One of the most routine encountered cases of software migration to the cloud is the migration of entire Kubernetes workload. As an ecosystem of its own supporting state reconciliation of resources for applications, workflows, orchestrations, and data store managers. As an instance of a resource type in the public cloud, it is a unit that lends itself to the management from the public cloud console. One of the management activities of this resource is its move from one location to another or one network to another. When switching just the network integration for outbound traffic for this network, it might be tempting to think of it as a property change of a resource that amounts to in-place update. But this is just the tip of the iceberg. Different methodologies and formulae for estimation although applicable to many scenarios do not apply to this case-study without further investigation.

In this case, the instance has a default node pool and many additional node pools that may still be referencing the old network even with directive to switch to new network. They also happen to refer to additional storage accounts for facilitating the creation of persistent volumes as key vaults for storing secrets. If these satellite resources are also restricting traffic to private planes, then networking and authentication must both be enabled from the new network.

The infrastructure changes for this might also not be straight forward single-pass and require iterative maneuvers to make incremental progress. This is specifically the case when the IaC compiler encounters multiple other resources and detect changes in them the path of minimal changes to the infrastructure will imply the lowest cost and this works very well if we can wipe clean and create with the same specifications as earlier but with the new network.

Thus, estimation of infrastructure is heavily dependent on what the resource needs, the changes being made to it and what the compiler detects as mandatory to perform before applying the change.

 There are N points (numbered from 0 to N−1) on a plane. Each point is colored either red ('R') or green ('G'). The K-th point is located at coordinates (X[K], Y[K]) and its color is colors[K]. No point lies on coordinates (0, 0).

We want to draw a circle centered on coordinates (0, 0), such that the number of red points and green points inside the circle is equal. What is the maximum number of points that can lie inside such a circle? Note that it is always possible to draw a circle with no points inside.

Write a function that, given two arrays of integers X, Y and a string colors, returns an integer specifying the maximum number of points inside a circle containing an equal number of red points and green points.

Examples:

1. Given X = [4, 0, 2, −2], Y = [4, 1, 2, −3] and colors = "RGRR", your function should return 2. The circle contains points (0, 1) and (2, 2), but not points (−2, −3) and (4, 4).

class Solution {

    public int solution(int[] X, int[] Y, String colors) {

        // find the maximum

        double max = Double.MIN_VALUE;

        int count = 0;

        for (int i = 0; i < X.length; i++)

        {

            double dist = X[i] * X[i] + Y[i] * Y[i];

            if (dist > max)

            {

                max = dist;

            }

        }

        for (double i = Math.sqrt(max) + 1; i > 0; i -= 0.1)

        {

            int r = 0;

            int g = 0;

            for (int j = 0; j < colors.length(); j++)

            {

                if (Math.sqrt(X[j] * X[j] + Y[j] * Y[j]) > i)

                {

                    continue;

                }

                if (colors.substring(j, j+1).equals("R")) {

                    r++;

                }

                else {

                    g++;

                }

            }

            if ( r == g && r > 0) {

                int min = r * 2;

                if (min > count)

                {

                    count = min;

                }

            }

        }

        return count;

    }

}

Compilation successful.

Example test: ([4, 0, 2, -2], [4, 1, 2, -3], 'RGRR')

OK

Example test: ([1, 1, -1, -1], [1, -1, 1, -1], 'RGRG')

OK

Example test: ([1, 0, 0], [0, 1, -1], 'GGR')

OK

Example test: ([5, -5, 5], [1, -1, -3], 'GRG')

OK

Example test: ([3000, -3000, 4100, -4100, -3000], [5000, -5000, 4100, -4100, 5000], 'RRGRG')

OK

 Number of Ways to Split Array

You are given a 0-indexed integer array nums of length n.

nums contains a valid split at index i if the following are true:

• The sum of the first i + 1 elements is greater than or equal to the sum of the last n - i - 1 elements.

• There is at least one element to the right of i. That is, 0 <= i < n - 1.

Return the number of valid splits in nums.

