Category: Blog
-
Kubernetes Bill of Materials – Supply Chain Security
Software Bill of Materials has grown in popularity and adoption from many open source software projects to provide transparency of software supply chain attestation of packages associated with the build of the software. While the aim of Software Bill of Materials aims to reduce or be the front protection in the movement behind software supply…
-
Kyverno Policy-as-Code in Prometheus
Policy-as-code is a declarative nature that you can use for safe guards in your kubernetes cluster notably this relies on the Open Policy Agent. A project known as Kyverno, I’ve covered in a previous post uses this and expands the usage in a short form YAML. For this demo today I’m running Kubernetes on a…
-
Azure Kubernetes Service Gateway API for Containers (Backend MTLS)
Background Application Gateway for Containers is a new feature offering for Azure Kubernetes Service that encompasses native capabilities and extends the use of services by implementing a Application Load Balancer controller to facilitate operations. Options of going more native to Kubernetes is really a strong suit of Azure that the operations that allows your organization…
-
Application Gateway for Containers in Azure Kubernetes Service (AKS)
Most of the production recommendations in regards to Azure Kubernetes Service was directed to use native Application Gateway Ingress Controller. I’ve heard mixed uses of this being cumbersome and tedious that others have opted for use of nginx-ingress controller. As of this week the (preview) for Application Gateway for Containers is able to be used…
-
Image Signing in Kubernetes on Oracle Kubernetes Engine
Image Signing Intro Image signing is a native feature of Oracle Cloud Infrastructure and this is a feature that can ensure your cluster doesn’t deploy images that aren’t signed. For instance your developers design a container image and want to push upstream to your cluster, but prior to allowing this the image has to be…
-
Google Kubernetes with Prometheus
If you’ve been following along in the previous posts I’ve also stated that I’d release more content in regards to infrastructure as code and cloud native security content. Like anything if you’d like to follow along this time I’ll actually have a git repo for you to clone and work through should you like to…
-
Running Azure with Ansible
It’s likely you’ve heard of Ansible by Redhat this is a open-source configuration management language that can provision services and beyond. Recently I’ve been wanting to expand my knowledge in this area of code but also the use cases to see how its leveraged. For a quick introductory of how the tool works essentially you…
-
Multi-tenancy in Kubernetes with Kiosk
Multi-tenancy shouldn’t be unfamiliar to those who’ve already adopted some type of cloud model regardless if it’s hybrid and not full cloud-native. This also has been a area of adoption in the realm of kubernetes as likely every organization is facing financial optimization decisions. Today’s blog post explores the tool known as Kiosk that is…
-
Kubernetes with Calico – BYOCNI
Microsoft Azure Kubernetes Service opens up a whole world of exploration with the option for the customer to bring in container network interfaces of your choice. Wait what’s a Container Network Interface? Okay, lets start at the top for Kubernetes to communicate with networking services a Container Network Interface is needed the Cloud Native Computing…
-
Deploying Policy-as-Code with Kyverno in Kubernetes
Security in Kubernetes shifts the security enforcement with Admission Controllers the flow of these systems can be enhanced with utilization of tools such as Open Policy Agent which leverages rego to define parameters that must be met prior to authorization of operations requested against the Kubernetes api server. What is Kyverno? Kyverno is (greek for…