Tag: Security Posture

  • Conftest in Terraform in Action

    Introduction In today’s rapidly evolving technological landscape, ensuring the security and compliance of infrastructure has become paramount. Open Policy Agent (OPA) is a CNCF-graduated open-source project that utilizes rego policies for enforcement. With its ability to expand to multiple resources and its relatively easy-to-pick-up syntax, OPA has gained significant popularity. In this blog post, we…

  • Kubernetes v1.28.0 Validating Admission Policies

    Kubernetes recently dubbed “Planternetes” with a large amount of enhancements, notably I’m covering some aspects of new releases in security features and Validating Admission Policies stood out to me. I’ve created a script using bash and kind with proper configuration for you to run this demo. I’m running on Ubuntu you can use macOS or…

  • Kubernetes Bill of Materials – Supply Chain Security

    Software Bill of Materials has grown in popularity and adoption from many open source software projects to provide transparency of software supply chain attestation of packages associated with the build of the software. While the aim of Software Bill of Materials aims to reduce or be the front protection in the movement behind software supply…

  • Application Gateway for Containers in Azure Kubernetes Service (AKS)

    Most of the production recommendations in regards to Azure Kubernetes Service was directed to use native Application Gateway Ingress Controller. I’ve heard mixed uses of this being cumbersome and tedious that others have opted for use of nginx-ingress controller. As of this week the (preview) for Application Gateway for Containers is able to be used…

  • Image Signing in Kubernetes on Oracle Kubernetes Engine

    Image Signing Intro Image signing is a native feature of Oracle Cloud Infrastructure and this is a feature that can ensure your cluster doesn’t deploy images that aren’t signed. For instance your developers design a container image and want to push upstream to your cluster, but prior to allowing this the image has to be…

  • Kubernetes with Calico – BYOCNI

    Microsoft Azure Kubernetes Service opens up a whole world of exploration with the option for the customer to bring in container network interfaces of your choice. Wait what’s a Container Network Interface? Okay, lets start at the top for Kubernetes to communicate with networking services a Container Network Interface is needed the Cloud Native Computing…

  • Deploying Policy-as-Code with Kyverno in Kubernetes

    Security in Kubernetes shifts the security enforcement with Admission Controllers the flow of these systems can be enhanced with utilization of tools such as Open Policy Agent which leverages rego to define parameters that must be met prior to authorization of operations requested against the Kubernetes api server. What is Kyverno? Kyverno is (greek for…

  • How to Evaluate a Cloud Native Application Platform: What to evaluate and consider

    In order to evaluate a cloud native application platform, it is important to understand what to look for and the different aspects of architecture. There are many benefits to using a cloud native application platform, including the ability to scale applications and manage resources more effectively. When choosing a platform, it is important to consider…

  • Azure Chaos Studio – Chaos Engineering in the Cloud

    If you’re looking to stress test your application on Azure, then Azure Chaos Studio is a tool you’ll want to check out. In this blog post, we’ll give an overview of what Azure Chaos Studio is and some of its key features. We’ll also discuss the benefits of stress testing your application with Azure Chaos…

  • Service Mesh in GCP with Linkerd

    Linkerd is a service mesh solution that provides a transparent layer of network communication between microservices in a Kubernetes cluster. Service meshes help to address many of the challenges faced in microservice architecture, such as service discovery, traffic management, load balancing, and security. While of course a service mesh may not be needed depending on…