Example 1:

Input: nums = [10,4,-8,7]

Output: 2

Explanation:

There are three ways of splitting nums into two non-empty parts:

- Split nums at index 0. Then, the first part is [10], and its sum is 10. The second part is [4,-8,7], and its sum is 3. Since 10 >= 3, i = 0 is a valid split.

- Split nums at index 1. Then, the first part is [10,4], and its sum is 14. The second part is [-8,7], and its sum is -1. Since 14 >= -1, i = 1 is a valid split.

- Split nums at index 2. Then, the first part is [10,4,-8], and its sum is 6. The second part is [7], and its sum is 7. Since 6 < 7, i = 2 is not a valid split.

Thus, the number of valid splits in nums is 2.

Example 2:

Input: nums = [2,3,1,0]

Output: 2

Explanation:

There are two valid splits in nums:

- Split nums at index 1. Then, the first part is [2,3], and its sum is 5. The second part is [1,0], and its sum is 1. Since 5 >= 1, i = 1 is a valid split.

- Split nums at index 2. Then, the first part is [2,3,1], and its sum is 6. The second part is [0], and its sum is 0. Since 6 >= 0, i = 2 is a valid split.

Constraints:

• 2 <= nums.length <= 105

• -105 <= nums[i] <= 105

Solution:

class Solution {

    public int waysToSplitArray(int[] nums) {

        if (nums == null || nums.length <= 1 ) return 0;

        int sumSoFar = 0;

        int total = 0;

        int count = 0;

        for (int i = 0; i < nums.length; i++) {

            total += nums[i];

        }

        for (int i = 0; i < nums.length - 1; i++) {

            sumSoFar += nums[i];

            if (sumSoFar >= total-sumSoFar) {

                count += 1;

            }

        }

        return count;

    }

}

Test cases:

[0] => 0

[1] => 0

[0,1] => 0

[1,0] => 1

[0,0,1] => 0

[0,1,0] => 1

[0,1,1] => 1

[1,0,0] => 2

[1,0,1] => 2

[1,1,0] => 2

[1,1,1] => 1

 This is a summary of the book titled “The Psychological Safety Playbook” written by Minette Norman and Karolin Helbig and self-published in 2023. Psychological safety is as much relevant to workplace as it is to relationships, terms and culture. The authors highlight five skills leaders must harness to achieve this: communication, listening, emotional regulation, managing failure, and inclusion. Each of these five skills is accompanied by five ways to implement them. Everyone needs to feel psychologically safe to reach their full potential. When they communicate, they must be able to speak up, welcome diverse viewpoints, and not insist on their own. When we improve our listening skills, others feel understood. Our emotional reactions and kneejerk behavior must be regulated, so others find it easy to open up. They must be able to take risks and fail, learn and innovate. Inclusive rituals and gathering feedback improves participation. This book is easy to read and inspiring at the same time.

Psychological safety is crucial for a team's success, as it allows individuals to ask questions, express concerns, and admit mistakes without fear of humiliation or punishment. This creates an environment where people feel safe to contribute ideas, express dissent, and challenge leaders. Leaders should set the tone, ensure everyone feels valued, and create an environment where they can model behavior such as listening, humility, trust, and openness to criticism. Courageous communication involves welcoming diverse viewpoints and embracing dissent. Leaders should invite varied viewpoints, encourage dissent, and display feelings productively. They should avoid perfectionism, admit their own inadequacies, and be funny to build connection and trust. By fostering a culture of continuous learning, leaders can foster a culture of psychological safety and high-performing cultures. By embracing these practices, leaders can foster a more inclusive and innovative work environment.

Skilled listening involves understanding others' perspectives and understanding their emotions. It requires humility and mindfulness, allowing for acceptance of different viewpoints without agreeing. Participation is key, with a focus on the conversation partner, paraphrasing and summarizing what is heard. Emotions are crucial for decision-making, but often unstated. Identifying emotions through micro-expressions, gestures, and body language is essential. Show empathy without judgment and encourage curiosity by asking for clarification and allowing for silence. By demonstrating curiosity and allowing for further engagement, you can foster a more inclusive and effective conversation.

