Take sound security policy to the source

One of the things that I love most about Open Policy Agent (OPA) is that it was built to be interoperable with other systems. Anything that produces JSON — and nowadays most things do — can provide OPA with inputs for rendering policy judgments. Due to this interoperability, you can use OPA with container-based development tools like Docker, infrastructure provisioning tools like Terraform, container orchestration platforms like Kubernetes, and that’s just scratching the surface.

Image for post
Image for post

OPA and continuous integration

Because OPA can integrate with just about anything, virtually every single part of a modern software “stack” can be policy driven, including continuous integration. With OPA you can create policies that govern which artifacts are allowed to be built in the first place, providing a powerful lever for keeping potentially malicious jobs and services from ever running on your systems (make sure those are also governed by OPA policies!). …


The Functions-as-a-Service paradigm is steadily progressing but it won’t catch its stride until it learns from established paradigms

Image for post
Image for post
Photo by Alexander Popov on Unsplash

Let me say up front: I’m a big fan of the so-called Functions-as-a-Service (FaaS) paradigm in computing. I think that it bears a great deal of promise for developers and I’m eagerly tracking its development in OSS projects like OpenFaaS and cloud productions like Google Cloud Functions and AWS Lambda. Years after its inception, however, it still feels like we’re constantly on the cusp of reaping the FaaS harvest and never quite there.

I’m going to venture a guess as to why that is: the FaaS paradigm currently has a fundamental abstraction problem that’s limiting its development and preventing it from flourishing. FaaS remains caught in thinking about functions as atomic units. …


The OSS world remains tightly focused on plumbing. But we will likely see the emergence of an “app native” paradigm of OSS focused on user-facing functionality.

TL;DR: I anticipate a general shift in the OSS world from “plumbing” to specific application functionality. The “cloud native” paradigm is very quickly asserting itself; it will likely be followed by an app native paradigm that will see a broad-based shift in focus and energy.

It’s almost always foolhardy to predict the future, but I still think that it’s incumbent upon us to carefully examine current trends and do the best we can to extrapolate from them and discern a rough Zeitgeist, lest we fail to adequately recognize approaching dangers and opportunities (and to adjust our practices accordingly).

Image for post
Image for post
Photo by Alfons Morales on Unsplash

In this post I’ll venture some educated guesses about the general direction and thrust of open-source software (OSS). I anticipate a broad-based shift from the current state of affairs — a cloud native moment strongly focused on basic software “plumbing” but tending toward a baseline plumbing consensus — toward a new paradigm: an OSS universe in which the focus of our collaborative energy shifts to ever-more specific functionality. I call this future paradigm the app native paradigm in computing. …


We need to confront container documentation as the crucial, non-trivial problem that it is.

TL;DR — As far as I can tell, there’s currently no way of providing documentation for specific containers that we could fairly call canonical, “best practice,” or even all that widely used. This blog post suggests some currently available (but sadly not-great) workarounds but also points to what I think could be a fundamentally better path.

A few days ago I made an offhand tweet that made a much bigger impression than I had anticipated:

I tweeted this largely out of frustration because I’d grown a bit weary of the development process surrounding containers along one axis in particular: documentation. …


Adhere to just a few simple principles and your content may just have a fighting chance

I hate to say it, but there’s no magical template for writing technical blog posts, no silver bullet for garnering tons of clicks and retweets, getting to the top of Hacker News and staying there for hours, and engaging and endearing influencers and ordinary readers alike. There’s a lot of luck involved and even the most technically brilliant, carefully crafted posts can fall flat and go nowhere. C’est la vie.

Nonetheless, my experience strongly suggests that following a handful of basic principles can help you find a solid footing when creating new content and, from time to time, ending up with a traffic- and credibility-generating winner on your hands. …


gRPC-Web is a JavaScript client library that enables web applications to interact with backend gRPC services using Envoy instead of a custom HTTP server as an intermediary. Last week, the gRPC team announced the GA release of gRPC-Web on the CNCF blog after nearly two years of active development.

Personally, I’d been intrigued by gRPC-Web since I first read about it in a blog post on the Improbable engineering blog. …

About

Luc Perkins

Developer advocate with the Cloud Native Computing Foundation (CNCF)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store