Tag: kubernetes
-
Otterize Intent Based Access Control in Kubernetes
Introduction Otterize is a organization that provides open-source CLI tool and a cloud-managed platform for managing kubernetes policies in a client-centric manner. In a nutshell, instead of mapping network policies depending on the CNI that you’re utilizing either Cilium, Calico, or Flannel this will alter the normal syntax you can put Intent-based for the workloads…
-
Capsule – Multi-tenant in Kubernetes
Introduction Multi-tenancy in Kubernetes refers to the ability to isolate and manage multiple user groups or ‘tenants’ within a single Kubernetes cluster. This approach is essential for organizations that want to maximize resource utilization while maintaining isolation and security between different user groups. Typically this can be achieved by either logical isolation mapping namespaces as…
-
Tetragon Cloud Native Security
Cilium has become a prominent player in the Container Network Interface space and notably has been in acquisition of Cisco announced this week of Isovalent. It’s no surprise the leverage of eBPF for Runtime Enforcement and Security Observability also has enhanced visibility of the kernel system calls and activity that can deviate from known behavior,…
-
Kubernetes 1.29.0 Security Enhancements
Introduction Kubernetes 1.29.0 is now released this marks a significant milestone in the evolution of container orchestration, introducing robust security enhancements that cater to the ever-evolving demands of modern infrastructure management. This latest release encapsulates Kubernetes’ commitment to providing a secure, scalable, and highly efficient platform for deploying and managing containerized applications. With a focus…
-
Road to Multi-Cloud Architect 2023 Reflections
Head in the clouds November was filled with immense amounts announced throughout multiple cloud platforms but also notes when I’ve finally accomplished a well sought after goal of mine, achieving all three CSP’s Architect Pro. It would be of note that the landscape is constantly changing and staying at this pace of bleeding edge you…
-
Chaos Mesh on EKS
Introduction Ensuring the reliability and resilience of modern cloud-native applications is crucial, especially as services scale to support more users and traffic. One effective approach is chaos engineering – intentionally introducing failures, delays, and other adverse conditions to evaluate a system’s response and ability to recover. By proactively testing how an application behaves under chaotic…
-
Azure Kubernetes Service with Notary and Ratify
Introduction Azure Kubernetes Service while having many additions and capabilities continues to implement more native security controls and recently announced the use of signed images with leveraging the open-source project Ratify for a parameter known as ImageIntegrity. This is not only a step-forward of first party native capabilities but also a guard-rail that extends the…
-
Wazuh on Kubernetes
Wazuh is a open-source XDR and SIEM with cloud workload protection in this blog post we are covering the kubernetes deployment of resources for Wazuh in a cluster. For starters we are going to need to clone our repo to follow along mind you I’m hosting this in AKS. For clusters involving EKS in the…
-
Paralus Secure Kubernetes Access in AKS
Introduction Paralus is a CNCF project in sandbox status that I’ve sat through a series of use cases in the Cloud Native Security Conference a good while back and felt like this deserved more attention for areas of focus that many organizations are struggling with providing remote access to clusters securely without running up costs…
-
Chaos Studio Experiments in AKS
Introduction Chaos Studio was presented as a service in Microsoft Azure that is to measure and understand your applications service resilience, I’ve wrote about using LitmusChaos previously in a blog but felt like I could create more on this topic as application resiliency is not only pivotal to organizations operations. Chaos Engineering is the practice…