Emotional regulation is crucial in ensuring a productive response to challenges. It involves self-awareness, emotional control, and sincere appreciation for challengers. To respond non-defensively, observe defensive reactions and pause before responding. Label emotions with logical thinking and be objective. Deconstruct blind spots by seeking alternative perspectives and examining contradictory evidence. Express grace and gratitude towards challengers, recognizing and labeling emotional and physiological responses. Move towards confrontation rather than away from it, reminding yourself of shared values and goals. Learn from new ideas by building on them, not avoiding negative reactions and treating new proposals as valuable experiments.

Leaders should embrace risk and failure to foster a culture of learning and innovation. This doesn't mean lowering performance standards or letting accountability slide. Instead, leaders should welcome failure, frame it as part of the journey towards innovation, and share stories of high performers who have overcome setbacks. Befriending uncomfortable emotions, demonstrating learning behavior, and facilitating continual learning are also essential. By embracing failure and mistakes, leaders can help employees understand why a failure occurred and how to remedy it. Regular, blame-free postmortems and "premortems" can help employees understand the learning process and encourage continuous learning. Rewarding people who identify potential flaws in a plan can also contribute to a more positive work environment.

Inclusive rituals and feedback gathering are essential for creating a diverse team culture. Appoint an "inclusion booster" at meetings to ensure everyone has a chance to speak. Establish a no-interruption rule and encourage concise speaking. Set a rule that "no one speaks twice until everyone speaks once" to foster innovation. Use visual timers and collaboration tools to keep everyone concise. Assemble post-meeting feedback to promote accountability and measure progress. Express gratitude to workers for their work, challenging ideas, and celebrating hard work. Keep all responses confidential and encourage team members to collaborate effectively.

References:

1. PreviousBookSummary.docx

2. SummarizerCodeSnippets.docx

3. DroneInformationManagement.docx

4. https://coursera.org/share/89dd61377bad7e93402c5bb3440414af

5. https://coursera.org/share/b1e019fd7028b96f54a057db4d11ea85

#codingexercise : https://1drv.ms/w/s!Ashlm-Nw-wnWhNN5MYAncYz3czQKUw?e=JHwWUU?

 This is a continuation of the articles on IaC shortcomings and resolutions. The previous articles talked about different data backup and migration strategies and provided steps to go over the variations for resource types. This article discusses what is needed for a specific case where the data transfer must span azure management hierarchy of tenants, subscriptions, resource-groups and resources. As before, we will assume that all resources have private networking enabled for security and performance reasons. In addition, each virtual network for private networking is isolated from one another. For example, the virtual network in one subscription might not have any peering with that in any other subscription. Both public and private IP connectivity is enabled for each resource that acts as source and destination for data transfer.

Given such a scenario, the traditional way to allow cross virtual network access for use of resources in the said networks has been the use of private connections by virtue of private endpoints. Consequently, any destination for data transfer can request a private endpoint to be added where the data is saved on the source virtual network. Each virtual network can safely assume that typical options of name resolution to private IP assigned to these private connections is enabled with the help of private domain name resolution service. When the destination can connect to the remote source via the private IP connectivity thus established, the destination will be able to pull the data from the source. This works well for paired servers of the same resource type with the help of continuous replication that is supported by the resource types such as Azure managed instances of MySQL flexible servers and Azure managed instances for Apache Cassandra. However, it does not work that easily for cases where a third resource type or automation is involved to perform the transfers by way of pulling from the source and pushing to the destination. The involvement of a resource type, such as a Database Migration Service or an automation requires networking to be available to both source and the destination, so more connections need to be established than earlier and from both source and destination. These connections are always on the private IP connectivity plane, but it is also possible to keep the traffic over the public if the size of the data transfers is small and the encryption for data in transit is supported. In such cases, IP addresses for the entity performing the data transfers must be supported between the source and the destination. Any firewall or firewall polices must also support the allow listing of IP addresses. If the entity is an Azure resource and receives a public IP address from Azure, then it is not necessary to add allowlists for Microsoft IP addresses because such resources can be allowed traffic with the “Bypass trusted Azure services” option that is available under the network settings of the source and the destination. With the help of this option, it is easy to keep the public IP access restrictions light and simple. All traffic between Azure resources with public IP addresses from Azure will in such a case, flow over the Azure networking backbone. This prevents the Azure services from going over the public internet and provides very low latency of less than ten milliseconds as opposed to a hundred to two hundred milliseconds. In addition, to networking, authentication must be setup for each of the entity performing the data transfers. This again is required only in the case where continuous replication is not involved. An application identity can be dedicated for data backup/migration purposes. A role that honors the principle of least privilege must be assigned to this identity at both the source and the destination.

