Tag: Cloud
-
Chaos Studio Experiments in AKS
Introduction Chaos Studio was presented as a service in Microsoft Azure that is to measure and understand your applications service resilience, I’ve wrote about using LitmusChaos previously in a blog but felt like I could create more on this topic as application resiliency is not only pivotal to organizations operations. Chaos Engineering is the practice…
-
Kubernetes Bill of Materials – Supply Chain Security
Software Bill of Materials has grown in popularity and adoption from many open source software projects to provide transparency of software supply chain attestation of packages associated with the build of the software. While the aim of Software Bill of Materials aims to reduce or be the front protection in the movement behind software supply…
-
Kyverno Policy-as-Code in Prometheus
Policy-as-code is a declarative nature that you can use for safe guards in your kubernetes cluster notably this relies on the Open Policy Agent. A project known as Kyverno, I’ve covered in a previous post uses this and expands the usage in a short form YAML. For this demo today I’m running Kubernetes on a…
-
Azure Kubernetes Service Gateway API for Containers (Backend MTLS)
Background Application Gateway for Containers is a new feature offering for Azure Kubernetes Service that encompasses native capabilities and extends the use of services by implementing a Application Load Balancer controller to facilitate operations. Options of going more native to Kubernetes is really a strong suit of Azure that the operations that allows your organization…
-
Image Signing in Kubernetes on Oracle Kubernetes Engine
Image Signing Intro Image signing is a native feature of Oracle Cloud Infrastructure and this is a feature that can ensure your cluster doesn’t deploy images that aren’t signed. For instance your developers design a container image and want to push upstream to your cluster, but prior to allowing this the image has to be…
-
Deploying Policy-as-Code with Kyverno in Kubernetes
Security in Kubernetes shifts the security enforcement with Admission Controllers the flow of these systems can be enhanced with utilization of tools such as Open Policy Agent which leverages rego to define parameters that must be met prior to authorization of operations requested against the Kubernetes api server. What is Kyverno? Kyverno is (greek for…
-
Otomi – PaaS for Kubernetes
Otomi is a platform as a service for Kubernetes, well let’s unpack exactly what that breaks down to. For instance in Kubernetes you’re mostly empowered depending on how you configure your cluster by numerous plugins/resources. Depending on how you are hosting your cluster this can be limited to the CSP’s native controls but also can…
-
Jenkins in Azure
Jenkins is an open-source automation server that is widely used for continuous integration and continuous delivery (CI/CD) pipelines. It allows developers to automate the building, testing, and deployment of their software applications, making the development process faster and more efficient. For todays post this will show how to run this on Azure Virtual Machines and…
-
Istio: The Powerhouse Behind Kubernetes Networking and Security
What is Istio? Istio is a service mesh that enables microservices to interact with each other securely and efficiently. Istio provides a range of capabilities that make it easier to develop, deploy, and manage microservices, including traffic management, service discovery, load balancing, rate limiting, and service-to-service authentication. Why use Istio? Istio provides a range of…
-
AccuKnox in Kubernetes
For today’s post I’ve been wanting to cover more open-source tools that can assist your production operations suite. Enter policy enforcement tool known as AccuKnox. What is AccuKnox? In a nutshell this tool provides policy enforcement and the components that make up this tool are capable of using with Cilium as CNI and adds a…