Author: rodrigtech
-
Kargo by Akuity CD of the Future
Introduction Kargo is a new tool presented by Akuity that aims at treating your releases as stages rather than environments shifting from deliver of the artifacts that are produced in CI pipelines as in continuous delivery the packaged artifact moves from different areas as needed uat, dev, prod. While ArgoCD revolutionize the use of GitOps…
-
Paralus Secure Kubernetes Access in AKS
Introduction Paralus is a CNCF project in sandbox status that I’ve sat through a series of use cases in the Cloud Native Security Conference a good while back and felt like this deserved more attention for areas of focus that many organizations are struggling with providing remote access to clusters securely without running up costs…
-
Chaos Studio Experiments in AKS
Introduction Chaos Studio was presented as a service in Microsoft Azure that is to measure and understand your applications service resilience, I’ve wrote about using LitmusChaos previously in a blog but felt like I could create more on this topic as application resiliency is not only pivotal to organizations operations. Chaos Engineering is the practice…
-
Conftest in Terraform in Action
Introduction In today’s rapidly evolving technological landscape, ensuring the security and compliance of infrastructure has become paramount. Open Policy Agent (OPA) is a CNCF-graduated open-source project that utilizes rego policies for enforcement. With its ability to expand to multiple resources and its relatively easy-to-pick-up syntax, OPA has gained significant popularity. In this blog post, we…
-
Kubernetes v1.28.0 Validating Admission Policies
Kubernetes recently dubbed “Planternetes” with a large amount of enhancements, notably I’m covering some aspects of new releases in security features and Validating Admission Policies stood out to me. I’ve created a script using bash and kind with proper configuration for you to run this demo. I’m running on Ubuntu you can use macOS or…
-
Kubernetes Bill of Materials – Supply Chain Security
Software Bill of Materials has grown in popularity and adoption from many open source software projects to provide transparency of software supply chain attestation of packages associated with the build of the software. While the aim of Software Bill of Materials aims to reduce or be the front protection in the movement behind software supply…
-
Kyverno Policy-as-Code in Prometheus
Policy-as-code is a declarative nature that you can use for safe guards in your kubernetes cluster notably this relies on the Open Policy Agent. A project known as Kyverno, I’ve covered in a previous post uses this and expands the usage in a short form YAML. For this demo today I’m running Kubernetes on a…
-
Azure Kubernetes Service Gateway API for Containers (Backend MTLS)
Background Application Gateway for Containers is a new feature offering for Azure Kubernetes Service that encompasses native capabilities and extends the use of services by implementing a Application Load Balancer controller to facilitate operations. Options of going more native to Kubernetes is really a strong suit of Azure that the operations that allows your organization…
-
Application Gateway for Containers in Azure Kubernetes Service (AKS)
Most of the production recommendations in regards to Azure Kubernetes Service was directed to use native Application Gateway Ingress Controller. I’ve heard mixed uses of this being cumbersome and tedious that others have opted for use of nginx-ingress controller. As of this week the (preview) for Application Gateway for Containers is able to be used…
-
Image Signing in Kubernetes on Oracle Kubernetes Engine
Image Signing Intro Image signing is a native feature of Oracle Cloud Infrastructure and this is a feature that can ensure your cluster doesn’t deploy images that aren’t signed. For instance your developers design a container image and want to push upstream to your cluster, but prior to allowing this the image has to be…