I have been a tech blogger, and I have been writing posts on Cloud, Containers, and DevOps for a long time. When I started writing, I never thought that I would write an entire book on it one day. Today is when my childhood dream of writing and publishing a book has come true, and below is what I have written.
I would say it was one of the most fulfilling experiences in my entire life! It is not because it is different from what I was already blogging about, but because you have something to hold in your hand…
AppArmor is a standard Linux Security Module implementation that allows you to enforce fine-grained control over your Linux system, over and above the group and user-level permissions. So, it helps restrict your programs to only the limited set of resources, files, and other permissions it needs to work. In addition, it enables you to implement the Principle of Least Privilege within your container applications.
Most containers that are available in the market use base images that are standard Linux distributions. While using a distribution like Alpine as a base image can help reduce the attack surface to a large extent…
You might have wondered that when you get a 10% cashback on something, you get a 10% discount. That is how most businesses trick their customers into believing. Well, you’ll be surprised that, in reality, the effective discount due to cashback is lesser than what you thought. Let me explain how.
Assuming that you spend $100 every time you purchase something from the store, and you get a 10% cashback every time you shop as future credits, let’s look at how much money you actually save.
Value of Goods = $100
Amount Spent = $100
Cashback = $10
Effective Discount = 10%…
Kubernetes has been there for a while, and it has since been very popular with tech enthusiasts as well as serious businesses. While it seeks to improve the way we deploy and run applications, and it’s a quantum leap in itself, it is a relatively new technology taking steps to mature. A particular focus of Kubernetes has always been security, and there are multiple ways we can tackle it. One such method is by using Seccomp.
Seccomp stands for secure computing and is a standard Linux Kernel feature since version 2.6.12. …
Kubernetes is one of the well-known container orchestrators and has led to the development of an entire ecosystem around it. It has allowed organizations to manage their container applications with ease by providing several resources to manage container deployments, replicas, scaling, service discovery, and networking through a single API Interface.
Most organizations have multiple environments to develop and test these applications before deploying them into production. Configuration between these environments might differ, and there might be several aspects that you may want to tweak.
There are various ways to manage your Kubernetes resources for multiple environments, such as Helm and…
Argo CD is an extremely popular declarative, GitOps-based continuous delivery tool. It is an open source tool and part of the Cloud Native Computing Foundation (CNCF).
It is effortless to install and set up, and it offers various features and a jazzy UI to manage all your application requirements. In addition, the tool is Kubernetes-aware and helps you implement GitOps by continuously syncing your Kubernetes resource manifests from Git to your Kubernetes cluster.
It allows teams to achieve GitOps, which has the following principles:
We are at a historic juncture at the moment. Google has attempted to put a serverless solution behind a friendly Kubernetes API. It recently launched GKE Autopilot, which offers us a serverless option while running the popular managed Kubernetes solution.
So, instead of launching a GKE cluster with worker nodes within your Google Cloud environment, you can now offload all the management hassle to Google’s SREs and focus entirely on your application while using the friendly Kubernetes API.
That means you don’t have to work around anything within your applications and can use the serverless solution with ease. Plus, you…
With the advent of the cloud and container orchestrators, containers are becoming more commonplace. Docker is one of the most popular container runtimes that we use, and Docker images are everywhere. However, as it is a relatively new technology — and with the increased focus on shift-left — container security is a hot topic.
Most enterprises focus on runtime container security. However, sometimes the containers themselves have a vulnerability at build time that goes undetected to the untrained eye.
Containers use layers, and most containers are built from third-party base images that are available on Docker Hub. So, even if…
For most DevOps professionals, creating a VM usually consists of spinning it up on a cloud using Terraform and then using a config management tool (e.g. Ansible or Puppet) or a bootstrap script (e.g. cloud-init) to convert the raw Virtual Machine to a purposeful server.
We all have been doing it for a long time and it works for most cases, but it comes with some drawbacks.
I will give you an example from personal experience. We have a horizontally scalable web server running on GCP using managed instance groups (MIG). …
Like most of us have heard, Kubernetes is deprecating Docker as a runtime from v1.20 in favour of runtimes using the Container Runtime Interface (CRI), such as containerd and CRI-O.
It isn’t a reason to panic, though. First of all: it’s a deprecation — i.e., you’ll start getting a warning from v1.20, so you aren’t immediately impacted. You still have a full year to come up with a plan, as Docker will be unsupported at v1.22, which they’ll roll out in late 2021.
Even if you aren’t ready by that time, you can choose to not upgrade to v1.22 until…