunnel Mode : Encrypts the entire IP packet (both header and payload). Commonly used for gateway-to-gateway or server-to-server connections across an untrusted network (e.g., the Internet). Adds a new IP header, protecting internal routing information. More secure but has higher overhead. Transport Mode : Only encrypts the payload of the IP packet, keeping the original header. Ideal for end-to-end communication between devices within the same network. Lower overhead and larger MTU but less secure in complex setups. When to Use Each: Tunnel Mode is best for inter-network security, especially when traversing NAT or untrusted networks. Transport Mode is ideal for direct, end-to-end communication with minimal overhead. #IPsec #VPN #NetworkSecurity https://www.perimeter81.com/glossary/ipsec-tunnel-mode-vs-transport-m...

Step 1 Create .drone.yml kind : pipeline name : your-project-name steps : - name : push images to harbor.google.com - name : kustomize-beta image : docker.io/drone-with-kustomization:latest settings : repo_url : ssh://git@git.google.com:20022/PROJECT/abc.git branch : master kustomization : your-app/overlays/beta update_image : - harbor.google.com/project/your-app-image:${DRONE_COMMIT_BRANCH}-${DRONE_COMMIT_SHA:0:7} environment : SSH_KEY : from_secret : SSH_KEY when : branch : develop event : push depends_on : - push image to harbor Create kustomize deployment files your-app / base / deployment.yaml apiVersion : apps/v1 kind : Deployment metadata : name : your-app-deployment spec : replicas : 3 revisionHistoryLimit : 3 selector : matchLabels : app : your-app-deployment template : metadata : labels : app : your-app-deployment spec : containers : ...