Cloud providers can sometimes argue about who was the first provider offering Infrastructure As A Service (IAAS). No matter who was first we can all agree Amazon Web Service (AWS) made it mainstream. AWS were winning and the other providers had to catch up. They had become the first choice for customers looking to outsource their infrastructure. Today, 20 years later, the gap is smaller even though AWS still has the biggest share of the market....

By default, Kubernetes is not safe. Kubernetes, even though it is open source, is a product and it should be easy to get started to play around and experiment with. Imagine if you weren’t cluster-admin when you got started or the pods in the cluster couldn’t send HTTP requests to one another. The threshold of getting started would increase. On the other hand you would have a much more secure cluster....

As your Kubernetes cluster grows, maintaining and enforcing configuration policies becomes a daunting task for Platform Engineers or Kubernetes Administrator. Ensuring practices such as avoiding the use of latest tags for containers, requiring specific labels, and permitting only containers from authorized registries can be challenging. Traditional approaches, like incorporating tests in your CI/CD pipeline, are valuable, but we all know the rush of development sometimes leads to overlooking these policies. With that said do not remove the tests in your CI/CD pipeline, you want to detect misoconfigurations as early as possble....

I used to deploy Prometheus the traditional way, without the help of an operator. Finally, it is time to try out the operator as it has become the de-facto standard way of deploying Prometheus. To get a good understanding I decided to stay away from Helm this time. I think it helps to really understand the different parts when you deploy the raw yaml files. Helm is a great tool but it hides the implementation details, which is great, but not when you want to get a deeper understanding....

In a recent blog post from the Kubernetes blog , the author wrote about an exciting update that will change how we handle container security. Today, many platform engineers deploy an admission controller to verify the signature of a container. Now, with the release of CRI-O version 1.28 it is possible to do the signature verification directly in the container runtime. No more relying solely on admission controllers to prevent unsigned images from being deployed in your Kubernetes cluster....

Cosign is an awesome tool used to sign and verify containers. In this post we will guide you through creating a container, pushing it to the registry, signing it, and finally verifying the signature. Developed by Sigstore in collaboration with industry giants like Google, Github, and many more. It is specifically designed to elevate the security of your software supply chain while ensuring scalability and privacy. With attacks like Solar Winds it is more important than ever to have a secure software supply chain that don’t allow any tampering or forgery of the software inside your application....