Tag: cloud native
-
Capsule – Multi-tenant in Kubernetes
Introduction Multi-tenancy in Kubernetes refers to the ability to isolate and manage multiple user groups or ‘tenants’ within a single Kubernetes cluster. This approach is essential for organizations that want to maximize resource utilization while maintaining isolation and security between different user groups. Typically this can be achieved by either logical isolation mapping namespaces as…
-
Tetragon Cloud Native Security
Cilium has become a prominent player in the Container Network Interface space and notably has been in acquisition of Cisco announced this week of Isovalent. It’s no surprise the leverage of eBPF for Runtime Enforcement and Security Observability also has enhanced visibility of the kernel system calls and activity that can deviate from known behavior,…
-
Kubernetes 1.29.0 Security Enhancements
Introduction Kubernetes 1.29.0 is now released this marks a significant milestone in the evolution of container orchestration, introducing robust security enhancements that cater to the ever-evolving demands of modern infrastructure management. This latest release encapsulates Kubernetes’ commitment to providing a secure, scalable, and highly efficient platform for deploying and managing containerized applications. With a focus…
-
Conftest and authoring custom checks in Policy as Code
Introduction In the rapidly evolving world of Infrastructure as Code (IaC), ensuring compliance and security is paramount. How can we use tools that agnostically enforce guard rails uninformedly? One way to do this without incurring extravagant costs is using Conftest a wrapper of OPA. In this latest blog I’m going to cover how Conftest seamlessly…
-
Road to Multi-Cloud Architect 2023 Reflections
Head in the clouds November was filled with immense amounts announced throughout multiple cloud platforms but also notes when I’ve finally accomplished a well sought after goal of mine, achieving all three CSP’s Architect Pro. It would be of note that the landscape is constantly changing and staying at this pace of bleeding edge you…
-
Chaos Mesh on EKS
Introduction Ensuring the reliability and resilience of modern cloud-native applications is crucial, especially as services scale to support more users and traffic. One effective approach is chaos engineering – intentionally introducing failures, delays, and other adverse conditions to evaluate a system’s response and ability to recover. By proactively testing how an application behaves under chaotic…
-
Azure Kubernetes Service with Notary and Ratify
Introduction Azure Kubernetes Service while having many additions and capabilities continues to implement more native security controls and recently announced the use of signed images with leveraging the open-source project Ratify for a parameter known as ImageIntegrity. This is not only a step-forward of first party native capabilities but also a guard-rail that extends the…
-
Wazuh on Kubernetes
Wazuh is a open-source XDR and SIEM with cloud workload protection in this blog post we are covering the kubernetes deployment of resources for Wazuh in a cluster. For starters we are going to need to clone our repo to follow along mind you I’m hosting this in AKS. For clusters involving EKS in the…
-
Paralus Secure Kubernetes Access in AKS
Introduction Paralus is a CNCF project in sandbox status that I’ve sat through a series of use cases in the Cloud Native Security Conference a good while back and felt like this deserved more attention for areas of focus that many organizations are struggling with providing remote access to clusters securely without running up costs…
-
Conftest in Terraform in Action
Introduction In today’s rapidly evolving technological landscape, ensuring the security and compliance of infrastructure has become paramount. Open Policy Agent (OPA) is a CNCF-graduated open-source project that utilizes rego policies for enforcement. With its ability to expand to multiple resources and its relatively easy-to-pick-up syntax, OPA has gained significant popularity. In this blog post, we…