Tag: cloud native
-
Conftest and authoring custom checks in Policy as Code
Introduction In the rapidly evolving world of Infrastructure as Code (IaC), ensuring compliance and security is paramount. How can we use tools that agnostically enforce guard rails uninformedly? One way to do this without incurring extravagant costs is using Conftest a wrapper of OPA. In this latest blog I’m going to cover how Conftest seamlessly…
-
Road to Multi-Cloud Architect 2023 Reflections
Head in the clouds November was filled with immense amounts announced throughout multiple cloud platforms but also notes when I’ve finally accomplished a well sought after goal of mine, achieving all three CSP’s Architect Pro. It would be of note that the landscape is constantly changing and staying at this pace of bleeding edge you…
-
Chaos Mesh on EKS
Introduction Ensuring the reliability and resilience of modern cloud-native applications is crucial, especially as services scale to support more users and traffic. One effective approach is chaos engineering – intentionally introducing failures, delays, and other adverse conditions to evaluate a system’s response and ability to recover. By proactively testing how an application behaves under chaotic…
-
Azure Kubernetes Service with Notary and Ratify
Introduction Azure Kubernetes Service while having many additions and capabilities continues to implement more native security controls and recently announced the use of signed images with leveraging the open-source project Ratify for a parameter known as ImageIntegrity. This is not only a step-forward of first party native capabilities but also a guard-rail that extends the…
-
Wazuh on Kubernetes
Wazuh is a open-source XDR and SIEM with cloud workload protection in this blog post we are covering the kubernetes deployment of resources for Wazuh in a cluster. For starters we are going to need to clone our repo to follow along mind you I’m hosting this in AKS. For clusters involving EKS in the…
-
Paralus Secure Kubernetes Access in AKS
Introduction Paralus is a CNCF project in sandbox status that I’ve sat through a series of use cases in the Cloud Native Security Conference a good while back and felt like this deserved more attention for areas of focus that many organizations are struggling with providing remote access to clusters securely without running up costs…
-
Conftest in Terraform in Action
Introduction In today’s rapidly evolving technological landscape, ensuring the security and compliance of infrastructure has become paramount. Open Policy Agent (OPA) is a CNCF-graduated open-source project that utilizes rego policies for enforcement. With its ability to expand to multiple resources and its relatively easy-to-pick-up syntax, OPA has gained significant popularity. In this blog post, we…
-
Kubernetes v1.28.0 Validating Admission Policies
Kubernetes recently dubbed “Planternetes” with a large amount of enhancements, notably I’m covering some aspects of new releases in security features and Validating Admission Policies stood out to me. I’ve created a script using bash and kind with proper configuration for you to run this demo. I’m running on Ubuntu you can use macOS or…
-
How to Evaluate a Cloud Native Application Platform: What to evaluate and consider
In order to evaluate a cloud native application platform, it is important to understand what to look for and the different aspects of architecture. There are many benefits to using a cloud native application platform, including the ability to scale applications and manage resources more effectively. When choosing a platform, it is important to consider…