Head in the clouds November was filled with immense amounts announced throughout multiple cloud platforms but also notes when I’ve finally accomplished a well sought after goal of mine, achieving all three CSP’s Architect Pro. It would be of note that the landscape is constantly changing and staying at this pace of bleeding edge you…
Kubernetes Architecture and Decisions for Adoption in regards to Security of Microservices in Cloud
From a graphical standpoint its easy to see the control plane as being multiple components the idea of microservices is splitting these services up to be infrastructure independent and for the most part it is important to understand this as you’re organization is considering moving to kubernetes. Multiple approaches to adoption can be determined by…
Serverless App Engine Logic App
While exploring the services in Azure, I’ve been in constant thought of how to use the Logic App service offered Logic App Designer. While exploring more in-depth MS Documentation I’ve created a logic app for a small project on the calculating the time to travel to my local university on the days I have lectures….
Certifications Journey
This year has been busy, from the beginning of December of 2020 I started on a journey to pursue many of the certifications I’ve been procrastinating on. It started partly because I had a plethora of time since my fall semester was more hectic than usual so I didn’t allocate enough time for the exams…
Defender for Containers (CWPP)
If you’re managing production-grade workloads on a major cloud platform, it’s essential to assess your security framework, particularly as you shift towards microservices and orchestration. A key yet often overlooked solution in this space is Microsoft Defender for Containers. Part of the broader Microsoft Defender for Cloud, this tool provides critical visibility and protection for…
SpinKube WASM in Kubernetes
SpinKube is a new open-source project that is tailored to deploying WASM (WebAssembly) workloads on Kubernetes. SpinKube enhances the ability of scalability of WASM applications this tool allows integration with kubernetes primitives and use of conversion of application using the spin-plugin to make it effective conversion of YAML to interpret by the cluster and serve…
AWS Config
Cloud operations with the control plane leverage a large amount of API’s and permissions behind the scenes abstracted from the end users. To continuously address these changes and states in your environment natively you can use AWS Config. Visually the set up for this in a simple configuration is shown below to illustrate the service…
ABAC in AWS IAM
Attribute-based access control (ABAC) enhances identity and access management by allowing the assignment of specific conditions to authorization requests. These conditions, often referred to as attributes, include tags that can be attached to IAM resources—such as users or roles—as well as to other AWS resources. Understanding and implementing ABAC policies can be challenging, often acting…
API Server VNET Integration
Connectivity in AKS If you’re running AKS in production you’ll likely encounter the private link scope and integration of leverage private DNS zones for putting the API server behind private IP’s rather than accessible on port 6443 or you should be doing this. But what about other options? Perhaps you’re spinning up a dev/test cluster…
Retina by Microsoft OSS
KubeCon 2024 in Europe has recently wrapped up this past week with some major announcements from various vendors one that stood out to me is the use of Retina. Microsoft released a open-source cloud-agnostic Kubernetes Network Observability platform this can provide a path to customizable telemetry. This telemetry has multiple options on where you’d like…
Exploring KEDA Scaling to Zero
Continuing experimentation on CNCF projects I’ve stumbled across one that is near and dear to the Microsoft Azure space since KEDA was introduced with some contributors from Microsoft and still has maintainers that are current as of this repo’s README.md. To understand further on what exactly KEDA is we start at the top of what…
KubeArmor Explored
KubeArmor is a cloud-native runtime security enforcement system that works with restricting behavior (this resides with execution, file access, and network operations) of pods, containers, and nodes (VM’s) at the system level. The way this tool works is by using Linux Security Modules which to no surprise are enamored in the Certified Kubernetes Security Specialist…
AKS Isitio Bring Your Own Certificate
Azure Kubernetes Service added the Istio-add-on to provide native function to the user without having to install an additional helm chart while this is managed by Microsoft a request for some of the areas from customers encompass areas that have more control over data protections. Natively the use of self-signed root certificates are generated and…
Azure ML on AKS with Trusted Access
Trusted Access which is in preview provides secure access to the Kubernetes API Server while granting services that are needed for operations without requiring a traditional (private-endpoint). This feature uses the system0assigned managed identity as a authentication mechanism as intermediary to access your AKS clusters. As always in any feature that is rolled out prior…