#codingexercise

https://1drv.ms/w/s!Ashlm-Nw-wnWhNIeZZhspIpNfjqURg?e=pymL9w

 Database migration between Cassandra servers

This section describes the way to transfer data between the Azure Managed Instances of Apache Cassandra. This is done with the help of “nodetool” and “sstableloader” commands via the Azure CLI using the steps outlined below. For more information on the DBA commands for this instance, please visit https://learn.microsoft.com/en-us/azure/maaged-instance-apache-cassandra/dba-commands. Ensure that your automation identity has the necessary permission to run azcopy and az cli.

1. The first step involves creating a snapshot of the data. This is done with:

# Create a snapshot

az managed-cassandra cluster invoke-command \

  --resource-group <resource-group> \

  --cluster-name <cluster-name> \

  --host <host-ip> \

  --command-name nodetool \

  --arguments "snapshot <keyspace> -t <snapshot-name>"

# Download the snapshot files using azcopy

azcopy copy "https://<storage-account>.blob.core.windows.net/<container>/<path-to-snapshot>/*" "<local-directory>"

2. The second step involves uploading the snapshot to another instance. This is done with:

# Upload the snapshot files using azcopy

azcopy copy "<local-directory>/*" "https://<storage-account>.blob.core.windows.net/<container>/<path-to-upload>"

# Load the data using sstableloader

az managed-cassandra cluster invoke-command \

  --resource-group <resource-group> \

  --cluster-name <cluster-name> \

  --host <host-ip> \

  --command-name sstableloader \

  --arguments "-d <data-directory> <keyspace> <table>"

3. Finally, test that the data are similar.

Data Backup/Restore or Migration are usually considered last resort as most resources in Azure allow continuous replication across paired servers. But when they become inevitable, these steps make the task easier.

 Why are Enterprise Application registrations and Service principals’ creation excluded from IaC?

When we create an Azure App Registration, it results in the creation of both an Application Object and a Service Principal Object. The application object is the representation of the application in the home tenant and acts as a template or blueprint for creating service principals. It contains information about how the application can issue tokens, the resources it can access and the actions it can perform. One can configure API permissions, client secrets, branding, and App roles within this object definition.

A service principal aka Enterprise Application is a concrete instance of the application object within a specific tenant. It represents the application’s identity and comes with a unique object identifier that can be used for non-interactive automations. Each tenant where the application is used will have its own service principal. Most role-based access control assignments for the application are made using this object identifier.

It is possible to register the application using IaC but there are several drawbacks due to which they are not popular. For example, there are special permissions needed for the identity used with the pipeline to deploy such a registration in the Azure Entra aka Active Directory. Such permissions are usually difficult to distribute and must remain within the exclusive control of a centralized entity within the organization which is usually named the Identity and Access Management team. When the permissions are not sufficient, the idempotency of the resource creation and deletion is lost. At this point, the syntax and semantics of app registration appear to be broken and for this reason, it is difficult for anyone to create application registrations from code deploying to their subscriptions. All such registrations will end up in the same global active directory.

Another reason is that the provider registrations and the Active directory must remain up to date otherwise version discrepancies affect the IaC. Since the resource is global and not specific to the azure subscription-resource-group-and-resource tri-level hierarchy, the provider can change the syntax and semantics for the global entity that do not get captured with the IaC that once worked and does not later. For this reason, it is important that azure Active Directory resources not be treated the same as resources that instantiate services from Azure’s service portfolio

Previous article: https://1drv.ms/w/s!Ashlm-Nw-wnWhPVXO5Lemyhk5z34HA?e=8e2jVb