In the cloud-native ecosystem, decisions and changes are made on a rapid basis. Applications get adapted and deployed multiple times a week or even day. Microservices get developed decentralized with different peoples and teams involved. In such an environment, it is crucial to ensure that applications are developed and operated safely. This can be done by shifting security left into the developer lifecycle but also by using DevSecOps to empower operations with enhanced monitoring and protection for the application runtime.

Image for post
Image for post

In this article, I would like to show you how GitLab can help you streamline your application security from a code and operations point of view by providing you with real-world examples. Before we deep dive into the example, let me first introduce you to the GitLab Secure and GitLab Defend product portfolio which are the foundation for this. GitLab Secure helps developers to enable accurate, automated, and continuous assessment of their applications by proactively identifying vulnerabilities and weaknesses and therefore minimizing security risk. GitLab Defend, on the other hand, supports operations by proactively protecting environments and cloud-native applications by providing context-aware technologies to reduce overall security risk. Both are backed by leading open-source projects that have been fully integrated into developer and operation processes and the GitLab user interface (UI). …


Before I introduce you to Azure Service Operator and how it helps you to manage your Azure resources with Kubernetes let me briefly start with why you should use it and where it can help. Let me give you two examples:

Think of a common cloud-native application. Some microservices running on Kubernetes, using Redis for caching and a database to persist state. In such a scenario a common practice is to store and manage the application and its dependencies together. Until now you might have packed your microservices into a Helm chart for easier deployment and also created some Terraform code to deploy and manage the Redis and database. But those are still not linked together and are also deployed via two different continuous delivery pipelines. You could now argue that for example, the Terraform Helm provider could fix this issue by combining your application and infrastructure. But do you like your developers to learn and use another tool — mainly used for infrastructure management? Wouldn’t it be better to just manage the application dependencies together with the application itself in a Helm chart? …


Before I talk about Policy and Governance for Kubernetes let’s briefly talk about policy and governance in general. In short, it means to provide a set of rules which define a guideline that either can be enforced or audited. So why do we need this? It is important because in a Cloud ecosystem decisions are made decentralized and also taken at a rapid pace. A governance model or policy becomes crucial to keep the entire organization on track. Those definitions can include but are not limited to, security baselines or consistency of resources and deployments.

Image for post
Image for post

So, why do we need Governance and Policy for Kubernetes? Kubernetes provides Role-based Access Control (RBAC) which allows Operators to define in a very granular manner which identity is allowed to create or manager which resource. But RBAC does not allow us to control the specification of those resources. As already mentioned this is a necessary requirement to be able to define the policy boundaries. Some examples…


This blog post is not a kind of post I would normally publish. I’m normally focusing on technical blog posts around Cloud, Kubernetes and containers.

But normal is not normal anymore. In this post, I would like to talk about my new conference life. A life where I attend conferences and meetups without leaving my apartment. 😉

Image for post
Image for post

My last four weeks

So what did I do in the last four weeks? Everything started with the Azure Virtual Community Days which was a great world-wide event streamed on Youtube with multiple tracks. I had the pleasure to talk about Containers and Kubernetes on Azure.

This Youtube stream was completely managed by the team. …


This post is an updated version of my previous post “Using Terraform with Azure” that I published some time ago. Now, nearly one year later, I have learned a lot and also optimized and extended the examples and code snippets here and there. As a result, we decided to publish all code in this public GitHub repository. This post should provide you with some further details on the project and any details around it. All below code snippets are related to this project.

Image for post
Image for post

The project

As mentioned above, we decided to publish everything needed to scaffold a new production-ready Terraform project on Azure. …


Image for post
Image for post
Feature image via Pixabay.

In my previous article “Part:1 How Containerized CI/CD Pipelines Work with Kubernetes and GitLab”, I wrote about Kubernetes’ popularity and importance in 2019. I also described the advantages of containerized pipelines with GitLab CI/CD and Kaniko offer. In this post, I would like to introduce more open source projects and GitLab features that help you deploy and run your cloud native application.

Enhance Application Deployments

Now let’s get back to application deployment and introduce you to the open source project Kustomize. Kustomize, which is part of the Kubernetes project and sponsored by sig-cli, lets you customize raw and template-free YAML files for multiple purposes, leaving the original YAML untouched and usable as is. …


Image for post
Image for post
Feature image via Pixabay.

It is hardly surprising Kubernetes’ popularity continued to grow in 2019 and this trend will likely continue in 2020.

However, while it offers so many advantages, Kubernetes adoption has also revealed new difficulties that have to be addressed — and fixed. One of them is how we automatically deploy and manage our applications. With the below examples, I will share useful tips and tricks on how to enhance your Kubernetes CI/CD pipelines with the help of GitLab and open source technologies.


There are already many articles out there that provide you with details on how to containerize your .NET Core application. Nevertheless, I still saw the need to write a bit more detailed post which helps you to build a production-ready container image based on container and .NET Core best practices. This article is a part of Applied Cloud Stories initiative.

For better understanding, I will explain everything in detail based on a small sample ASPNET Core web application. You will find more details on the application itself here. Of course, the shared best practices are not limited to .NET Core. …


Ephemeral Containers are a new kind of container that runs temporarily in an existing Pod to allow easy user integrations like troubleshooting a container workload.

Image for post
Image for post

Why do we need Ephemeral Containers?

The advantages of containers are that they run isolated processes by providing all needed dependencies using an immutable approach. By adding only the required dependencies into the image a container lowers attack vectors and provides faster startups and deployments. Building container images using the “distroless” approach (building them from scratch) is taking this to the next level by only containing the compiled application binary. Unlike ordinary container images, these are not based on any kind of Linux distribution and therefore do not contain any other binaries and tools which could be executed via kubectl exec for troubleshooting purposes. …


Azure Kubernetes Service is a fully managed Kubernetes Cluster provided by Azure. This means that you don’t have to care about anything related to the Kubernetes infrastructure and just care about your apps deployed on it. Unfortunately, that is not entirely true with regard to your worker nodes as mentioned in the documentation:

To protect your clusters, security updates are automatically applied to Linux nodes in AKS. These updates include OS security fixes or kernel updates. Some of these updates require a node reboot to complete the process. AKS doesn’t automatically reboot these Linux nodes to complete the update process.

As mentioned above, Azure will automatically install all required updates and security patches on its own, but you have to decide when to restart your nodes if necessary. Of course, this is something that needs to be automated to make sure all of your worker nodes are secure and up-to-date. The below guide does not support Windows nodes. …

About

Nico Meisenzahl

Senior Cloud & DevOps Consultant at white duck. MVP, Docker Community Leader, GitLab Hero, blogger & speaker. 👨‍💻🙋‍♂️ Loves Kubernetes, DevOps & Cloud.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store