Category: Blog

  • Retina by Microsoft OSS

    KubeCon 2024 in Europe has recently wrapped up this past week with some major announcements from various vendors one that stood out to me is the use of Retina. Microsoft released a open-source cloud-agnostic Kubernetes Network Observability platform this can provide a path to customizable telemetry. This telemetry has multiple options on where you’d like…

  • Exploring KEDA Scaling to Zero

    Continuing experimentation on CNCF projects I’ve stumbled across one that is near and dear to the Microsoft Azure space since KEDA was introduced with some contributors from Microsoft and still has maintainers that are current as of this repo’s README.md. To understand further on what exactly KEDA is we start at the top of what…

  • KubeArmor Explored

    KubeArmor is a cloud-native runtime security enforcement system that works with restricting behavior (this resides with execution, file access, and network operations) of pods, containers, and nodes (VM’s) at the system level. The way this tool works is by using Linux Security Modules which to no surprise are enamored in the Certified Kubernetes Security Specialist…

  • AKS Isitio Bring Your Own Certificate

    AKS Isitio Bring Your Own Certificate

    Azure Kubernetes Service added the Istio-add-on to provide native function to the user without having to install an additional helm chart while this is managed by Microsoft a request for some of the areas from customers encompass areas that have more control over data protections. Natively the use of self-signed root certificates are generated and…

  • Azure ML on AKS with Trusted Access

    Azure ML on AKS with Trusted Access

    Trusted Access which is in preview provides secure access to the Kubernetes API Server while granting services that are needed for operations without requiring a traditional (private-endpoint). This feature uses the system0assigned managed identity as a authentication mechanism as intermediary to access your AKS clusters. As always in any feature that is rolled out prior…

  • Navigating Federal Information Processing Standards in Azure Kubernetes Service

    Navigating Federal Information Processing Standards in Azure Kubernetes Service

    Organizations that operate in highly sensitive data domains have to often validate the use of FIPS(Federal Information Processing Standards) Level 2 compliant concerns throughout adoption of multiple technologies. This blog is intended to show the use of Azure Kubernetes Service FIPS Enablement along with the brief understanding of FIPS and uses. FIPS Levels are represented…

  • Lula Compliance Validator

    Lula Compliance Validator

    Project Lula is a tool written in Go by Defense Unicorns a organization that works in the cloud native space supporting the public sector that is to assist with auditing configuration to provide context if a expected input is not compliant at the command line you aware of it. Along with the findings will details…

  • Otterize Intent Based Access Control in Kubernetes

    Introduction Otterize is a organization that provides open-source CLI tool and a cloud-managed platform for managing kubernetes policies in a client-centric manner. In a nutshell, instead of mapping network policies depending on the CNI that you’re utilizing either Cilium, Calico, or Flannel this will alter the normal syntax you can put Intent-based for the workloads…

  • Capsule – Multi-tenant in Kubernetes

    Capsule – Multi-tenant in Kubernetes

    Introduction Multi-tenancy in Kubernetes refers to the ability to isolate and manage multiple user groups or ‘tenants’ within a single Kubernetes cluster. This approach is essential for organizations that want to maximize resource utilization while maintaining isolation and security between different user groups. Typically this can be achieved by either logical isolation mapping namespaces as…

  • Tetragon Cloud Native Security

    Cilium has become a prominent player in the Container Network Interface space and notably has been in acquisition of Cisco announced this week of Isovalent. It’s no surprise the leverage of eBPF for Runtime Enforcement and Security Observability also has enhanced visibility of the kernel system calls and activity that can deviate from known behavior,…